Upgrade to Pro — share decks privately, control downloads, hide ads and more …

Consul Connect: the Service Mesh by HashiCorp

Yves Brissaud
June 04, 2019
Programming
0
190

Consul Connect: the Service Mesh by HashiCorp

Let's look at Consul Connect, the solution by HashiCorp to solve the communication mess in a microservices world, with security in mind.

Yves Brissaud

June 04, 2019
Tweet

More Decks by Yves Brissaud

See All by Yves Brissaud
Pour une autre idée de la CI, sur la machine du développeur, avec Dagger
eunomie
0
28
container_images.pdf
eunomie
0
59
(DockerCon 23) Container Images: Interactive Deep Dive
eunomie
0
510
(DockerCon 23) What's in my container? Docker scout CLI and CI to the rescue
eunomie
0
190
AlpesCraft 2022 : et si les micro services n'avaient rien à voir avec la technique ?
eunomie
1
220
DevoxxFR 2022 : et si les micro services n'avaient rien à voir avec la technique ?
eunomie
1
500
DevoxxFR 2021: Cloud Native Application Bundle
eunomie
0
96
Cloud Native Application Bundle - DevoxxFR 2021
eunomie
0
310
CNAB: the missing link
eunomie
0
85

Other Decks in Programming

See All in Programming
Boost Your Performance and Developer Productivity with Jakarta EE 11
ivargrimstad
0
250
Java 24まとめ / Java 24 summary
kishida
3
500
Empowering Developers with HTML-Aware ERB Tooling @ RubyKaigi 2025, Matsuyama, Ehime
marcoroth
2
790
Jakarta EE Meets AI
ivargrimstad
0
260
PHPバージョンアップから始めるOSSコントリビュート / how2oss-contribute
dmnlk
1
1.1k
監視 やばい
syossan27
11
10k
Making TCPSocket.new "Happy"!
coe401_
1
1.9k
設計の本質:コード、システム、そして組織へ / The Essence of Design: To Code, Systems, and Organizations
nrslib
5
1.3k
Amazon CloudWatchの地味だけど強力な機能紹介!
itotsum
0
180
ウォンテッドリーの「ココロオドル」モバイル開発 / Wantedly's "kokoro odoru" mobile development
kubode
1
180
Strategic Design (DDD) for the Frontend @DDD Meetup Stuttgart
manfredsteyer
PRO
0
170
VitestのIn-Source Testingが便利
taro28
8
2.2k

Featured

See All Featured
Adopting Sorbet at Scale
ufuk
76
9.3k
Understanding Cognitive Biases in Performance Measurement
bluesmoon
29
1.6k
What’s in a name? Adding method to the madness
productmarketing
PRO
22
3.4k
Chrome DevTools: State of the Union 2024 - Debugging React & Beyond
addyosmani
5
570
Making the Leap to Tech Lead
cromwellryan
133
9.2k
The Art of Programming - Codeland 2020
erikaheidi
53
13k
Evolution of real-time – Irina Nazarova, EuRuKo, 2024
irinanazarova
8
670
Fantastic passwords and where to find them - at NoRuKo
philnash
51
3.2k
Fashionably flexible responsive web design (full day workshop)
malarkey
407
66k
ピンチをチャンスに:未来をつくるプロダクトロードマップ #pmconf2020
aki_iinuma
119
51k
The World Runs on Bad Software
bkeepers
PRO
67
11k
Improving Core Web Vitals using Speculation Rules API
sergeychernyshev
13
790

Transcript

  1. Consul Connect Service Mesh by HashiCorp Yves Brissaud  @_crev_

    1/39

  2. Yves Brissaud  @_crev_  eunomie Tech Lead Build Infrastructures

    and Deploy Cloud Native Applications Seamlessly | Automatically | Instantly  @sqscale  squarescale.com 2/39

  3. Service Mesh? 3/39

  4. (Where is my service?) How to handle instance changes? failures

    updates scale up&down ... How to secure my communications? Authentication Authorization How to monitore communications? 4/39

