Upgrade to Pro — share decks privately, control downloads, hide ads and more …

[DevOpsDays POA 2021] PostgreSQL Network Filter...

[DevOpsDays POA 2021] PostgreSQL Network Filter for EnvoyProxy

How do you monitor Postgres? What information can you get out of it, and to what degree does this information help to troubleshoot operational issues? What if you want/need to log all the queries? That may bring heavy trafficked databases down.

At OnGres we’re obsessed with improving PostgreSQL’s observability. So we worked together with Tetrate folks on an Envoy’s Network Filter extension for PostgreSQL, to provide and extend observability of the traffic inout a cluster infrastructure. This extension is public and open source. You can use it anywhere you use Envoy. It allows you to capture automated metrics and to debug network traffic. This talk will be a technical deep-dive into PostgreSQL’s protocol decoding, Envoy proxy filters and will cover all the capabilities of the tool and its usage and deployment in any environment.

Envoy [1] is a high performance C++ distributed proxy designed for single services and applications, as well as a communication bus and “universal data plane” designed for large microservice “service mesh” architectures. Built on the learnings of solutions such as NGINX, HAProxy, hardware load balancers, and cloud load balancers, Envoy runs alongside every application and abstracts the network by providing common features in a platform-agnostic manner. When all service traffic in an infrastructure flows via an Envoy mesh, it becomes easy to visualize problem areas via consistent observability, tune overall performance, and add substrate features in a single place.

Envoy can be used to proxy connections to PostgreSQL instances and in this talk we’ll see how we improve PostgreSQL observability without impacting the performance of the database and without needing to install and/or configure a bunch of things like logs, pgstatstatements, etc, using a Network Filter [2] for PostgreSQL we developed that decodes frontend and backend protocol to get transparently some metrics and metadata about it operation.

Even through an encrypted connection we can grab the metrics because the Postgres Network Filter have the ability to terminate SSL on Envoy [3]. This is a new cool feature for the upcomping 1.18 release of EnvoyProxy that is expected to March 31th [4].

Roadmap:
* Integrate Postgres parser to improve dynamic metadata and per-query tracking
* Individual (per-query) tracking of query performance
* Traffic mirroring for Postgres major upgrade testing and validations

[1] https://www.envoyproxy.io/
[2] https://www.envoyproxy.io/docs/envoy/latest/intro/archoverview/otherprotocols/postgres#arch-overview-postgres
[3] https://github.com/envoyproxy/envoy/commit/1aa31dd9ca07f88029101bdecca12173930cf342
[4] https://github.com/envoyproxy/envoy/blob/main/RELEASES.md#release-schedule

Fabrízio de Royes Mello

July 10, 2021
Tweet

More Decks by Fabrízio de Royes Mello

Other Decks in Technology

Transcript

  1. Postgres Network Filter for EnvoyProxy @fabriziomello ` whoami ` Fabrízio

    Mello <[email protected]> • 25+ years on IT • PostgreSQL Developer at OnGres • PostgreSQL Contributor
  2. Postgres Network Filter for EnvoyProxy @fabriziomello Postgres monitoring • Not

    in-core integrated solution. • Postgres provides catalog views with rich monitoring information. • But that means making queries to gather monitoring data. • Eg. Prometheus exporter: dozens/hundreds/... of queries per monitoring cycle. • Postgres monitoring extensions: ◦ may require restart -> downtime. ◦ may require configuration / external binaries-> complexity But, can we do better?
  3. Postgres Network Filter for EnvoyProxy @fabriziomello Envoy: offloading monitoring and

    SSL What if we could offload from Postgres certain workloads? And avoid restarts? • Envoy is a CNCF Proxy • With a Postgres specific filter • Decodes the wire protocol: protocol metrics -> Prometheus • Terminates Postgres SSL • And more functionalities to come in the future… https://www.cncf.io/blog/2020/08/13/envoy-1-15-introduces-a-n ew-postgres-extension-with-monitoring-support/
  4. Postgres Network Filter for EnvoyProxy @fabriziomello Thank you Join our

    Community in Slack and/or Discord to stay up to date! slack.stackgres.io discord.stackgres.io