Stretching the Service Mesh Beyond the Clouds

Transcript

1. June 2021 | stackconf Stretching the Service Mesh Beyond the

   Clouds

2. We moved from datacenter to Amazon Web Services.

3. One team wants to use Microsoft Azure.

4. These applications should be refactored to use Kubernetes.

5. This application cannot run in a container.

6. Datacenter + AWS + Azure + Kubernetes + Virtual Machines

   = ???

7. Developer Advocate at HashiCorp she/her @joatmon08 joatmon08.github.io Rosemary Wang

8. 01 Problem Multiple platforms & environments

9. DATACENTER CLOUD LOAD BALANCER MY-APPLICATION-0 MY-APPLICATION-1 MY-APPLICATION-2 MY-APPLICATION.CLOUD LOAD BALANCER

   MY-APPLICATION.DATACENTER MY-APPLICATION-0 MY-APPLICATION-1 MY-APPLICATION-2 MY-APPLICATION.MY-COMPANY.NET SOME INFRASTRUCTURE LAYER HERE SOME AUTOMATION HERE

10. Service Mesh An infrastructure layer to manage and abstract service-to-service

    communication

11. DATACENTER CONSUL SERVER (DATACENTER) PROXY PROXY UI MY-APPLICATION CLOUD PROXY

    MY-APPLICATION CONSUL SERVER (CLOUD)

12. More Service Mesh, More Problems? Some added complexity ▪ Yet

    another agent ▪ More to debug ▪ More to operate ▪ Point of failure

13. No Service Mesh, More Problems Operational responsibility for multiple clouds

    ▪ Minimal automation ▪ Multiple sources of truth ▪ Multiple sources of control ▪ Multiple metrics approaches

14. 02 Solutions Service Mesh Deployment Topologies

15. DATACENTER CLOUD LOAD BALANCER MY-APPLICATION-0 MY-APPLICATION-1 MY-APPLICATION-2 MY-APPLICATION.CLOUD LOAD BALANCER

    MY-APPLICATION.DATACENTER MY-APPLICATION-0 MY-APPLICATION-1 MY-APPLICATION-2 MY-APPLICATION.MY-COMPANY.NET NETWORK AUTOMATION TO SYNCHRONIZE SERVICE MESH FOR CLOUD DIRECT CONNECT

16. Benefits Network Automation + Service Mesh ▪ In service mesh:

    – Control retries and error handling to non-service mesh – Progressive delivery techniques (canary, A/B testing, feature flagging) ▪ In non-service mesh: – Automated control – No change to existing applications

17. DATACENTER MY-APPLICATION-0 MY-APPLICATION-1 MY-APPLICATION-2 MY-APPLICATION.CLOUD APPLICATION LOAD BALANCER MY-APPLICATION.DATACENTER MY-APPLICATION-0

    MY-APPLICATION-1 MY-APPLICATION-2 MY-APPLICATION.MY-COMPANY.NET DIRECT CONNECT CLOUD (CONSUL SERVICE MESH) 💡 Private network connectivity ❗Separate network automation ❗Multiple metrics CONSUL INGRESS GATEWAY CONSUL TERRAFORM SYNC

18. Consul Terraform Sync (CTS) DAEMON GETS EVENT SERVICE CHANGED TERRAFORM

    CONFIGURATION REFERENCES MODULE USE TEMPLATE TO CREATE TERRAFORM CONFIGURATION RUNS TERRAFORM TERRAFORM MODULE DOWNLOAD MODULE AND APPLY CHANGES

19. Network Automation Demo github.com/joatmon08/cloud-migration Note: • Deployed in AWS •

    Datacenter uses virtual machines in us-east-2 • Cloud uses Kubernetes in us-west-2 • Network automation configures an application load balancer

20. DATACENTER (SERVICE MESH) LOAD BALANCER MY-APPLICATION-0 MY-APPLICATION-1 MY-APPLICATION-2 MY-APPLICATION.CLOUD LOAD

    BALANCER MY-APPLICATION.DATACENTER MY-APPLICATION-0 MY-APPLICATION-1 MY-APPLICATION-2 MY-APPLICATION.MY-COMPANY.NET FEDERATION BETWEEN SERVICE MESHES CLOUD (SERVICE MESH)

21. Benefits Federated Service Mesh ▪ One place to control retries

    and error handling ▪ Aggregated & standardized metrics ▪ Progressive delivery across all environments & frameworks – Fully automated canary deployment – A/B testing

22. DATACENTER (CONSUL SERVICE MESH, SECONDARY) LOAD BALANCER MY-APPLICATION-0 MY-APPLICATION-1 MY-APPLICATION-2

    MY-APPLICATION.CLOUD LOAD BALANCER MY-APPLICATION.DATACENTER MY-APPLICATION-0 MY-APPLICATION-1 MY-APPLICATION-2 MY-APPLICATION.MY-COMPANY.NET CONSUL MESH GATEWAY CONSUL MESH GATEWAY CLOUD (CONSUL SERVICE MESH, PRIMARY) 💡 Private/public network connectivity ❗Must retrofit service mesh

23. CONSUL SERVER (DATACENTER) PROXY PROXY UI MY-APPLICATION PROXY MY-APPLICATION CONSUL

    SERVER (CLOUD) PROMETHEUS USE METRICS FOR CANARY ANALYSIS CONFIGURE CONSUL SERVICE SPLITTER - 90% CONFIGURE CONSUL SERVICE SPLITTER - 10% COLLECT METRICS COLLECT METRICS

24. Federation Demo github.com/joatmon08/cloud-migration/tree/federated Note: • Deployed in AWS • Datacenter

    uses virtual machines in us-east-2 • Cloud uses Kubernetes in us-west-2 • Federation sets cloud as primary

25. Summary Choose your topology Network Infrastructure Automation Use what already

    exists. Adds layer of automation. Service Mesh Federation Abstract environment, application framework, and runtime. Adds layer of control.

26. References ▪ github.com/joatmon08/cloud-migration(/tree/federated) ▪ hashi.co/spinnaker-consul ▪ learn.hashicorp.com ▪ learn.hashicorp.com/tutorials/consul/consul-terraform-sync-intro ▪

    consul.io/docs/connect Find these slides at joatmon08.github.io