Upgrade to Pro — share decks privately, control downloads, hide ads and more …

Stretching the Service Mesh from Java to Beyond

Stretching the Service Mesh from Java to Beyond

How do we extend the capabilities of service mesh from Java microservices to on-premise databases and .NET applications? In this talk, we will refactor and scatter a set of Java microservices to various workloads and environments, configure the application for observability and traffic management in a service mesh, and discuss its trade-offs and benefits.

Be8b596c46f4c9a1aec6a7586af33134?s=128

Rosemary Wang

February 21, 2020
Tweet

More Decks by Rosemary Wang

Other Decks in Technology

Transcript

  1. Copyright © 2019 HashiCorp Stretching the Service Mesh from Java

    to Beyond DevNexus | February 21, 2020 1
  2. Java Microservice to Java Microservice CODE EDITOR @EnableDiscoveryClient @EnableAutoConfiguration @EnableConfigurationProperties

    @EnableOAuth2Client @EnableFeignClients @EnableCircuitBreaker @SpringBootApplication @EnableGlobalMethodSecurity(prePostEnabled = true) public class AccountApplication { public static void main(String[] args) { SpringApplication.run(AccountApplication.class, args); } } 2 https://github.com/sqshq/piggymetrics
  3. Java Microservice to Java Microservice CODE EDITOR logging: level: org.springframework.security:

    INFO hystrix: command: default: execution: isolation: thread: timeoutInMilliseconds: 10000 eureka: instance: hostname: localhost client: serviceUrl: defaultZone: http://localhost:8761/eureka/ security: oauth2: resource: user-info-uri: http://localhost:5000/uaa/users/current 3 https://github.com/sqshq/piggymetrics
  4. SSL Various Libraries Service Discovery Eureka DNS Network Policy API

    Authorization Firewalls ACLs Policy Groups Load Balancing Ribbon Appliances Traffic Management Hystrix Zuul Observability Brave Spring Metrics 4
  5. What about every other kind of framework to Java microservice?

    5
  6. The Problem: Multi-Framework 6 DATABASE REPORT :8080 :3306 :5002 :5001

    EXPENSE EXPENSE DATABASE :1433
  7. Service Mesh! 7

  8. “…a dedicated infrastructure layer that controls service-to-service communication over a

    network” TechTarget searchitoperations.techtarget.com/definition/service-mesh 8
  9. Service Mesh! (Kubernetes only?) 9

  10. 10

  11. 11 MOST SUPPORT ENVOY PROXY

  12. 12 PROXY PROXY CONSUL CLIENT CONSUL CLIENT PROXY CONSUL CLIENT

    REPORT EXPENSE DATABASE
  13. SSL Service Mesh Service Discovery Service Mesh Network Policy Service

    Mesh Load Balancing Service Mesh Traffic Management Service Mesh Observability Service Mesh 13
  14. Can service mesh solve multi-framework? 14

  15. SSL Service Discovery Network Policy Load Balancing Traffic Management Observability

    15
  16. MUTUAL TLS 16 PROXY PROXY CONSUL CLIENT CONSUL CLIENT PROXY

    CONSUL CLIENT REPORT EXPENSE DATABASE
  17. 17 PROXY PROXY CONSUL CLIENT CONSUL CLIENT PROXY CONSUL CLIENT

    REPORT NO TLS USE LOOPBACK EXPENSE DATABASE
  18. TERMINAL > curl localhost:19000/config_dump "filter_chains": [{ "tls_context": { "common_tls_context": {

    "tls_params": {}, "tls_certificates": [ “REDACTED” ], "validation_context": { "trusted_ca": { "inline_string": “REDACTED” } } }, "require_client_certificate": true } }] 18
  19. SSL Service Discovery Network Policy Load Balancing Traffic Management Observability

    19
  20. CODE EDITOR service { name = “expense" // omitted for

    clarity tags = ["java"] meta = { framework = "java" } … } 20
  21. 21

  22. The Problem: Multi-Framework 22 DATABASE REPORT :8080 :3306 :5002 :5001

    EXPENSE EXPENSE DATABASE :1433 HOW DOES EXPENSE CONNECT TO DATABASE?
  23. 23 PROXY PROXY CONSUL CLIENT CONSUL CLIENT PROXY CONSUL CLIENT

    REPORT EXPENSE DATABASE :3306
  24. CODE EDITOR service { name = “expense" connect { sidecar_service

    { proxy { upstreams { destination_name = “expense-db-mysql” local_bind_address = "127.0.0.1" local_bind_port = 3306 } } } } } 24
  25. The Problem: Multi-Framework 25 DATABASE REPORT :8080 :3306 :5002 :5001

    EXPENSE EXPENSE DATABASE :1433 REPORT CONNECTS TO EXPENSE ON :5001 ???
  26. CODE EDITOR service { name = “report" connect { sidecar_service

