Upgrade to Pro — share decks privately, control downloads, hide ads and more …

Consul Connect: the Service Mesh by HashiCorp

Yves Brissaud
June 04, 2019
Programming
0
160

Consul Connect: the Service Mesh by HashiCorp

Let's look at Consul Connect, the solution by HashiCorp to solve the communication mess in a microservices world, with security in mind.

Yves Brissaud

June 04, 2019
Tweet

More Decks by Yves Brissaud

See All by Yves Brissaud
(DockerCon 23) Container Images: Interactive Deep Dive
eunomie
0
320
(DockerCon 23) What's in my container? Docker scout CLI and CI to the rescue
eunomie
0
92
AlpesCraft 2022 : et si les micro services n'avaient rien à voir avec la technique ?
eunomie
1
180
DevoxxFR 2022 : et si les micro services n'avaient rien à voir avec la technique ?
eunomie
1
400
DevoxxFR 2021: Cloud Native Application Bundle
eunomie
0
71
Cloud Native Application Bundle - DevoxxFR 2021
eunomie
0
210
CNAB: the missing link
eunomie
0
58
Cloud Native : sous les buzzwords, le nuage
eunomie
0
230
Hashistack : orchestrer des applications Cloud Native avec simplicité
eunomie
0
230

Other Decks in Programming

See All in Programming
OpenAPIを中心に考えるAPI開発入門 / Introduction to API Development with a Focus on OpenAPI
seike460
PRO
2
160
StoreKit2によるiOSのアプリ内課金のリニューアル
kangnux
0
110
MetricKitで予期せぬ終了を検知する話 / Detect unexpected termination with MetricKit
nekowen
0
180
Ruby GitHub Packages
bkuhlmann
0
630
Rails と人魚の話/rails-and-mermaid
sanfrecce_osaka
0
100
Front-end application development, Symfony-style(s)
dunglas
2
1.9k
TYPO3 v13 – The road to LTS: What's new and new APIs
luisasofie_xoxo
0
190
SwiftUI Performance 不要なViewの再描画と更新を抑える
bigamitiongit
1
160
MicrosoftのPlatform Engineeringガイドを読んで実際になにかやってみた
ymd65536
1
210
GraphQLサーバの構成要素を整理する #ハッカー鮨 #tsukijigraphql / graphql server technology selection
izumin5210
4
800
DMMプラットフォームがTiDB Cloudを採用した背景
pospome
8
3.9k
Micro Frontends for Java Microservices - Devnexus 2024
mraible
PRO
0
470

Featured

See All Featured
Building an army of robots
kneath
300
41k
実際に使うSQLの書き方 徹底解説 / pgcon21j-tutorial
soudai
119
39k
How to Create Impact in a Changing Tech Landscape [PerfNow 2023]
tammyeverts
13
1.5k
Visualizing Your Data: Incorporating Mongo into Loggly Infrastructure
mongodb
34
8.9k
Easily Structure & Communicate Ideas using Wireframe
afnizarnur
186
16k
Raft: Consensus for Rubyists
vanstee
132
6.3k
Rebuilding a faster, lazier Slack
samanthasiow
72
8.2k
Templates, Plugins, & Blocks: Oh My! Creating the theme that thinks of everything
marktimemedia
18
1.7k
Refactoring Trust on Your Teams (GOTO; Chicago 2020)
rmw
24
2.3k
I Don’t Have Time: Getting Over the Fear to Launch Your Podcast
jcasabona
20
1.6k
The Pragmatic Product Professional
lauravandoore
24
5.8k
How GitHub Uses GitHub to Build GitHub
holman
468
290k

Transcript

  1. Consul Connect Service Mesh by HashiCorp Yves Brissaud  @_crev_

    1/39

  2. Yves Brissaud  @_crev_  eunomie Tech Lead Build Infrastructures

    and Deploy Cloud Native Applications Seamlessly | Automatically | Instantly  @sqscale  squarescale.com 2/39

  3. Service Mesh? 3/39

  4. (Where is my service?) How to handle instance changes? failures

    updates scale up&down ... How to secure my communications? Authentication Authorization How to monitore communications? 4/39

