Christian Posta, profile picture
Uploaded byChristian Posta
PPTX, PDF972 views

Cloud-Native Application Debugging with Envoy and Service Mesh

The document discusses cloud-native application debugging using Envoy and service mesh technologies, emphasizing the complexities introduced by microservices architectures. It explores challenges in debugging and observability, and highlights Envoy's capabilities in application networking, load balancing, and proactive debugging methods such as chaos engineering. Additionally, the document outlines tools and techniques for setting up lab environments for effective microservices debugging and testing.

Downloaded 40 times
Cloud-native Application Debugging with Envoy and Service Mesh Christian Posta Field CTO – Solo.io
2 | Copyright © 2020 CHRISTIAN POSTA Global Field CTO, Solo.io @christianposta christian@solo.io https://blog.christianposta.com https://slideshare.net/ceposta
3 | Copyright © 2020 01 02 03 04 05 06 Challenges of microservices, debugging Introduction to our lab environment Distributed tracing with a service mesh Debugging microservices Debugging in production with record and replay Proactive debugging with chaos experimentation Approximate flow of workshop
4 | Copyright © 2020 Moving to microservices?
5 | Copyright © 2020 Microservices and Kubernetes
6 | Copyright © 2020 Move fast, safely https://puppet.com/resources/whitepaper/state-of-devops-report
7 | Copyright © 2020 SERVICE MESH JOURNEY INNOVATION MODERNIZE TO MICROSERVICES SERVICE MESH MANAGEMENT ANY MESH - ANYWHERE ADAPTIVE SERVICE MESH
8 | Copyright © 2020 December 11, 2018 2018 TOP WOMEN ENTREPRENEURS IN CLOUD INNOVATION Seventh Annual Award Honors Women Founders for Outstanding Accomplishments in Cloud and Emerging Technologies, Sponsored by Facebook, Intel, and Google. Award Winning Innovation Key Industry Collaborations
9 | Copyright © 20209 | Copyright © 2020 The problem
10 | Copyright © 2020 As we move to services architectures, on cloud-native deployment platforms, we increase the complexity between our services.
11 | Copyright © 2020 Cloud application networking challenges • Service discovery • Retries • Timeouts • Load balancing • Rate limiting • Thread bulk heading • Circuit breaking
12 | Copyright © 2020 Cloud application networking challenges • Edge/DMZ routing • Surgical / fine / per-request routing • A/B rollout • Traffic shaping • Request racing • Internal releases / dark launches • Request shadowing • Fault injection
13 | Copyright © 2020 Cloud application networking challenges • Adaptive, zone-aware routing • Deadlines • Health checking • Stats, metric, collection • Logging • Distributed tracing • Security
14 | Copyright © 2020 How do we begin to understand what’s happening so we can debug?
15 | Copyright © 2020 How we typically like to solve this problem:
16 | Copyright © 202016 | Copyright © 2020 Decentralized, language-independent observability in the network Foundational technology to help solve these challenges in a cloud-native application architecture
17 | Copyright © 2020 Envoy is to Application Networking what Kubernetes is to Container Deployment http://envoyproxy.io
18 | Copyright © 2020 Envoy implements: • zone aware, least request load balancing • circuit breaking • outlier detection • retries, retry policies • timeout (including budgets) • traffic shadowing • request racing • rate limiting • access logging, statistics collection • Many other features!
19 | Copyright © 2020 Envoy to do application networking heavy lifting
20 | Copyright © 2020 Why Envoy? • C++ • Built ground-up for services environment • Large, diverse, vibrant community • Dynamic configuration model • Highly extensible (in C++  we’ll come back to this) • Many out of the box L7 filters (HTTP, HTTP2, grpc, redis, mysql, DynamoDB, thrift, zookeeper, kafka, et. al.) • Incredible trove of telemetry, tracing out of the box • Very versatile deployment options (as we’ll see)
21 | Copyright © 2020 Versatility of Envoy: Edge proxy
