Stretching the Service Mesh from Java to Beyond

Transcript

1. Copyright © 2019 HashiCorp Stretching the Service Mesh from Java

   to Beyond DevNexus | February 21, 2020 1

2. Java Microservice to Java Microservice CODE EDITOR @EnableDiscoveryClient @EnableAutoConfiguration @EnableConfigurationProperties

   @EnableOAuth2Client @EnableFeignClients @EnableCircuitBreaker @SpringBootApplication @EnableGlobalMethodSecurity(prePostEnabled = true) public class AccountApplication { public static void main(String[] args) { SpringApplication.run(AccountApplication.class, args); } } 2 https://github.com/sqshq/piggymetrics

3. Java Microservice to Java Microservice CODE EDITOR logging: level: org.springframework.security:

   INFO hystrix: command: default: execution: isolation: thread: timeoutInMilliseconds: 10000 eureka: instance: hostname: localhost client: serviceUrl: defaultZone: http://localhost:8761/eureka/ security: oauth2: resource: user-info-uri: http://localhost:5000/uaa/users/current 3 https://github.com/sqshq/piggymetrics

4. SSL Various Libraries Service Discovery Eureka DNS Network Policy API

   Authorization Firewalls ACLs Policy Groups Load Balancing Ribbon Appliances Traffic Management Hystrix Zuul Observability Brave Spring Metrics 4

5. What about every other kind of framework to Java microservice?

   5

6. The Problem: Multi-Framework 6 DATABASE REPORT :8080 :3306 :5002 :5001

   EXPENSE EXPENSE DATABASE :1433

7. Service Mesh! 7

8. “…a dedicated infrastructure layer that controls service-to-service communication over a

   network” TechTarget searchitoperations.techtarget.com/definition/service-mesh 8

9. Service Mesh! (Kubernetes only?) 9

10. 10

11. 11 MOST SUPPORT ENVOY PROXY

12. 12 PROXY PROXY CONSUL CLIENT CONSUL CLIENT PROXY CONSUL CLIENT

    REPORT EXPENSE DATABASE

13. SSL Service Mesh Service Discovery Service Mesh Network Policy Service

    Mesh Load Balancing Service Mesh Traffic Management Service Mesh Observability Service Mesh 13

14. Can service mesh solve multi-framework? 14

15. SSL Service Discovery Network Policy Load Balancing Traffic Management Observability

    15

16. MUTUAL TLS 16 PROXY PROXY CONSUL CLIENT CONSUL CLIENT PROXY

    CONSUL CLIENT REPORT EXPENSE DATABASE

17. 17 PROXY PROXY CONSUL CLIENT CONSUL CLIENT PROXY CONSUL CLIENT

    REPORT NO TLS USE LOOPBACK EXPENSE DATABASE

18. TERMINAL > curl localhost:19000/config_dump "filter_chains": [{ "tls_context": { "common_tls_context": {

    "tls_params": {}, "tls_certificates": [ “REDACTED” ], "validation_context": { "trusted_ca": { "inline_string": “REDACTED” } } }, "require_client_certificate": true } }] 18

19. SSL Service Discovery Network Policy Load Balancing Traffic Management Observability

    19

20. CODE EDITOR service { name = “expense" // omitted for

    clarity tags = ["java"] meta = { framework = "java" } … } 20

21. 21

22. The Problem: Multi-Framework 22 DATABASE REPORT :8080 :3306 :5002 :5001

    EXPENSE EXPENSE DATABASE :1433 HOW DOES EXPENSE CONNECT TO DATABASE?

23. 23 PROXY PROXY CONSUL CLIENT CONSUL CLIENT PROXY CONSUL CLIENT

    REPORT EXPENSE DATABASE :3306

24. CODE EDITOR service { name = “expense" connect { sidecar_service

    { proxy { upstreams { destination_name = “expense-db-mysql” local_bind_address = "127.0.0.1" local_bind_port = 3306 } } } } } 24

25. The Problem: Multi-Framework 25 DATABASE REPORT :8080 :3306 :5002 :5001

    EXPENSE EXPENSE DATABASE :1433 REPORT CONNECTS TO EXPENSE ON :5001 ???

