Upgrade to Pro — share decks privately, control downloads, hide ads and more …

Consul Connect: the Service Mesh by HashiCorp

Yves Brissaud
June 04, 2019
Programming
0
150

Consul Connect: the Service Mesh by HashiCorp

Let's look at Consul Connect, the solution by HashiCorp to solve the communication mess in a microservices world, with security in mind.

Yves Brissaud

June 04, 2019
Tweet

More Decks by Yves Brissaud

See All by Yves Brissaud
AlpesCraft 2022 : et si les micro services n'avaient rien à voir avec la technique ?
eunomie
1
150
DevoxxFR 2022 : et si les micro services n'avaient rien à voir avec la technique ?
eunomie
1
320
DevoxxFR 2021: Cloud Native Application Bundle
eunomie
0
61
Cloud Native Application Bundle - DevoxxFR 2021
eunomie
0
150
CNAB: the missing link
eunomie
0
39
Cloud Native : sous les buzzwords, le nuage
eunomie
0
190
Hashistack : orchestrer des applications Cloud Native avec simplicité
eunomie
0
210
Métriques applicatives avec prometheus et grafana
eunomie
1
340
Contract Programming in Ruby
eunomie
0
310

Other Decks in Programming

See All in Programming
リアーキテクチャによってどうなりたいか/re-architecture
suzukihoge
2
300
KustoクエリのChatGPT Plugin!
tomokusaba
0
290
Migrating From Spring Boot 2 To Spring Boot 3 - What's Jakarta EE Got To Do with It?
ivargrimstad
0
150
A JVM Threading Model for the containerized times
lhespanha
0
730
RDRA, ICONIX, DDDの実践から得た学び
hsawaji
5
770
ドメインを中心にしたプロダクト開発/domain-driven-product
hirodragon112
1
200
わかる!Hashicorp Waypoint | HashiTalks: Japan2023
kazue
0
280
スキル差があるペア_モブプロで効果的な_ドライバーナビゲータ以外のロールの分け方.pdf
yatasunshine
1
150
2023/09/23 「AIキャラクターの言動に深みを持たせる」
sr2mg4
1
420
アプリケーションパフォーマンスの計測と改善の方法を勉強している話
devoc
10
2.5k
Jetpack Compose の Side-effect を使いこなす / DroidKaigi 2023
star_zero
1
680
iOSエンジニアに求められる役割について
teamlab
PRO
0
140

Featured

See All Featured
Creating an realtime collaboration tool: Agile Flush - .NET Oxford
marcduiker
10
1.2k
jQuery: Nuts, Bolts and Bling
dougneiner
57
6.8k
Dealing with People You Can't Stand - Big Design 2015
cassininazir
352
21k
Building Better People: How to give real-time feedback that sticks.
wjessup
349
18k
Understanding Cognitive Biases in Performance Measurement
bluesmoon
5
660
Learning to Love Humans: Emotional Interface Design
aarron
265
38k
Producing Creativity
orderedlist
PRO
336
38k
Ruby is Unlike a Banana
tanoku
93
9.9k
Fireside Chat
paigeccino
18
2.2k
Testing 201, or: Great Expectations
jmmastey
26
6k
Web development in the modern age
philhawksworth
200
9.8k
Statistics for Hackers
jakevdp
787
210k

Transcript

  1. Consul Connect
    Service Mesh by HashiCorp
    Yves Brissaud
     @_crev_
    1/39

    View Slide

  2. Yves Brissaud
     @_crev_
     eunomie
    Tech Lead
    Build Infrastructures and
    Deploy Cloud Native Applications
    Seamlessly | Automatically | Instantly
     @sqscale
     squarescale.com
    2/39

    View Slide

  3. Service Mesh?
    3/39

    View Slide

  4. (Where is my service?)
    How to handle instance changes?
    failures
    updates
    scale up&down
    ...
    How to secure my
    communications?
    Authentication
    Authorization
    How to monitore communications?
    4/39

    View Slide

  5. Without Service Mesh
    inside services
    internal load
    balancers
    rewalls
    5/39

    View Slide

  6. https://www.consul.io/
    6/39

    View Slide

  7. Service
    Con guration
    Service Discovery
    Service
    Segmentation
    7/39

    View Slide

  8. Easy to
    Use
    Single Binary
    Linux / Windows /
    Mac
    Containers... and more
    autopilot
    8/39

    View Slide

  9. Distributed KV
    Store
    Watches
    Distributed Locks
    Service
    Con guration
    9/39

    View Slide

  10. Location
    Status: Health
    Checks
    Discovery
    Service
    Discovery
    10/39

    View Slide

  11. API
    DNS (SRV
    records)
    Service
    Discovery
    11/39

    View Slide

  12. # dig srv web.service.consul
    ;; ANSWER SECTION:
    web.service.consul. 0 IN SRV 1 1 3000 2310.addr.dc1.consul.
    web.service.consul. 0 IN SRV 1 1 3000 2600.addr.dc1.consul.
    web.service.consul. 0 IN SRV 1 1 3000 2010.addr.dc1.consul.
    ;; ADDITIONAL SECTION:
    2310.addr.dc1.consul. 0 IN A 10.2.49.9
    ip-10-0-6-93.node.dc1.consul. 0 IN TXT "cluster=app"
    ip-10-0-6-93.node.dc1.consul. 0 IN TXT "group=worker"
    2600.addr.dc1.consul. 0 IN A 10.2.96.3
    ip-10-0-22-143.node.dc1.consul. 0 IN TXT "group=worker"
    ip-10-0-22-143.node.dc1.consul. 0 IN TXT "consul-network-seg
    12/39

