Stretching the Service Mesh from Java to Beyond

Slide 1

Slide 1 text

Slide 2

Slide 2 text

Java Microservice to Java Microservice CODE EDITOR @EnableDiscoveryClient @EnableAutoConfiguration @EnableConfigurationProperties @EnableOAuth2Client @EnableFeignClients @EnableCircuitBreaker @SpringBootApplication @EnableGlobalMethodSecurity(prePostEnabled = true) public class AccountApplication { public static void main(String[] args) { SpringApplication.run(AccountApplication.class, args); } } 2 https://github.com/sqshq/piggymetrics

Slide 3

Slide 3 text

Java Microservice to Java Microservice CODE EDITOR logging: level: org.springframework.security: INFO hystrix: command: default: execution: isolation: thread: timeoutInMilliseconds: 10000 eureka: instance: hostname: localhost client: serviceUrl: defaultZone: http://localhost:8761/eureka/ security: oauth2: resource: user-info-uri: http://localhost:5000/uaa/users/current 3 https://github.com/sqshq/piggymetrics

Slide 4

Slide 4 text

SSL Various Libraries Service Discovery Eureka DNS Network Policy API Authorization Firewalls ACLs Policy Groups Load Balancing Ribbon Appliances Traffic Management Hystrix Zuul Observability Brave Spring Metrics 4

Slide 5

Slide 5 text

What about every other kind of framework to Java microservice? 5

Slide 6

Slide 6 text

The Problem: Multi-Framework 6 DATABASE REPORT :8080 :3306 :5002 :5001 EXPENSE EXPENSE DATABASE :1433

Slide 7

Slide 7 text

Service Mesh! 7

Slide 8

Slide 8 text

“…a dedicated infrastructure layer that controls service-to-service communication over a network” TechTarget searchitoperations.techtarget.com/definition/service-mesh 8

Slide 9

Slide 9 text

Service Mesh! (Kubernetes only?) 9

Slide 10

Slide 10 text

Slide 11

Slide 11 text

11 MOST SUPPORT ENVOY PROXY

Slide 12

Slide 12 text

12 PROXY PROXY CONSUL CLIENT CONSUL CLIENT PROXY CONSUL CLIENT REPORT EXPENSE DATABASE

Slide 13

Slide 13 text

SSL Service Mesh Service Discovery Service Mesh Network Policy Service Mesh Load Balancing Service Mesh Traffic Management Service Mesh Observability Service Mesh 13

Slide 14

Slide 14 text

Can service mesh solve multi-framework? 14

Slide 15

Slide 15 text

SSL Service Discovery Network Policy Load Balancing Traffic Management Observability 15

Slide 16

Slide 16 text

MUTUAL TLS 16 PROXY PROXY CONSUL CLIENT CONSUL CLIENT PROXY CONSUL CLIENT REPORT EXPENSE DATABASE

Slide 17

Slide 17 text

17 PROXY PROXY CONSUL CLIENT CONSUL CLIENT PROXY CONSUL CLIENT REPORT NO TLS USE LOOPBACK EXPENSE DATABASE

Slide 18

Slide 18 text

TERMINAL > curl localhost:19000/config_dump "filter_chains": [{ "tls_context": { "common_tls_context": { "tls_params": {}, "tls_certificates": [ “REDACTED” ], "validation_context": { "trusted_ca": { "inline_string": “REDACTED” } } }, "require_client_certificate": true } }] 18

Slide 19

Slide 19 text

SSL Service Discovery Network Policy Load Balancing Traffic Management Observability 19

Slide 20

Slide 20 text

CODE EDITOR service { name = “expense" // omitted for clarity tags = ["java"] meta = { framework = "java" } … } 20

Slide 21

Slide 21 text

Slide 22

Slide 22 text

The Problem: Multi-Framework 22 DATABASE REPORT :8080 :3306 :5002 :5001 EXPENSE EXPENSE DATABASE :1433 HOW DOES EXPENSE CONNECT TO DATABASE?

Slide 23

Slide 23 text

23 PROXY PROXY CONSUL CLIENT CONSUL CLIENT PROXY CONSUL CLIENT REPORT EXPENSE DATABASE :3306

Slide 24

Slide 24 text

CODE EDITOR service { name = “expense" connect { sidecar_service { proxy { upstreams { destination_name = “expense-db-mysql” local_bind_address = "127.0.0.1" local_bind_port = 3306 } } } } } 24

Slide 25

Slide 25 text

The Problem: Multi-Framework 25 DATABASE REPORT :8080 :3306 :5002 :5001 EXPENSE EXPENSE DATABASE :1433 REPORT CONNECTS TO EXPENSE ON :5001 ???