26. CODE EDITOR service { name = “report" connect { sidecar_service

    { proxy { upstreams { destination_name = "expense" local_bind_address = "127.0.0.1" local_bind_port = 5001 } } } } } 26

27. The Problem: Multi-Framework 27 DATABASE REPORT :8080 :3306 :5002 :5001

    EXPENSE EXPENSE DATABASE :1433 REPORT CONNECTS TO EXPENSE ON :5001 :5001

28. 28 PROXY PROXY CONSUL CLIENT CONSUL CLIENT PROXY CONSUL CLIENT

    REPORT EXPENSE DATABASE :5001

29. SSL Service Discovery Network Policy Load Balancing Traffic Management Observability

    29

30. The Problem: Multi-Framework 30 DATABASE REPORT EXPENSE EXPENSE DATABASE

31. 31

32. SSL Service Discovery Network Policy Load Balancing Traffic Management Observability

    32

33. The Problem: Multi-Framework 33 DATABASE REPORT :8080 :3306 :5002 :5001

    EXPENSE EXPENSE DATABASE :1433 :5001 20% 80%

34. 34

35. SSL Service Discovery Network Policy Load Balancing Traffic Management Observability

    35

36. * Many capabilities ▪ Circuit Breaking (AKA Outlier Detection) ▪

    Retries ▪ Timeouts ▪ Canary Testing ▪ A/B Testing 36

37. @EnableCircuitBreaker 37

38. The Problem: Multi-Framework 38 DATABASE REPORT :8080 :3306 :5002 :5001

    EXPENSE EXPENSE DATABASE :1433 :5001

39. CODE EDITOR // Envoy Proxy Configuration (Cluster) { "@type": "type.googleapis.com/envoy.api.v2.Cluster",

    "name": "expense.default.dc1.internal.CONSUL_FQDN", "type": "EDS", "eds_cluster_config": { "eds_config": { "ads": {} } }, "connect_timeout": "5s", "outlier_detection": { "consecutive_5xx": 10, "consecutive_gateway_failure": 10, "base_ejection_time": "30s" } } 39

40. CODE EDITOR // Envoy Proxy Configuration (Listener) { "match": {

    "prefix": "/" }, "route": { "cluster": "expense.default.dc1.internal.CONSUL_FQDN", "timeout": "60s", "retry_policy": { "retry_on": "5xx", "num_retries": 5, "per_try_timeout": "10s" } } } 40

41. 41

42. SSL Service Discovery Network Policy Load Balancing Traffic Management Observability

    42

43. Tracing In 1 Slide Headline / 1 line max. Delete

    if slide title is 2 lines. 43 SPAN UNIT OF WORK CHILD SPAN TRACE CONTEXT PROPAGATED BY HEADERS TAGS ADDED TO SPANS

44. 44 PROXY PROXY CONSUL CLIENT CONSUL CLIENT PROXY CONSUL CLIENT

    REPORT EXPENSE DATABASE

45. Tracing with Service Mesh The ConfusionHeadline / 1 line max.

    Delete if slide title is 2 lines. 45 TRACE CONTEXT PROPAGATED BY HEADERS APPLICATION NEEDS TO PROPAGATE HEADERS INSTALL LIBRARIES TO DO TRACING SERVICE MESH ADDS METADATA

46. CODE EDITOR // application.properties spring.zipkin.base-url=http://jaeger:9411/ spring.datasource.url=jdbc:mysql://$ {MYSQL_HOST:localhost}:3306/DemoExpenses? queryInterceptors=brave.mysql8.TracingQueryInterceptor& exceptionInterceptors=brave.mysql8.TracingExceptionInte rceptor&zipkinServiceName=expense

    46

47. 47

48. SSL Various Libraries Service Discovery Eureka DNS Network Policy API

    Authorization Firewalls ACLs Policy Groups Load Balancing Ribbon Appliances Traffic Management Hystrix Zuul Observability Brave Spring Metrics 48

49. The Problem: Multi-Framework 49 DATABASE REPORT :8080 :3306 :5002 :5001

    EXPENSE EXPENSE DATABASE :1433

50. AZURE KUBERNETES SERVICE DATACENTER The Larger Problem: Multi-* 50 DATABASE

    EXPENSE EXPENSE DATABASE REPORT UI GCP CLOUD RUN AWS EC2 (VMS) REPORT HTTP HTTP2 TCP GRPC

51. If framework has no libraries Traffic management “contract” One configuration

    for multi-* Eases Day 0 Operations Eases Day N Operations 51

52. SSL Service Mesh Service Discovery Service Mesh Network Policy Service

    Mesh Load Balancing Service Mesh Traffic Management Service Mesh Observability Service Mesh 52

53. Thank you! Rosemary Wang (she/her) Developer Advocate at HashiCorp joatmon08.github.io

    @joatmon08 joatmon08 linkedin.com/in/rosemarywang/ 53