22 | Copyright © 2020 Versatility of Envoy: Middle proxy
23 | Copyright © 2020 Versatility of Envoy: Service proxy
24 | Copyright © 2020 Control plane for managing mesh of service proxies
25 | Copyright © 2020 Service proxy lives with application instance
26 | Copyright © 2020 Service mesh technologies provide the following: • Service discovery / Load balancing • Secure service-to-service communication • Traffic control / shaping / shifting • Policy / Intention based access control • Traffic metric collection • Service resilience • API / programmable interface
27 | Copyright © 2020 These application-networking technologies provide a nice API for programming our network
28 | Copyright © 202028 | Copyright © 2020 Setting up the lab environment
29 | Copyright © 2020 http://bit.ly/debug-microservices
30 | Copyright © 2020 http://bit.ly/debug-microservices
31 | Copyright © 2020 http://bit.ly/debug-microservices
32 | Copyright © 2020 Consul Service Mesh
33 | Copyright © 2020 Consul Service Mesh connect = { proxy = { config = { upstreams = [ { destination_name = "mysql", local_bind_port = 8001 } ] } } }
34 | Copyright © 2020 Consul Service Mesh
35 | Copyright © 202035 | Copyright © 2020 Tracing with a service mesh
36 | Copyright © 2020 @christianposta DB S3 DEBUGGING IN PRODUCTION CLUSTER POD 1 POD 2 POD 3 POD 4
37 | Copyright © 2020 @christianposta DB S3 P P P P DEBUGGING IN PRODUCTION CLUSTER POD 1 POD 2 POD 3 POD 4
38 | Copyright © 202038 | Copyright © 2020 Lab: Distributed Tracing
39 | Copyright © 202039 | Copyright © 2020 Debugging
40 | Copyright © 2020 THE PROBLEM
41 | Copyright © 2020 THE PROBLEM A MONOLITHIC APPLICATION CONSISTS OF A SINGLE PROCESS AN ATTACHED DEBUGGER ALLOWS VIEWING THE COMPLETE STATE OF THE APPLICATION DURING RUNTIME A MICROSERVICES APPLICATION CONSISTS OF POTENTIALLY HUNDREDS OF PROCESSES IS IT POSSIBLE TO GET A COMPLETE VIEW OF THE STATE OF A SUCH APPLICATION?!
42 | Copyright © 202042 | Copyright © 2020 Demo: multi-language, distributed debugging with Squash
43 | Copyright © 2020 SQUASH DEFAULT MODE SECURE MODE
44 | Copyright © 2020 SQUASH DEFAULT MODE Node Namespace: ns-a Namespace: squash s-dlvc1
45 | Copyright © 2020 -> ls -l /proc/self/ns total 0 lrwxrwxrwx 1 idit idit 0 Dec 7 01:14 cgroup -> cgroup:[4026531835] lrwxrwxrwx 1 idit idit 0 Dec 7 01:14 ipc -> ipc:[4026531839] lrwxrwxrwx 1 idit idit 0 Dec 7 01:14 mnt -> mnt:[4026531840] lrwxrwxrwx 1 idit idit 0 Dec 7 01:14 net -> net:[4026532009] lrwxrwxrwx 1 idit idit 0 Dec 7 01:14 pid -> pid:[4026531836] lrwxrwxrwx 1 idit idit 0 Dec 7 01:14 pid_for_children -> pid:[4026531836] lrwxrwxrwx 1 idit idit 0 Dec 7 01:14 user -> user:[4026531837] lrwxrwxrwx 1 idit idit 0 Dec 7 01:14 uts -> uts:[4026531838] -> inod of mnt namespace (unique identifier to the container namespace) via CRI api call ExecSyncRequest Node Namespace: ns-a s-dlv CRI c1 We need to translate the pid of the process (application that run in the container) to the host pid namespace to allow debugger to attach. Namespace: Squash
46 | Copyright © 2020 SQUASH SECURE MODE Node Namespace: ns-a Namespace: squash s-dlvc1 CRD Intent squash
47 | Copyright © 2020 DOCS: HTTPS://SQUASH.SOLO.IO GITHUB: HTTPS://GITHUB.COM/SOLO-IO/ SQUASH COMMUNITY: HTTPS://SLACK.SOLO.IO
48 | Copyright © 202048 | Copyright © 2020 Break: 3:00p – 3:30p When we come back: Debugging microservices lab NOTE: Make sure to charge your devices!
49 | Copyright © 202049 | Copyright © 2020 Lab: Squash
50 | Copyright © 202050 | Copyright © 2020 Debugging in production
51 | Copyright © 2020 @christianposta DB S3 DEBUGGING IN PRODUCTION CLUSTER POD 1 POD 2 > ONLY HEADER WILL BE SENT > SAMPLING POD 3 POD 4
52 | Copyright © 2020 @christianposta DB S3 P P P P DEBUGGING IN PRODUCTION CLUSTER POD 1 POD 2 POD 3 POD 4 > ONLY HEADER WILL BE SENT > SAMPLING
53 | Copyright © 2020 @christianposta DB S3 P P P P DEBUGGING IN PRODUCTION CLUSTER
54 | Copyright © 2020 @christianposta DB S3 P P P P DEBUGGING IN PRODUCTION CLUSTER