  5. Without Service Mesh inside services internal load balancers rewalls 5/39

  6. https://www.consul.io/ 6/39

  7. Service Con guration Service Discovery Service Segmentation 7/39

  8. Easy to Use Single Binary Linux / Windows / Mac

    Containers... and more autopilot 8/39

  9. Distributed KV Store Watches Distributed Locks Service Con guration 9/39

  10. Location Status: Health Checks Discovery Service Discovery 10/39

  11. API DNS (SRV records) Service Discovery 11/39

  12. # dig srv web.service.consul ;; ANSWER SECTION: web.service.consul. 0 IN

    SRV 1 1 3000 2310.addr.dc1.consul. web.service.consul. 0 IN SRV 1 1 3000 2600.addr.dc1.consul. web.service.consul. 0 IN SRV 1 1 3000 2010.addr.dc1.consul. ;; ADDITIONAL SECTION: 2310.addr.dc1.consul. 0 IN A 10.2.49.9 ip-10-0-6-93.node.dc1.consul. 0 IN TXT "cluster=app" ip-10-0-6-93.node.dc1.consul. 0 IN TXT "group=worker" 2600.addr.dc1.consul. 0 IN A 10.2.96.3 ip-10-0-22-143.node.dc1.consul. 0 IN TXT "group=worker" ip-10-0-22-143.node.dc1.consul. 0 IN TXT "consul-network-seg 12/39

  13. web.service.consul. 0 IN SRV 1 1 3000 2310.addr.dc1.consul. web.service.consul. 0

    IN SRV 1 1 3000 2600.addr.dc1.consul. web.service.consul. 0 IN SRV 1 1 3000 2010.addr.dc1.consul. # dig srv web.service.consul ;; ANSWER SECTION: ;; ADDITIONAL SECTION: 2310.addr.dc1.consul. 0 IN A 10.2.49.9 ip-10-0-6-93.node.dc1.consul. 0 IN TXT "cluster=app" ip-10-0-6-93.node.dc1.consul. 0 IN TXT "group=worker" 2600.addr.dc1.consul. 0 IN A 10.2.96.3 ip-10-0-22-143.node.dc1.consul. 0 IN TXT "group=worker" ip-10-0-22-143.node.dc1.consul. 0 IN TXT "consul-network-seg 12/39

  14. 2310.addr.dc1.consul. 0 IN A 10.2.49.9 ip-10-0-6-93.node.dc1.consul. 0 IN TXT "cluster=app"

    ip-10-0-6-93.node.dc1.consul. 0 IN TXT "group=worker" ;; ANSWER SECTION: web.service.consul. 0 IN SRV 1 1 3000 2310.addr.dc1.consul. web.service.consul. 0 IN SRV 1 1 3000 2600.addr.dc1.consul. web.service.consul. 0 IN SRV 1 1 3000 2010.addr.dc1.consul. ;; ADDITIONAL SECTION: 2600.addr.dc1.consul. 0 IN A 10.2.96.3 ip-10-0-22-143.node.dc1.consul. 0 IN TXT "group=worker" ip-10-0-22-143.node.dc1.consul. 0 IN TXT "consul-network-seg 2010.addr.dc1.consul. 0 IN A 10.2.1.2 ip-10-0-33-233.node.dc1.consul. 0 IN TXT "group=worker" ip-10-0-33-233 node dc1 consul 0 IN TXT "cluster=app" 12/39

  15. Trae k Fabio Envoy Load Balancers 13/39

  16. Services already registered Health checks Consul as a Service Mesh

    14/39

  17. Consul Connect 15/39

  18. 16/39

  19. Native Integration 17/39

  20. Native Integration Or Proxy (incl. built-in) 18/39

  21. 19/39

  22. No modi cation needed Service only need to talk to

    the proxy 20/39

  23. Network Namespaces Nomad 21/39

  24.  Work is currently underway to support shared network namespaces

    between tasks. This is the foundation to support deeper Consul Connect integration coming in 0.10! - github.com/hashicorp/nomad/issues/4451 22/39

  25. Security 23/39

  26. AutoTLS Mutual TLS Built-in CA inside Consul Certi cate Rotation

    Vault 24/39

  27. Intentions Secure Access Graph ACLs between services 25/39

  28. 26/39

  29. Observability Monitoring of Proxies 27/39

  30. StatsD DogStatsD Prometheus 28/39

  31. L4 Observability downstream (incoming) upstream (outgoing) http, tcp metrics (throughput,

    connections, etc) request time ... 29/39

  32. 30/39

  33. L7 Observability Consul 1.5+ (May 15, 2019) Envoy as sidecar

    31/39

  34. Protocol: HTTP, gRPC Methods used HTTP Status Code by family

    2xx 3xx 4xx 5xx 32/39

  35. 33/39

  36. 34/39

  37. What's next? 35/39

  38. HTTP Path-Based Routing 36/39

  39. Tra c Shifting 37/39

  40. consul.io learn.hashicorp.com/consul instruqt.com/hashicorp 38/39

  41. Consul Connect Service Mesh by HashiCorp Yves Brissaud  @_crev_

    39/39