    View Slide

  13. web.service.consul. 0 IN SRV 1 1 3000 2310.addr.dc1.consul.
    web.service.consul. 0 IN SRV 1 1 3000 2600.addr.dc1.consul.
    web.service.consul. 0 IN SRV 1 1 3000 2010.addr.dc1.consul.
    # dig srv web.service.consul
    ;; ANSWER SECTION:
    ;; ADDITIONAL SECTION:
    2310.addr.dc1.consul. 0 IN A 10.2.49.9
    ip-10-0-6-93.node.dc1.consul. 0 IN TXT "cluster=app"
    ip-10-0-6-93.node.dc1.consul. 0 IN TXT "group=worker"
    2600.addr.dc1.consul. 0 IN A 10.2.96.3
    ip-10-0-22-143.node.dc1.consul. 0 IN TXT "group=worker"
    ip-10-0-22-143.node.dc1.consul. 0 IN TXT "consul-network-seg
    12/39

    View Slide

  14. 2310.addr.dc1.consul. 0 IN A 10.2.49.9
    ip-10-0-6-93.node.dc1.consul. 0 IN TXT "cluster=app"
    ip-10-0-6-93.node.dc1.consul. 0 IN TXT "group=worker"
    ;; ANSWER SECTION:
    web.service.consul. 0 IN SRV 1 1 3000 2310.addr.dc1.consul.
    web.service.consul. 0 IN SRV 1 1 3000 2600.addr.dc1.consul.
    web.service.consul. 0 IN SRV 1 1 3000 2010.addr.dc1.consul.
    ;; ADDITIONAL SECTION:
    2600.addr.dc1.consul. 0 IN A 10.2.96.3
    ip-10-0-22-143.node.dc1.consul. 0 IN TXT "group=worker"
    ip-10-0-22-143.node.dc1.consul. 0 IN TXT "consul-network-seg
    2010.addr.dc1.consul. 0 IN A 10.2.1.2
    ip-10-0-33-233.node.dc1.consul. 0 IN TXT "group=worker"
    ip-10-0-33-233 node dc1 consul 0 IN TXT "cluster=app"
    12/39

    View Slide

  15. Trae k
    Fabio
    Envoy
    Load
    Balancers
    13/39

    View Slide

  16. Services already
    registered
    Health checks
    Consul
    as a
    Service
    Mesh
    14/39

    View Slide

  17. Consul Connect
    15/39

    View Slide

  18. 16/39

    View Slide

  19. Native Integration
    17/39

    View Slide

  20. Native Integration
    Or
    Proxy (incl. built-in)
    18/39

    View Slide

  21. 19/39

    View Slide

  22. No modi cation needed
    Service only need to talk to the proxy
    20/39

    View Slide

  23. Network Namespaces
    Nomad
    21/39

    View Slide

  24.  Work is currently underway to support shared network
    namespaces between tasks. This is the foundation to
    support deeper Consul Connect integration coming in
    0.10!
    - github.com/hashicorp/nomad/issues/4451
    22/39

    View Slide

  25. Security
    23/39

    View Slide

  26. AutoTLS
    Mutual TLS
    Built-in CA inside
    Consul
    Certi cate Rotation
    Vault
    24/39

    View Slide

  27. Intentions
    Secure Access Graph
    ACLs between
    services
    25/39

    View Slide

  28. 26/39

    View Slide

  29. Observability
    Monitoring of Proxies
    27/39

    View Slide

  30. StatsD
    DogStatsD
    Prometheus
    28/39

    View Slide

  31. L4 Observability
    downstream (incoming)
    upstream (outgoing)
    http, tcp metrics (throughput, connections,
    etc)
    request time
    ...
    29/39

    View Slide

  32. 30/39

    View Slide

  33. L7 Observability
    Consul 1.5+ (May 15,
    2019)
    Envoy as sidecar
    31/39

    View Slide

  34. Protocol: HTTP, gRPC
    Methods used
    HTTP Status Code by
    family
    2xx
    3xx
    4xx
    5xx
    32/39

    View Slide

  35. 33/39

    View Slide

  36. 34/39

    View Slide

  37. What's next?
    35/39

    View Slide

  38. HTTP Path-Based Routing
    36/39

    View Slide

  39. Tra c Shifting
    37/39

    View Slide

  40. consul.io
    learn.hashicorp.com/consul
    instruqt.com/hashicorp
    38/39

    View Slide

  41. Consul Connect
    Service Mesh by HashiCorp
    Yves Brissaud
     @_crev_
    39/39

    View Slide