    { proxy { upstreams { destination_name = "expense" local_bind_address = "127.0.0.1" local_bind_port = 5001 } } } } } 26
  27. The Problem: Multi-Framework 27 DATABASE REPORT :8080 :3306 :5002 :5001

    EXPENSE EXPENSE DATABASE :1433 REPORT CONNECTS TO EXPENSE ON :5001 :5001
  28. 28 PROXY PROXY CONSUL CLIENT CONSUL CLIENT PROXY CONSUL CLIENT

    REPORT EXPENSE DATABASE :5001
  29. SSL Service Discovery Network Policy Load Balancing Traffic Management Observability

    29
  30. The Problem: Multi-Framework 30 DATABASE REPORT EXPENSE EXPENSE DATABASE

  31. 31

  32. SSL Service Discovery Network Policy Load Balancing Traffic Management Observability

    32
  33. The Problem: Multi-Framework 33 DATABASE REPORT :8080 :3306 :5002 :5001

    EXPENSE EXPENSE DATABASE :1433 :5001 20% 80%
  34. 34

  35. SSL Service Discovery Network Policy Load Balancing Traffic Management Observability

    35
  36. * Many capabilities ▪ Circuit Breaking (AKA Outlier Detection) ▪

    Retries ▪ Timeouts ▪ Canary Testing ▪ A/B Testing 36
  37. @EnableCircuitBreaker 37

  38. The Problem: Multi-Framework 38 DATABASE REPORT :8080 :3306 :5002 :5001

    EXPENSE EXPENSE DATABASE :1433 :5001
  39. CODE EDITOR // Envoy Proxy Configuration (Cluster) { "@type": "type.googleapis.com/envoy.api.v2.Cluster",

    "name": "expense.default.dc1.internal.CONSUL_FQDN", "type": "EDS", "eds_cluster_config": { "eds_config": { "ads": {} } }, "connect_timeout": "5s", "outlier_detection": { "consecutive_5xx": 10, "consecutive_gateway_failure": 10, "base_ejection_time": "30s" } } 39
  40. CODE EDITOR // Envoy Proxy Configuration (Listener) { "match": {

    "prefix": "/" }, "route": { "cluster": "expense.default.dc1.internal.CONSUL_FQDN", "timeout": "60s", "retry_policy": { "retry_on": "5xx", "num_retries": 5, "per_try_timeout": "10s" } } } 40
  41. 41

  42. SSL Service Discovery Network Policy Load Balancing Traffic Management Observability

    42
  43. Tracing In 1 Slide Headline / 1 line max. Delete

    if slide title is 2 lines. 43 SPAN UNIT OF WORK CHILD SPAN TRACE CONTEXT PROPAGATED BY HEADERS TAGS ADDED TO SPANS
  44. 44 PROXY PROXY CONSUL CLIENT CONSUL CLIENT PROXY CONSUL CLIENT

    REPORT EXPENSE DATABASE
  45. Tracing with Service Mesh The ConfusionHeadline / 1 line max.

    Delete if slide title is 2 lines. 45 TRACE CONTEXT PROPAGATED BY HEADERS APPLICATION NEEDS TO PROPAGATE HEADERS INSTALL LIBRARIES TO DO TRACING SERVICE MESH ADDS METADATA
  46. CODE EDITOR // application.properties spring.zipkin.base-url=http://jaeger:9411/ spring.datasource.url=jdbc:mysql://$ {MYSQL_HOST:localhost}:3306/DemoExpenses? queryInterceptors=brave.mysql8.TracingQueryInterceptor& exceptionInterceptors=brave.mysql8.TracingExceptionInte rceptor&zipkinServiceName=expense

    46
  47. 47

  48. SSL Various Libraries Service Discovery Eureka DNS Network Policy API

    Authorization Firewalls ACLs Policy Groups Load Balancing Ribbon Appliances Traffic Management Hystrix Zuul Observability Brave Spring Metrics 48
  49. The Problem: Multi-Framework 49 DATABASE REPORT :8080 :3306 :5002 :5001

    EXPENSE EXPENSE DATABASE :1433
  50. AZURE KUBERNETES SERVICE DATACENTER The Larger Problem: Multi-* 50 DATABASE

    EXPENSE EXPENSE DATABASE REPORT UI GCP CLOUD RUN AWS EC2 (VMS) REPORT HTTP HTTP2 TCP GRPC
  51. If framework has no libraries Traffic management “contract” One configuration

    for multi-* Eases Day 0 Operations Eases Day N Operations 51
  52. SSL Service Mesh Service Discovery Service Mesh Network Policy Service

    Mesh Load Balancing Service Mesh Traffic Management Service Mesh Observability Service Mesh 52
  53. Thank you! Rosemary Wang (she/her) Developer Advocate at HashiCorp joatmon08.github.io

    @joatmon08 joatmon08 linkedin.com/in/rosemarywang/ 53