Upgrade to Pro — share decks privately, control downloads, hide ads and more …

[DevOpsDays POA 2021] PostgreSQL Network Filter for EnvoyProxy

[DevOpsDays POA 2021] PostgreSQL Network Filter for EnvoyProxy

How do you monitor Postgres? What information can you get out of it, and to what degree does this information help to troubleshoot operational issues? What if you want/need to log all the queries? That may bring heavy trafficked databases down.

At OnGres we’re obsessed with improving PostgreSQL’s observability. So we worked together with Tetrate folks on an Envoy’s Network Filter extension for PostgreSQL, to provide and extend observability of the traffic inout a cluster infrastructure. This extension is public and open source. You can use it anywhere you use Envoy. It allows you to capture automated metrics and to debug network traffic. This talk will be a technical deep-dive into PostgreSQL’s protocol decoding, Envoy proxy filters and will cover all the capabilities of the tool and its usage and deployment in any environment.

Envoy [1] is a high performance C++ distributed proxy designed for single services and applications, as well as a communication bus and “universal data plane” designed for large microservice “service mesh” architectures. Built on the learnings of solutions such as NGINX, HAProxy, hardware load balancers, and cloud load balancers, Envoy runs alongside every application and abstracts the network by providing common features in a platform-agnostic manner. When all service traffic in an infrastructure flows via an Envoy mesh, it becomes easy to visualize problem areas via consistent observability, tune overall performance, and add substrate features in a single place.

Envoy can be used to proxy connections to PostgreSQL instances and in this talk we’ll see how we improve PostgreSQL observability without impacting the performance of the database and without needing to install and/or configure a bunch of things like logs, pgstatstatements, etc, using a Network Filter [2] for PostgreSQL we developed that decodes frontend and backend protocol to get transparently some metrics and metadata about it operation.

Even through an encrypted connection we can grab the metrics because the Postgres Network Filter have the ability to terminate SSL on Envoy [3]. This is a new cool feature for the upcomping 1.18 release of EnvoyProxy that is expected to March 31th [4].

Roadmap:
* Integrate Postgres parser to improve dynamic metadata and per-query tracking
* Individual (per-query) tracking of query performance
* Traffic mirroring for Postgres major upgrade testing and validations

[1] https://www.envoyproxy.io/
[2] https://www.envoyproxy.io/docs/envoy/latest/intro/archoverview/otherprotocols/postgres#arch-overview-postgres
[3] https://github.com/envoyproxy/envoy/commit/1aa31dd9ca07f88029101bdecca12173930cf342
[4] https://github.com/envoyproxy/envoy/blob/main/RELEASES.md#release-schedule

Fabrízio de Royes Mello

July 10, 2021
Tweet

More Decks by Fabrízio de Royes Mello

Other Decks in Technology

Transcript

  1. Postgres Network Filter for EnvoyProxy
    @fabriziomello
    PostgreSQL Network Filter
    for
    EnvoyProxy
    Fabrízio de Royes Mello
    @fabriziomello

    View full-size slide

  2. Postgres Network Filter for EnvoyProxy
    @fabriziomello
    ` whoami `
    Fabrízio Mello

    ● 25+ years on IT
    ● PostgreSQL Developer at OnGres
    ● PostgreSQL Contributor

    View full-size slide

  3. Postgres Network Filter for EnvoyProxy
    @fabriziomello
    Enhancing Postgres
    Observability

    View full-size slide

  4. Postgres Network Filter for EnvoyProxy
    @fabriziomello
    Postgres monitoring
    ● Not in-core integrated solution.
    ● Postgres provides catalog views with rich monitoring
    information.
    ● But that means making queries to gather monitoring data.
    ● Eg. Prometheus exporter: dozens/hundreds/... of queries per
    monitoring cycle.
    ● Postgres monitoring extensions:
    ○ may require restart -> downtime.
    ○ may require configuration / external binaries->
    complexity
    But, can we do better?

    View full-size slide

  5. Postgres Network Filter for EnvoyProxy
    @fabriziomello
    Yes, we can!
    Introducing EnvoyProxy into
    Postgres deployments

    View full-size slide

  6. Postgres Network Filter for EnvoyProxy
    @fabriziomello
    Envoy: offloading monitoring and SSL
    What if we could offload from Postgres certain workloads?
    And avoid restarts?
    ● Envoy is a CNCF Proxy
    ● With a Postgres specific filter
    ● Decodes the wire protocol: protocol metrics -> Prometheus
    ● Terminates Postgres SSL
    ● And more functionalities to come in the future…
    https://www.cncf.io/blog/2020/08/13/envoy-1-15-introduces-a-n
    ew-postgres-extension-with-monitoring-support/

    View full-size slide

  7. Postgres Network Filter for EnvoyProxy
    @fabriziomello
    Envoy: offloading monitoring and SSL

    View full-size slide

  8. Postgres Network Filter for EnvoyProxy
    @fabriziomello
    Envoy: offloading monitoring and SSL

    View full-size slide

  9. Postgres Network Filter for EnvoyProxy
    @fabriziomello
    Envoy: offloading monitoring and SSL

    View full-size slide

  10. Postgres Network Filter for EnvoyProxy
    @fabriziomello
    Envoy: offloading monitoring and SSL

    View full-size slide

  11. Postgres Network Filter for EnvoyProxy
    @fabriziomello
    Envoy: offloading monitoring and SSL

    View full-size slide

  12. Postgres Network Filter for EnvoyProxy
    @fabriziomello
    Demo
    https://github.com/ongres/envoy-postgres-stats-example

    View full-size slide

  13. Postgres Network Filter for EnvoyProxy
    @fabriziomello
    Envoy: offloading monitoring and SSL

    View full-size slide

  14. Postgres Network Filter for EnvoyProxy
    @fabriziomello
    StackGres:
    The Innovative Postgres Platform
    on Kubernetes

    View full-size slide

  15. Postgres Network Filter for EnvoyProxy
    @fabriziomello
    Thank you
    Join our Community in Slack and/or Discord to stay up to date!
    slack.stackgres.io discord.stackgres.io

    View full-size slide