Upgrade to Pro — share decks privately, control downloads, hide ads and more …

Consul Connect: the Service Mesh by HashiCorp

Yves Brissaud
June 04, 2019
Programming
0
140

Consul Connect: the Service Mesh by HashiCorp

Let's look at Consul Connect, the solution by HashiCorp to solve the communication mess in a microservices world, with security in mind.

Yves Brissaud

June 04, 2019
Tweet

More Decks by Yves Brissaud

See All by Yves Brissaud
AlpesCraft 2022 : et si les micro services n'avaient rien à voir avec la technique ?
eunomie
1
130
DevoxxFR 2022 : et si les micro services n'avaient rien à voir avec la technique ?
eunomie
1
290
DevoxxFR 2021: Cloud Native Application Bundle
eunomie
0
56
Cloud Native Application Bundle - DevoxxFR 2021
eunomie
0
130
CNAB: the missing link
eunomie
0
33
Cloud Native : sous les buzzwords, le nuage
eunomie
0
180
Hashistack : orchestrer des applications Cloud Native avec simplicité
eunomie
0
200
Métriques applicatives avec prometheus et grafana
eunomie
1
310
Contract Programming in Ruby
eunomie
0
300

Other Decks in Programming

See All in Programming
Spring と AWS サービスを活用して実現する安全なデプロイメント / How to launch safely using Spring and AWS services
kanamasa
4
220
ChatGPT APIでセキュリティニュースを要約するシステムを作ってみた
sh1n0g1
2
1.7k
Laravelへの異常な愛情 または私は如何にして心配するのを止めてEloquentを愛するようになったか
kentaroutakeda
8
3.7k
Angular Deep Dive: Components & Directives
manfredsteyer
PRO
0
150
例外を投げるな、値を返せ
okuzawats
5
1.7k
The Art of Unit Testing
dicoding
0
640
eslint-flat-config
t_keshi
1
260
失敗から学ぶオーナーシップ欠乏症への処方箋 #phperkaigi #d
77web
0
220
積もってく会議メモをどうにかしたかった
kazutan
0
110
トランクベース開発の実現に向けた開発プロセスとCIパイプラインの継続的改善
aanrii
5
1k
NOT A HOTEL
AIコンシェルジュ「Kevin」の開発秘話
codehex
3
30k
AT Protocol (BlueSky Social)仕様解説 ~ W3C DID仕様を添えて ~
gpsnmeajp
0
150

Featured

See All Featured
No one is an island. Learnings from fostering a developers community.
thoeni
13
1.6k
BBQ
matthewcrist
75
8.2k
VelocityConf: Rendering Performance Case Studies
addyosmani
317
22k
I Don’t Have Time: Getting Over the Fear to Launch Your Podcast
jcasabona
15
1.2k
Art, The Web, and Tiny UX
lynnandtonic
284
18k
Helping Users Find Their Own Way: Creating Modern Search Experiences
danielanewman
12
1.4k
Producing Creativity
orderedlist
PRO
335
38k
Streamline your AJAX requests with AmplifyJS and jQuery
dougneiner
128
8.8k
Refactoring Trust on Your Teams (GOTO; Chicago 2020)
rmw
23
1.8k
Typedesign – Prime Four
hannesfritz
34
1.6k
Music & Morning Musume
bryan
37
4.7k
YesSQL, Process and Tooling at Scale
rocio
159
13k

Transcript

  1. Consul Connect
    Service Mesh by HashiCorp
    Yves Brissaud
     @_crev_
    1/39

    View Slide

  2. Yves Brissaud
     @_crev_
     eunomie
    Tech Lead
    Build Infrastructures and
    Deploy Cloud Native Applications
    Seamlessly | Automatically | Instantly
     @sqscale
     squarescale.com
    2/39

    View Slide

  3. Service Mesh?
    3/39

    View Slide

  4. (Where is my service?)
    How to handle instance changes?
    failures
    updates
    scale up&down
    ...
    How to secure my
    communications?
    Authentication
    Authorization
    How to monitore communications?
    4/39

    View Slide

  5. Without Service Mesh
    inside services
    internal load
    balancers
    rewalls
    5/39

    View Slide

  6. https://www.consul.io/
    6/39

    View Slide

  7. Service
    Con guration
    Service Discovery
    Service
    Segmentation
    7/39

    View Slide

  8. Easy to
    Use
    Single Binary
    Linux / Windows /
    Mac
    Containers... and more
    autopilot
    8/39

    View Slide

  9. Distributed KV
    Store
    Watches
    Distributed Locks
    Service
    Con guration
    9/39

    View Slide

  10. Location
    Status: Health
    Checks
    Discovery
    Service
    Discovery
    10/39

    View Slide

  11. API
    DNS (SRV
    records)
    Service
    Discovery
    11/39

    View Slide

  12. # dig srv web.service.consul
    ;; ANSWER SECTION:
    web.service.consul. 0 IN SRV 1 1 3000 2310.addr.dc1.consul.
    web.service.consul. 0 IN SRV 1 1 3000 2600.addr.dc1.consul.
    web.service.consul. 0 IN SRV 1 1 3000 2010.addr.dc1.consul.
    ;; ADDITIONAL SECTION:
    2310.addr.dc1.consul. 0 IN A 10.2.49.9
    ip-10-0-6-93.node.dc1.consul. 0 IN TXT "cluster=app"
    ip-10-0-6-93.node.dc1.consul. 0 IN TXT "group=worker"
    2600.addr.dc1.consul. 0 IN A 10.2.96.3
    ip-10-0-22-143.node.dc1.consul. 0 IN TXT "group=worker"
    ip-10-0-22-143.node.dc1.consul. 0 IN TXT "consul-network-seg
    12/39

