Service Mesh, 좀 더 쉽게 - AWS App Mesh - 안주은 (MyMusicTaste) 마이크로서비스간 통신, 보안 및 모니터링의 이슈를 단숨에 해결해 줄 관리 서비스인 Cloud Mesh를 통해 어떻게 효과적인 MSA를 구축할 수 있을 지 알아봅니다.

1. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Service Mesh, 좀 더 쉽게
- AWS App Mesh
안주은
DevOps Engineer
MyMusicTaste
Github: @JooeunAhn

2. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Introducing AWS App Mesh
App Mesh는 매니지드 서비스 메쉬 서비스로,
마이크로서비스의 Inter-communication을
용이하게 관리할 수 있게 도와주는 서비스
입니다.

3. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Agenda
Service Mesh
What is Service Mesh?
What is Service Mesh Control Plan?
App Mesh Features
What is App Mesh?
Features
Demo

4. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Before we are talking about it...
Microservice Architecture
하나의 큰 어플리케이션을
여러 개의 작은 서비스로
쪼갠 아키텍쳐
각각의 서비스들이 약속된 Protocol로
Communication

5. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Before we are talking about it...

6. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Before we are talking about it...

7. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
What if..

8. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
What if..

9. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
What is Service Mesh?
Service Mesh
A service mesh is a dedicated infrastructure layer for handling
service-to-service communication. It’s responsible for the reliable delivery of
requests through the complex topology of services that comprise a modern,
cloud native application. In practice, the service mesh is typically
implemented as an array of lightweight network proxies that are deployed
alongside application code, without the application needing to be aware.
- Linkerd CEO William Morgan

10. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
What is Service Mesh?
Ref :
https://blog.envoyproxy.io/service-mesh-data-plane-vs-cont
rol-plane-2774e720f7fc
서비스 메쉬의 기본 컨셉.
모든 네트워크 트래픽은
Local sidecar proxy를 통해
적절한 대상으로 흐릅니다.
Service Instance는
전체 Network를 인식하지
않습니다.

11. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
The data plane
Ref :
https://blog.envoyproxy.io/service-mesh-data-plane-vs-cont
rol-plane-2774e720f7fc
Service Discovery
Health Checking
Routing
Load Balancing
Authentication and Authorization
Observability

12. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
OSS project
Wide community support, numerous integrations
Stable and production-proven
“Graduated Project” in Cloud Native Computing
Foundation
Started at Lyft in 2016
App Mesh uses Envoy proxy

13. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
How do we tell every proxy what to do?

14. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Configuring lots of proxies is hard!

15. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
What is service mesh control plane?
Ref :
https://blog.envoyproxy.io/service-mesh-data-plane-vs-cont
rol-plane-2774e720f7fc
Control plane의 목표는
Date plane에 적용될 policy를
설정 하는 것 입니다.

16. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
App Mesh configures every proxy

17. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Dynamic state changes impact proxy configuration
App
developer
Infra
operator
Reporting
Intent
App
developer
App
developer
Magic
Deployments
Scaling
Health

18. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Application observability
+ others
일관된 데이터를 통해
문제 해결 시간 단축
Prometheus, Datadog
와의 integration
Service간 network
issue를 손쉽게 탐지

19. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
AWS integrations
Service Discovery Microservices

20. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Regions
US West
Oregon (US-West-2)
Europe
Ireland (EU-West-1)
US East
N. Virginia (US-East-1)
Ohio (US-East-2)

21. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Preview v/s GA (capabilities)
Preview
API ready
For use with sample apps
not production
HTTP path based routing
Statd based logs,
metrics integrations
GA
Console
Integrations
Traffic management
AWS Cloud Map
Cross account
Amazon EC2
Post GA
TLS
Ingress

22. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Demo

23. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
App Mesh examples
Link:
https://github.com/awslabs/aws-app-mesh-examples
예제에 필요한 모든 Infrastructure는
CloudFormation을 통해 손쉽게 build 가능.
AWS ECS & AWS EKS 두가지 버전으로
제공 됩니다.

24. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
App Mesh examples
이 예제를 통해 어떻게 Traffic이
AWS App Mesh를 통해
Routing 되는지 알 수 있습니다.
이 Application은
color-gateway와
color-teller 서비스로
만들어져 있습니다.

25. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
ColorTeller
Color-teller 는 Color를 리턴하는
간단한 http service
Configuration은 환경변수로 설정
Envoy task가 sidecar 방식으로 같이 실행함.
환경변수로 여러 버전의 서비스를 만들어
각각 특정 색상을 반환하도록 구성할 예정.

26. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
ColorGateway
color-gateway는
color-teller로 부터 응답받은 color를
외부 client에게 리턴하는 간단한 http 서비스
http://colorgateway.{domain}/color
{“color”: “blue” | “green” | “red” | etc}

27. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
App Mesh examples

28. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
App Mesh examples
Mesh란 서비스들 사이의
Network traffic에 대한 logical boundary
Mesh의 구성요소는
Virtual nodes, Virtual routers, and
Routes.
Mesh는 모든 엔티티에 적용될
설정을 가지고 있습니다.
for e.g. monitoring, logging, tracing,
control-plane endpoint
for proxies to connect, etc.

29. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
App Mesh examples

30. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
App Mesh examples

31. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
App Mesh examples

32. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Virtual Node
Virtual Node
Service
Discovery
BackendsListeners
Virtual Node
Logical representation
of runtime services
Backends
이 Node가 통신할 대상의 집합
(hostnames)
Service discovery
Callers가 이 Node를 찾는 방법들
(DNS hostname or AWS Cloud Map*
namespace, serviced, and selectors)
Listeners
incoming traffic을
관리할 정책
Ed: port, Health check*,
Circuit breaker*, Retries*

33. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
App Mesh
Mesh–[myapp]
Virtual
Node A
Service
Discovery
Listener Backends
Virtual
Node B
Service
Discovery
Listener Backends
Virtual Node
Source virtual-node:
Backends 집합을 기술한 Virtual Node.
Destination virtual-node:
Listener와 Service Discovery를
기술한 Virtual Node.
Destination Virtual Node만 Route에 등록할 수
있음

34. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Virtual Node

35. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Virtual Node

36. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Virtual Node
White

37. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Virtual Node (colorgateway)
colorteller.default.svc.cluster.local

38. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Virtual Node(colorteller)

39. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Virtual Node

40. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Virtual Router
Virtual Router: B
Service
names
Service name
Names that clients will use to connect to the service
Virtual-router는 Traffic을
등록된 서비스와 연결된
Virtual Node로
Routing 합니다.

41. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Virtual Router
A B
rq.get(“b.local”)
b.local == Service Name

42. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Virtual Router

43. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Virtual Router

44. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Virtual Router
colorteller.default.svc.cluster.localcolorgateway.default.svc.cluster.local

45. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Virtual Router

46. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
App Mesh
Mesh–[myapp]
Virtual
Node A
Virtual
Node B
Virtual
Router
Routes
Route
Route: Reqs가 처리되는 방법을 정의하는
튜플
For e.g. forwarding a request to
a destination virtual-node
when the http path prefix is “/”.

47. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Route
B
rq.get(“b.local/”)
Virtual Router Virtual Node
match: “/”, target: b
b
Route

48. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Routes Destination’s virtual
router and route
Virtual router: B
HTTP routes
Match
Prefix: /
Action:
Targets
B
Route B
Virtual node
destination +
weight
Route Name: B1
Match
Action:
Route Name: B2
Other Protocol routes
하나의 Virtual-router에
여러 개의 Route가
등록될 수 있으며,
각각의 Route는
하나 이상의 Virtual
Node를 대상으로 하는
Action을 정의할 수
있습니다.

49. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Route

50. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Route
White

51. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Route colorgateway-route colorteller-route

52. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Route

53. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
App Mesh examples

54. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
App Mesh examples

55. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
App Mesh examples

56. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
App Mesh examples

57. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Update routes
Virtual router: B
HTTP route
targets:
prefix: /
B
B’
A
B
B’
Route B
Virtual node
destination + weight
Route B’
New service or service version

58. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
A
Mesh—[myapp]
Virtual
Node A
Service
Discovery
BackendListener
Virtual router
Domains
action:
match: /
B
B’
Service B
Service B’
Virtual
Node B’
Service
Discovery
Listener Backends
Virtual
Node B
Service
Discovery
Listener Backends
B
B’
Update routes

59. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Update routes

60. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
App Mesh examples

61. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Update routes

62. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Update routes
Blue: 80%
Red: 20%

63. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Virtual
Node B1
Mesh
Service A
Service B
Service C
Virtual
router
Virtual
router
A
C
D
Virtual
Node C2
Virtual
Node C1
Service D
Virtual
router
Virtual
Node D1
Virtual
Node D1
B
B’
Summary

64. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Getting started
Product overview
https://aws.amazon.com/app-mesh
Documentation
https://docs.aws.amazon.com/app-mesh/index.html
Examples
https://github.com/awslabs/aws-app-mesh-examples
Issues & Roadmap
https://github.com/awslabs/aws-app-mesh-examples/issues

65. Thank you!
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
안주은
DevOps Engineer
MyMusicTaste
Github: @JooeunAhn