Tweet
Tweet

Slide 1

Slide 1 text

Advanced DNS with Consul Service Discovery Edgaras Apšega Lead IT Systems Engineer Adform @apsega Cloud Native Lithuania

Slide 2

Slide 2 text

$ whoami Edgaras Apšega Systems Engineer @ Adform

Slide 3

Slide 3 text

Agenda Why DNS is not perfect? Why do we need Service Discovery? What problems does HashiCorp Consul solve? Cloud Native Lithuania

Slide 4

Slide 4 text

DNS

Slide 5

Slide 5 text

DNS Translates Domain names to IP addresses; Typically A type records with TTL.

Slide 6

Slide 6 text

TERMINAL > dig +short apsega.lt 104.24.102.191 104.24.102.192 > curl -sI 104.24.102.191 | head -1 HTTP/1.1 200 OK > curl -sI 104.24.102.192 | head -1 HTTP/1.1 503 Service Temporarily Unavailable DNS query DNS balances queries between domain name records; Are all servers under DNS responding correctly?

Slide 7

Slide 7 text

Service Discovery

Slide 8

Slide 8 text

Service Discovery Microservices oriented way of communication between services.

Slide 9

Slide 9 text

Service Discovery Service load balancers aren’t efficient in a dynamic world.

Slide 10

Slide 10 text

Eureka Netflix Open Source Consul HashiCorp Open Source and Enterprise ZooKeeper Apache Open Source Most popular products

Slide 11

Slide 11 text

No content

Slide 12

Slide 12 text

Consul architecture All the agents that are in a datacenter participate in a gossip protocol; The servers in each datacenter are all part of a single Raft peer set.

Slide 13

Slide 13 text

HashiCorp Consul features 1. Service Discovery (DNS with 0 TTL or HTTP API with rich metadata); 2. Health Checking (HTTP, TCP, scripts); 3. Prepared Queries (failover to other datacenters based on RTT); 4. Key/Value Store (dynamic configuration, leader election); 5. Service Mesh (auto mTLS, Intentions);

Slide 14

Slide 14 text

Consul Service Discovery with Health Checks

Slide 15

Slide 15 text

Service Discovery With Health Checks CODE EDITOR { "service": { "name": "webserver", "tags": ["production", “nginx”], "port": 80, "check": { "interval": "5s", "http": "http://localhost:80", "timeout": "1s" } } }

Slide 16

Slide 16 text

Consul UI Displays health status of nodes

Slide 17

Slide 17 text

TERMINAL > dig +short webserver.service.consul 10.8.192.72 10.8.192.125 > dig +short production.nginx.service.consul 10.8.192.72 > dig +short nginx.service.eu-west-1.consul 10.8.192.125 DNS interface 1. Simple service query; 2. Service query with tags; 3. Service query for specific datacenter.

Slide 18

Slide 18 text

Consul UI Displays unhealthy nodes

Slide 19

Slide 19 text

TERMINAL > dig +short webserver.service.consul 10.8.192.125 DNS interface Returns only healthy nodes.

Slide 20

Slide 20 text

Live demo

Slide 21

Slide 21 text

Consul with load balancers

Slide 22

Slide 22 text

Consul template A convenient way to populate values from Consul into the file

Slide 23

Slide 23 text

Consul template with Nginx 1. Nginx upstream configuration 2. Upstream Consul template CODE EDITOR upstream from_consul { <…> include /opt/consul-template.d/from_consul_nginx_upstreams.conf; <…> } {{ range service ”webserver" }} server {{ .Address }}:{{ .Port }} max_fails=1 fail_timeout=15s weight=1; {{ else }} server 127.0.0.1:80 max_fails=1 fail_timeout=15s weight=1; {{ end }}

Slide 24

Slide 24 text

Consul with HAProxy CODE EDITOR resolvers mydns nameserver dns1 192.168.1.253:53 accepted_payload_size 8192 # allow larger DNS payloads backend webservers balance roundrobin server-template web _webserver._tcp.service.consul resolvers mydns check init-addr none

Slide 25

Slide 25 text

Consul implementation in Adform

Slide 26

Slide 26 text

DNS forwarding All specific domain queries are forwarded to Consul servers

Slide 27

Slide 27 text

2,300+ Registered nodes 690+ Registered services 700+ DNS Queries per second 11 Clusters 6 Production regions Between 8 datacenters

Slide 28

Slide 28 text

Thank You! [email protected] @apsega 29 Cloud Native Lithuania