Upgrade to Pro — share decks privately, control downloads, hide ads and more …

Consul Connect: the Service Mesh by HashiCorp

Yves Brissaud
June 04, 2019
Programming
0
170

Consul Connect: the Service Mesh by HashiCorp

Let's look at Consul Connect, the solution by HashiCorp to solve the communication mess in a microservices world, with security in mind.

Yves Brissaud

June 04, 2019
Tweet

More Decks by Yves Brissaud

See All by Yves Brissaud
(DockerCon 23) Container Images: Interactive Deep Dive
eunomie
0
430
(DockerCon 23) What's in my container? Docker scout CLI and CI to the rescue
eunomie
0
150
AlpesCraft 2022 : et si les micro services n'avaient rien à voir avec la technique ?
eunomie
1
210
DevoxxFR 2022 : et si les micro services n'avaient rien à voir avec la technique ?
eunomie
1
470
DevoxxFR 2021: Cloud Native Application Bundle
eunomie
0
80
Cloud Native Application Bundle - DevoxxFR 2021
eunomie
0
280
CNAB: the missing link
eunomie
0
75
Cloud Native : sous les buzzwords, le nuage
eunomie
0
280
Hashistack : orchestrer des applications Cloud Native avec simplicité
eunomie
0
250

Other Decks in Programming

See All in Programming
Pinia Colada が実現するスマートな非同期処理
naokihaba
4
230
聞き手から登壇者へ: RubyKaigi2024 LTでの初挑戦が 教えてくれた、可能性の星
mikik0
1
130
Less waste, more joy, and a lot more green: How Quarkus makes Java better
hollycummins
0
100
Arm移行タイムアタック
qnighy
0
340
ヤプリ新卒SREの オンボーディング
masaki12
0
130
subpath importsで始めるモック生活
10tera
0
320
ふかぼれ!CSSセレクターモジュール / Fukabore! CSS Selectors Module
petamoriken
0
150
3 Effective Rules for Using Signals in Angular
manfredsteyer
PRO
0
100
AWS Lambdaから始まった
Serverlessの「熱」とキャリアパス / It started with AWS Lambda Serverless “fever” and career path
seike460
PRO
1
260
Better Code Design in PHP
afilina
PRO
0
130
ActiveSupport::Notifications supporting instrumentation of Rails apps with OpenTelemetry
ymtdzzz
1
250
とにかくAWS GameDay!AWSは世界の共通言語! / Anyway, AWS GameDay! AWS is the world's lingua franca!
seike460
PRO
1
900

Featured

See All Featured
Building Flexible Design Systems
yeseniaperezcruz
327
38k
Principles of Awesome APIs and How to Build Them.
keavy
126
17k
Optimizing for Happiness
mojombo
376
70k
Responsive Adventures: Dirty Tricks From The Dark Corners of Front-End
smashingmag
250
21k
Cheating the UX When There Is Nothing More to Optimize - PixelPioneers
stephaniewalter
280
13k
10 Git Anti Patterns You Should be Aware of
lemiorhan
655
59k
How STYLIGHT went responsive
nonsquared
95
5.2k
Sharpening the Axe: The Primacy of Toolmaking
bcantrill
38
1.8k
What's new in Ruby 2.0
geeforr
343
31k
No one is an island. Learnings from fostering a developers community.
thoeni
19
3k
How to train your dragon (web standard)
notwaldorf
88
5.7k
XXLCSS - How to scale CSS and keep your sanity
sugarenia
246
1.3M

Transcript

  1. Consul Connect Service Mesh by HashiCorp Yves Brissaud  @_crev_

    1/39

  2. Yves Brissaud  @_crev_  eunomie Tech Lead Build Infrastructures

    and Deploy Cloud Native Applications Seamlessly | Automatically | Instantly  @sqscale  squarescale.com 2/39

  3. Service Mesh? 3/39

  4. (Where is my service?) How to handle instance changes? failures

    updates scale up&down ... How to secure my communications? Authentication Authorization How to monitore communications? 4/39