Slide 26

Slide 26 text

CODE EDITOR service { name = “report" connect { sidecar_service { proxy { upstreams { destination_name = "expense" local_bind_address = "127.0.0.1" local_bind_port = 5001 } } } } } 26

Slide 27

Slide 27 text

The Problem: Multi-Framework 27 DATABASE REPORT :8080 :3306 :5002 :5001 EXPENSE EXPENSE DATABASE :1433 REPORT CONNECTS TO EXPENSE ON :5001 :5001

Slide 28

Slide 28 text

28 PROXY PROXY CONSUL CLIENT CONSUL CLIENT PROXY CONSUL CLIENT REPORT EXPENSE DATABASE :5001

Slide 29

Slide 29 text

SSL Service Discovery Network Policy Load Balancing Traffic Management Observability 29

Slide 30

Slide 30 text

The Problem: Multi-Framework 30 DATABASE REPORT EXPENSE EXPENSE DATABASE

Slide 31

Slide 31 text

Slide 32

Slide 32 text

SSL Service Discovery Network Policy Load Balancing Traffic Management Observability 32

Slide 33

Slide 33 text

The Problem: Multi-Framework 33 DATABASE REPORT :8080 :3306 :5002 :5001 EXPENSE EXPENSE DATABASE :1433 :5001 20% 80%

Slide 34

Slide 34 text

Slide 35

Slide 35 text

SSL Service Discovery Network Policy Load Balancing Traffic Management Observability 35

Slide 36

Slide 36 text

* Many capabilities ▪ Circuit Breaking (AKA Outlier Detection) ▪ Retries ▪ Timeouts ▪ Canary Testing ▪ A/B Testing 36

Slide 37

Slide 37 text

@EnableCircuitBreaker 37

Slide 38

Slide 38 text

The Problem: Multi-Framework 38 DATABASE REPORT :8080 :3306 :5002 :5001 EXPENSE EXPENSE DATABASE :1433 :5001

Slide 39

Slide 39 text

CODE EDITOR // Envoy Proxy Configuration (Cluster) { "@type": "type.googleapis.com/envoy.api.v2.Cluster", "name": "expense.default.dc1.internal.CONSUL_FQDN", "type": "EDS", "eds_cluster_config": { "eds_config": { "ads": {} } }, "connect_timeout": "5s", "outlier_detection": { "consecutive_5xx": 10, "consecutive_gateway_failure": 10, "base_ejection_time": "30s" } } 39

Slide 40

Slide 40 text

CODE EDITOR // Envoy Proxy Configuration (Listener) { "match": { "prefix": "/" }, "route": { "cluster": "expense.default.dc1.internal.CONSUL_FQDN", "timeout": "60s", "retry_policy": { "retry_on": "5xx", "num_retries": 5, "per_try_timeout": "10s" } } } 40

Slide 41

Slide 41 text

Slide 42

Slide 42 text

SSL Service Discovery Network Policy Load Balancing Traffic Management Observability 42

Slide 43

Slide 43 text

Tracing In 1 Slide Headline / 1 line max. Delete if slide title is 2 lines. 43 SPAN UNIT OF WORK CHILD SPAN TRACE CONTEXT PROPAGATED BY HEADERS TAGS ADDED TO SPANS

Slide 44

Slide 44 text

44 PROXY PROXY CONSUL CLIENT CONSUL CLIENT PROXY CONSUL CLIENT REPORT EXPENSE DATABASE

Slide 45

Slide 45 text

Tracing with Service Mesh The ConfusionHeadline / 1 line max. Delete if slide title is 2 lines. 45 TRACE CONTEXT PROPAGATED BY HEADERS APPLICATION NEEDS TO PROPAGATE HEADERS INSTALL LIBRARIES TO DO TRACING SERVICE MESH ADDS METADATA

Slide 46

Slide 46 text

CODE EDITOR // application.properties spring.zipkin.base-url=http://jaeger:9411/ spring.datasource.url=jdbc:mysql://$ {MYSQL_HOST:localhost}:3306/DemoExpenses? queryInterceptors=brave.mysql8.TracingQueryInterceptor& exceptionInterceptors=brave.mysql8.TracingExceptionInte rceptor&zipkinServiceName=expense 46

Slide 47

Slide 47 text

Slide 48

Slide 48 text

Slide 49

Slide 49 text

The Problem: Multi-Framework 49 DATABASE REPORT :8080 :3306 :5002 :5001 EXPENSE EXPENSE DATABASE :1433

Slide 50

Slide 50 text

AZURE KUBERNETES SERVICE DATACENTER The Larger Problem: Multi-* 50 DATABASE EXPENSE EXPENSE DATABASE REPORT UI GCP CLOUD RUN AWS EC2 (VMS) REPORT HTTP HTTP2 TCP GRPC

Slide 51

Slide 51 text

If framework has no libraries Traffic management “contract” One configuration for multi-* Eases Day 0 Operations Eases Day N Operations 51

Slide 52

Slide 52 text

SSL Service Mesh Service Discovery Service Mesh Network Policy Service Mesh Load Balancing Service Mesh Traffic Management Service Mesh Observability Service Mesh 52

Slide 53

Slide 53 text

Thank you! Rosemary Wang (she/her) Developer Advocate at HashiCorp joatmon08.github.io @joatmon08 joatmon08 linkedin.com/in/rosemarywang/ 53