    View Slide

  13. web.service.consul. 0 IN SRV 1 1 3000 2310.addr.dc1.consul.
    web.service.consul. 0 IN SRV 1 1 3000 2600.addr.dc1.consul.
    web.service.consul. 0 IN SRV 1 1 3000 2010.addr.dc1.consul.
    # dig srv web.service.consul
    ;; ANSWER SECTION:
    ;; ADDITIONAL SECTION:
    2310.addr.dc1.consul. 0 IN A 10.2.49.9
    ip-10-0-6-93.node.dc1.consul. 0 IN TXT "cluster=app"
    ip-10-0-6-93.node.dc1.consul. 0 IN TXT "group=worker"
    2600.addr.dc1.consul. 0 IN A 10.2.96.3
    ip-10-0-22-143.node.dc1.consul. 0 IN TXT "group=worker"
    ip-10-0-22-143.node.dc1.consul. 0 IN TXT "consul-network-seg
    12/39

    View Slide

  14. 2310.addr.dc1.consul. 0 IN A 10.2.49.9
    ip-10-0-6-93.node.dc1.consul. 0 IN TXT "cluster=app"
    ip-10-0-6-93.node.dc1.consul. 0 IN TXT "group=worker"
    ;; ANSWER SECTION:
    web.service.consul. 0 IN SRV 1 1 3000 2310.addr.dc1.consul.
    web.service.consul. 0 IN SRV 1 1 3000 2600.addr.dc1.consul.
    web.service.consul. 0 IN SRV 1 1 3000 2010.addr.dc1.consul.
    ;; ADDITIONAL SECTION:
    2600.addr.dc1.consul. 0 IN A 10.2.96.3
    ip-10-0-22-143.node.dc1.consul. 0 IN TXT "group=worker"
    ip-10-0-22-143.node.dc1.consul. 0 IN TXT "consul-network-seg
    2010.addr.dc1.consul. 0 IN A 10.2.1.2
    ip-10-0-33-233.node.dc1.consul. 0 IN TXT "group=worker"
    ip-10-0-33-233 node dc1 consul 0 IN TXT "cluster=app"
    12/39

    View Slide

  15. Trae k
    Fabio
    Envoy
    Load
    Balancers
    13/39

    View Slide

  16. Services already
    registered
    Health checks
    Consul
    as a
    Service
    Mesh
    14/39

    View Slide

  17. Consul Connect
    15/39

    View Slide

  18. 16/39

    View Slide

  19. Native Integration
    17/39

    View Slide

  20. Native Integration
    Or
    Proxy (incl. built-in)
    18/39

    View Slide

  21. 19/39

    View Slide

  22. No modi cation needed
    Service only need to talk to the proxy
    20/39

    View Slide

  23. Network Namespaces
    Nomad
    21/39

    View Slide

  24.  Work is currently underway to support shared network
    namespaces between tasks. This is the foundation to
    support deeper Consul Connect integration coming in
    0.10!
    - github.com/hashicorp/nomad/issues/4451
    22/39

    View Slide

  25. Security
    23/39

    View Slide

  26. AutoTLS
    Mutual TLS
    Built-in CA inside
    Consul
    Certi cate Rotation
    Vault
    24/39

    View Slide

  27. Intentions
    Secure Access Graph
    ACLs between
    services
    25/39

    View Slide

  28. 26/39

    View Slide

  29. Observability
    Monitoring of Proxies
    27/39

    View Slide

  30. StatsD
    DogStatsD
    Prometheus
    28/39

    View Slide

  31. L4 Observability
    downstream (incoming)
    upstream (outgoing)
    http, tcp metrics (throughput, connections,
    etc)
    request time
    ...
    29/39

    View Slide

  32. 30/39

    View Slide

  33. L7 Observability
    Consul 1.5+ (May 15,
    2019)
    Envoy as sidecar
    31/39

    View Slide

  34. Protocol: HTTP, gRPC
    Methods used
    HTTP Status Code by
    family
    2xx
    3xx
    4xx
    5xx
    32/39

    View Slide

  35. 33/39

    View Slide

  36. 34/39

    View Slide

  37. What's next?
    35/39

    View Slide

  38. HTTP Path-Based Routing
    36/39

    View Slide

  39. Tra c Shifting
    37/39

    View Slide

  40. consul.io
    learn.hashicorp.com/consul
    instruqt.com/hashicorp
    38/39

    View Slide

  41. Consul Connect
    Service Mesh by HashiCorp
    Yves Brissaud
     @_crev_
    39/39

    View Slide