  5. Without Service Mesh inside services internal load balancers rewalls 5/39

  6. https://www.consul.io/ 6/39

  7. Service Con guration Service Discovery Service Segmentation 7/39

  8. Easy to Use Single Binary Linux / Windows / Mac

    Containers... and more autopilot 8/39

  9. Distributed KV Store Watches Distributed Locks Service Con guration 9/39

  10. Location Status: Health Checks Discovery Service Discovery 10/39

  11. API DNS (SRV records) Service Discovery 11/39

  12. # dig srv web.service.consul ;; ANSWER SECTION: web.service.consul. 0 IN

    SRV 1 1 3000 2310.addr.dc1.consul. web.service.consul. 0 IN SRV 1 1 3000 2600.addr.dc1.consul. web.service.consul. 0 IN SRV 1 1 3000 2010.addr.dc1.consul. ;; ADDITIONAL SECTION: 2310.addr.dc1.consul. 0 IN A 10.2.49.9 ip-10-0-6-93.node.dc1.consul. 0 IN TXT "cluster=app" ip-10-0-6-93.node.dc1.consul. 0 IN TXT "group=worker" 2600.addr.dc1.consul. 0 IN A 10.2.96.3 ip-10-0-22-143.node.dc1.consul. 0 IN TXT "group=worker" ip-10-0-22-143.node.dc1.consul. 0 IN TXT "consul-network-seg 12/39

  13. web.service.consul. 0 IN SRV 1 1 3000 2310.addr.dc1.consul. web.service.consul. 0

    IN SRV 1 1 3000 2600.addr.dc1.consul. web.service.consul. 0 IN SRV 1 1 3000 2010.addr.dc1.consul. # dig srv web.service.consul ;; ANSWER SECTION: ;; ADDITIONAL SECTION: 2310.addr.dc1.consul. 0 IN A 10.2.49.9 ip-10-0-6-93.node.dc1.consul. 0 IN TXT "cluster=app" ip-10-0-6-93.node.dc1.consul. 0 IN TXT "group=worker" 2600.addr.dc1.consul. 0 IN A 10.2.96.3 ip-10-0-22-143.node.dc1.consul. 0 IN TXT "group=worker" ip-10-0-22-143.node.dc1.consul. 0 IN TXT "consul-network-seg 12/39

  14. 2310.addr.dc1.consul. 0 IN A 10.2.49.9 ip-10-0-6-93.node.dc1.consul. 0 IN TXT "cluster=app"

    ip-10-0-6-93.node.dc1.consul. 0 IN TXT "group=worker" ;; ANSWER SECTION: web.service.consul. 0 IN SRV 1 1 3000 2310.addr.dc1.consul. web.service.consul. 0 IN SRV 1 1 3000 2600.addr.dc1.consul. web.service.consul. 0 IN SRV 1 1 3000 2010.addr.dc1.consul. ;; ADDITIONAL SECTION: 2600.addr.dc1.consul. 0 IN A 10.2.96.3 ip-10-0-22-143.node.dc1.consul. 0 IN TXT "group=worker" ip-10-0-22-143.node.dc1.consul. 0 IN TXT "consul-network-seg 2010.addr.dc1.consul. 0 IN A 10.2.1.2 ip-10-0-33-233.node.dc1.consul. 0 IN TXT "group=worker" ip-10-0-33-233 node dc1 consul 0 IN TXT "cluster=app" 12/39

  15. Trae k Fabio Envoy Load Balancers 13/39

  16. Services already registered Health checks Consul as a Service Mesh

    14/39

  17. Consul Connect 15/39

  18. 16/39

  19. Native Integration 17/39

  20. Native Integration Or Proxy (incl. built-in) 18/39

  21. 19/39

  22. No modi cation needed Service only need to talk to

    the proxy 20/39

  23. Network Namespaces Nomad 21/39

  24.  Work is currently underway to support shared network namespaces

    between tasks. This is the foundation to support deeper Consul Connect integration coming in 0.10! - github.com/hashicorp/nomad/issues/4451 22/39

  25. Security 23/39

  26. AutoTLS Mutual TLS Built-in CA inside Consul Certi cate Rotation

    Vault 24/39

  27. Intentions Secure Access Graph ACLs between services 25/39

  28. 26/39

  29. Observability Monitoring of Proxies 27/39

  30. StatsD DogStatsD Prometheus 28/39

  31. L4 Observability downstream (incoming) upstream (outgoing) http, tcp metrics (throughput,

    connections, etc) request time ... 29/39

  32. 30/39

  33. L7 Observability Consul 1.5+ (May 15, 2019) Envoy as sidecar

    31/39

  34. Protocol: HTTP, gRPC Methods used HTTP Status Code by family

    2xx 3xx 4xx 5xx 32/39

  35. 33/39

  36. 34/39

  37. What's next? 35/39

  38. HTTP Path-Based Routing 36/39

  39. Tra c Shifting 37/39

  40. consul.io learn.hashicorp.com/consul instruqt.com/hashicorp 38/39

  41. Consul Connect Service Mesh by HashiCorp Yves Brissaud  @_crev_

    39/39