Stretching the Service Mesh Beyond the Clouds

Slide 1

Slide 1 text

June 2021 | stackconf Stretching the Service Mesh Beyond the Clouds

Slide 2

Slide 2 text

We moved from datacenter to Amazon Web Services.

Slide 3

Slide 3 text

One team wants to use Microsoft Azure.

Slide 4

Slide 4 text

These applications should be refactored to use Kubernetes.

Slide 5

Slide 5 text

This application cannot run in a container.

Slide 6

Slide 6 text

Datacenter + AWS + Azure + Kubernetes + Virtual Machines = ???

Slide 7

Slide 7 text

Developer Advocate at HashiCorp she/her @joatmon08 joatmon08.github.io Rosemary Wang

Slide 8

Slide 8 text

01 Problem Multiple platforms & environments

Slide 9

Slide 9 text

DATACENTER CLOUD LOAD BALANCER MY-APPLICATION-0 MY-APPLICATION-1 MY-APPLICATION-2 MY-APPLICATION.CLOUD LOAD BALANCER MY-APPLICATION.DATACENTER MY-APPLICATION-0 MY-APPLICATION-1 MY-APPLICATION-2 MY-APPLICATION.MY-COMPANY.NET SOME INFRASTRUCTURE LAYER HERE SOME AUTOMATION HERE

Slide 10

Slide 10 text

Service Mesh An infrastructure layer to manage and abstract service-to-service communication

Slide 11

Slide 11 text

DATACENTER CONSUL SERVER (DATACENTER) PROXY PROXY UI MY-APPLICATION CLOUD PROXY MY-APPLICATION CONSUL SERVER (CLOUD)

Slide 12

Slide 12 text

More Service Mesh, More Problems? Some added complexity ▪ Yet another agent ▪ More to debug ▪ More to operate ▪ Point of failure

Slide 13

Slide 13 text

No Service Mesh, More Problems Operational responsibility for multiple clouds ▪ Minimal automation ▪ Multiple sources of truth ▪ Multiple sources of control ▪ Multiple metrics approaches

Slide 14

Slide 14 text

02 Solutions Service Mesh Deployment Topologies

Slide 15

Slide 15 text

DATACENTER CLOUD LOAD BALANCER MY-APPLICATION-0 MY-APPLICATION-1 MY-APPLICATION-2 MY-APPLICATION.CLOUD LOAD BALANCER MY-APPLICATION.DATACENTER MY-APPLICATION-0 MY-APPLICATION-1 MY-APPLICATION-2 MY-APPLICATION.MY-COMPANY.NET NETWORK AUTOMATION TO SYNCHRONIZE SERVICE MESH FOR CLOUD DIRECT CONNECT

Slide 16

Slide 16 text

Benefits Network Automation + Service Mesh ▪ In service mesh: – Control retries and error handling to non-service mesh – Progressive delivery techniques (canary, A/B testing, feature flagging) ▪ In non-service mesh: – Automated control – No change to existing applications

Slide 17

Slide 17 text

DATACENTER MY-APPLICATION-0 MY-APPLICATION-1 MY-APPLICATION-2 MY-APPLICATION.CLOUD APPLICATION LOAD BALANCER MY-APPLICATION.DATACENTER MY-APPLICATION-0 MY-APPLICATION-1 MY-APPLICATION-2 MY-APPLICATION.MY-COMPANY.NET DIRECT CONNECT CLOUD (CONSUL SERVICE MESH) 💡 Private network connectivity ❗Separate network automation ❗Multiple metrics CONSUL INGRESS GATEWAY CONSUL TERRAFORM SYNC

Slide 18

Slide 18 text

Consul Terraform Sync (CTS) DAEMON GETS EVENT SERVICE CHANGED TERRAFORM CONFIGURATION REFERENCES MODULE USE TEMPLATE TO CREATE TERRAFORM CONFIGURATION RUNS TERRAFORM TERRAFORM MODULE DOWNLOAD MODULE AND APPLY CHANGES

Slide 19

Slide 19 text

Network Automation Demo github.com/joatmon08/cloud-migration Note: • Deployed in AWS • Datacenter uses virtual machines in us-east-2 • Cloud uses Kubernetes in us-west-2 • Network automation configures an application load balancer

Slide 20

Slide 20 text

DATACENTER (SERVICE MESH) LOAD BALANCER MY-APPLICATION-0 MY-APPLICATION-1 MY-APPLICATION-2 MY-APPLICATION.CLOUD LOAD BALANCER MY-APPLICATION.DATACENTER MY-APPLICATION-0 MY-APPLICATION-1 MY-APPLICATION-2 MY-APPLICATION.MY-COMPANY.NET FEDERATION BETWEEN SERVICE MESHES CLOUD (SERVICE MESH)

Slide 21

Slide 21 text

Benefits Federated Service Mesh ▪ One place to control retries and error handling ▪ Aggregated & standardized metrics ▪ Progressive delivery across all environments & frameworks – Fully automated canary deployment – A/B testing

Slide 22

Slide 22 text

DATACENTER (CONSUL SERVICE MESH, SECONDARY) LOAD BALANCER MY-APPLICATION-0 MY-APPLICATION-1 MY-APPLICATION-2 MY-APPLICATION.CLOUD LOAD BALANCER MY-APPLICATION.DATACENTER MY-APPLICATION-0 MY-APPLICATION-1 MY-APPLICATION-2 MY-APPLICATION.MY-COMPANY.NET CONSUL MESH GATEWAY CONSUL MESH GATEWAY CLOUD (CONSUL SERVICE MESH, PRIMARY) 💡 Private/public network connectivity ❗Must retrofit service mesh

Slide 23

Slide 23 text

CONSUL SERVER (DATACENTER) PROXY PROXY UI MY-APPLICATION PROXY MY-APPLICATION CONSUL SERVER (CLOUD) PROMETHEUS USE METRICS FOR CANARY ANALYSIS CONFIGURE CONSUL SERVICE SPLITTER - 90% CONFIGURE CONSUL SERVICE SPLITTER - 10% COLLECT METRICS COLLECT METRICS

Slide 24

Slide 24 text

Federation Demo github.com/joatmon08/cloud-migration/tree/federated Note: • Deployed in AWS • Datacenter uses virtual machines in us-east-2 • Cloud uses Kubernetes in us-west-2 • Federation sets cloud as primary

Slide 25

Slide 25 text

Summary Choose your topology Network Infrastructure Automation Use what already exists. Adds layer of automation. Service Mesh Federation Abstract environment, application framework, and runtime. Adds layer of control.

Slide 26

Slide 26 text

References ▪ github.com/joatmon08/cloud-migration(/tree/federated) ▪ hashi.co/spinnaker-consul ▪ learn.hashicorp.com ▪ learn.hashicorp.com/tutorials/consul/consul-terraform-sync-intro ▪ consul.io/docs/connect Find these slides at joatmon08.github.io