  5. Without Service Mesh inside services internal load balancers rewalls 5/39

  6. https://www.consul.io/ 6/39

  7. Service Con guration Service Discovery Service Segmentation 7/39

  8. Easy to Use Single Binary Linux / Windows / Mac

    Containers... and more autopilot 8/39

  9. Distributed KV Store Watches Distributed Locks Service Con guration 9/39

  10. Location Status: Health Checks Discovery Service Discovery 10/39

  11. API DNS (SRV records) Service Discovery 11/39

  12. # dig srv web.service.consul ;; ANSWER SECTION: web.service.consul. 0 IN

    SRV 1 1 3000 2310.addr.dc1.consul. web.service.consul. 0 IN SRV 1 1 3000 2600.addr.dc1.consul. web.service.consul. 0 IN SRV 1 1 3000 2010.addr.dc1.consul. ;; ADDITIONAL SECTION: 2310.addr.dc1.consul. 0 IN A 10.2.49.9 ip-10-0-6-93.node.dc1.consul. 0 IN TXT "cluster=app" ip-10-0-6-93.node.dc1.consul. 0 IN TXT "group=worker" 2600.addr.dc1.consul. 0 IN A 10.2.96.3 ip-10-0-22-143.node.dc1.consul. 0 IN TXT "group=worker" ip-10-0-22-143.node.dc1.consul. 0 IN TXT "consul-network-seg 12/39

  13. web.service.consul. 0 IN SRV 1 1 3000 2310.addr.dc1.consul. web.service.consul. 0

    IN SRV 1 1 3000 2600.addr.dc1.consul. web.service.consul. 0 IN SRV 1 1 3000 2010.addr.dc1.consul. # dig srv web.service.consul ;; ANSWER SECTION: ;; ADDITIONAL SECTION: 2310.addr.dc1.consul. 0 IN A 10.2.49.9 ip-10-0-6-93.node.dc1.consul. 0 IN TXT "cluster=app" ip-10-0-6-93.node.dc1.consul. 0 IN TXT "group=worker" 2600.addr.dc1.consul. 0 IN A 10.2.96.3 ip-10-0-22-143.node.dc1.consul. 0 IN TXT "group=worker" ip-10-0-22-143.node.dc1.consul. 0 IN TXT "consul-network-seg 12/39

  14. 2310.addr.dc1.consul. 0 IN A 10.2.49.9 ip-10-0-6-93.node.dc1.consul. 0 IN TXT "cluster=app"

    ip-10-0-6-93.node.dc1.consul. 0 IN TXT "group=worker" ;; ANSWER SECTION: web.service.consul. 0 IN SRV 1 1 3000 2310.addr.dc1.consul. web.service.consul. 0 IN SRV 1 1 3000 2600.addr.dc1.consul. web.service.consul. 0 IN SRV 1 1 3000 2010.addr.dc1.consul. ;; ADDITIONAL SECTION: 2600.addr.dc1.consul. 0 IN A 10.2.96.3 ip-10-0-22-143.node.dc1.consul. 0 IN TXT "group=worker" ip-10-0-22-143.node.dc1.consul. 0 IN TXT "consul-network-seg 2010.addr.dc1.consul. 0 IN A 10.2.1.2 ip-10-0-33-233.node.dc1.consul. 0 IN TXT "group=worker" ip-10-0-33-233 node dc1 consul 0 IN TXT "cluster=app" 12/39

  15. Trae k Fabio Envoy Load Balancers 13/39

  16. Services already registered Health checks Consul as a Service Mesh

    14/39

  17. Consul Connect 15/39

  18. 16/39

  19. Native Integration 17/39

  20. Native Integration Or Proxy (incl. built-in) 18/39

  21. 19/39

  22. No modi cation needed Service only need to talk to

    the proxy 20/39

  23. Network Namespaces Nomad 21/39

  24.  Work is currently underway to support shared network namespaces

    between tasks. This is the foundation to support deeper Consul Connect integration coming in 0.10! - github.com/hashicorp/nomad/issues/4451 22/39

  25. Security 23/39

  26. AutoTLS Mutual TLS Built-in CA inside Consul Certi cate Rotation

    Vault 24/39

  27. Intentions Secure Access Graph ACLs between services 25/39

  28. 26/39

  29. Observability Monitoring of Proxies 27/39

  30. StatsD DogStatsD Prometheus 28/39

  31. L4 Observability downstream (incoming) upstream (outgoing) http, tcp metrics (throughput,

    connections, etc) request time ... 29/39

  32. 30/39

  33. L7 Observability Consul 1.5+ (May 15, 2019) Envoy as sidecar

    31/39

  34. Protocol: HTTP, gRPC Methods used HTTP Status Code by family

    2xx 3xx 4xx 5xx 32/39

  35. 33/39

  36. 34/39

  37. What's next? 35/39

  38. HTTP Path-Based Routing 36/39

  39. Tra c Shifting 37/39

  40. consul.io learn.hashicorp.com/consul instruqt.com/hashicorp 38/39

  41. Consul Connect Service Mesh by HashiCorp Yves Brissaud  @_crev_

    39/39