55 | Copyright © 2020 @christianposta DEBUGGING IN PRODUCTION ++
56 | Copyright © 202056 | Copyright © 2020 Getting traffic into your mesh Workflow-specific APIs for Envoy Proxy
57 | Copyright © 2020 Versatility of Envoy: Edge proxy
58 | Copyright © 2020 Envoy needs a control plane.
59 | Copyright © 2020 API Gateway built on Envoy https://github.com/solo-io/gloo
60 | Copyright © 2020 Gloo Data Plane and Control Plane EXTERNAL AUTH RATE LIMITING GLOO FILTERS ROUTER UPSTREAM EXTERNAL AUTH SERVER RATE LIMITING SERVER CACHING DATA LOSS PREVENTION LAMBDA NATS.IO TRANSFORMATION WEB APPLICATION FIREWALL (WAF)
61 | Copyright © 2020 API Gateway built on Envoy ENVIRONMENT SECRET CONFIGURATION Data Plane Upstream gRPC-JSON transcoder Rate limiting External AUTH … Control Plane Configure and manage envoy’s plugins Router
62 | Copyright © 2020 Gloo API Gateway • Unify backend APIs running in Kubernetes, VMs, Physical, FaaS, etc • Decentralized configuration: allow service teams to move fast • Declarative configuration • Provides a control plane for Envoy • Security (Oauth/ODIC, API Key, TLS, SNI, OPA, HMAC, custom) • Kubernetes native / run outside Kube as well • Highly pluggable/extensible • “If you know Kubernetes, you know Gloo”  user quote
63 | Copyright © 202063 | Copyright © 2020 Lab: Using Loop with Gloo
64 | Copyright © 2020 DOCS: COMING REAL SOON … GITHUB: COMING REAL SOON … COMMUNITY: HTTPS://SLACK.SOLO.IO
65 | Copyright © 202065 | Copyright © 2020 Demo: Loop with service mesh
66 | Copyright © 202066 | Copyright © 2020 Proactive debugging
67 | Copyright © 2020 @christianposta CHAOS ENGINEERING THINK OF A VACCINE OR A FLU SHOT INJECT YOURSELF WITH SOMETHING HARMFUL IN ORDER TO PREVENT A FUTURE ISSUE. CAREFULLY INJECTING THIS HARM INTO YOUR SYSTEMS TO TEST THE SYSTEM’S ABILITY TO RESPOND TO IT. “BREAK THINGS ON PURPOSE" IN ORDER TO LEARN HOW TO BUILD MORE RESILIENT SYSTEMS.
68 | Copyright © 2020 PROBLEMS WITH CHAOS ENGINEERING TODAY? LANGUAGE SPECIFIC CODE MODIFICATION 1 2
69 | Copyright © 2020 @christianposta NETWORK ABSTRACTION EAST-WEST TRAFFIC NORTH-SOUTH TRAFFIC SERVICE I SERVICE II SERVICE III SERVICE IV SERVICE V
70 | Copyright © 2020 @christianposta CONTROL EXPERIMENT ⍄ DEFINE EXPERIMENTS (SET OF: MESSAGE DELAYS, NETWORK FAULTS) ⍄ RUN EVERY INTERVAL (E.G. EVERY FRIDAY AT 9PM) ⍄ GATHERED METRICS – COMPARE BASELINE ⍄ STOP EXPERIMENT IF CONDITION REACHED
71 | Copyright © 2020 @christianposta GLOOSHOT GLOOSHOT ALLOWS YOU TO PERFORM CHAOS EXPERIMENTS AT THE SERVICE MESH LEVEL. DEFINE ERROR CONDITIONS IN TERMS OF SUCH FAILURE MODES: ⍄ MESSAGE DELAYS ⍄ NETWORK FAULTS. RUN EXPERIMENTS UNTIL A STOP CONDITION IS MET. GLOOSHOT INTERFACES WITH ALL MAJOR SERVICE MESHES THROUGH SERVICE MESH INTERFACE (SMI).
72 | Copyright © 202072 | Copyright © 2020 Demo: Glooshot
73 | Copyright © 2020 DOCS: HTTPS://GLOOSHOT.SOLO.IO GITHUB: HTTPS://GITHUB.COM/SOLO-IO/GLOOSHOT COMMUNITY: HTTPS://SLACK.SOLO.IO
74 | Copyright © 202074 | Copyright © 2020 What to watch for Upcoming improvements for which to keep an eye out
75 | Copyright © 2020 Web Assembly shaking up the data plane
76 | Copyright © 2020 Web Assembly shaking up the data plane https://github.com/envoyproxy/envoy-wasm
77 | Copyright © 2020 Web Assembly shaking up the data plane https://webassemblyhub.io
78 | Copyright © 2020 @christianposta THANK YOU FOR COMING OUT! @christianposta christian@solo.io https://blog.christianposta.com https://slideshare.net/ceposta
79 | Copyright © 2020 • https://solo.io • https://slack.solo.io • https://gloo.solo.io • https://envoyproxy.io • https://istio.io • https://webassemblyhub.io • https://servicemeshhub.io • https://blog.christianposta.com

More Related Content

PPTX
Chaos Debugging for Microservices
byChristian Posta
 
PPTX
Role of edge gateways in relation to service mesh adoption
byChristian Posta
 
PPTX
Kubernetes Ingress to Service Mesh (and beyond!)
byChristian Posta
 
PPT
Multi-cluster service mesh with GlooMesh
byChristian Posta
 
PPTX
The Truth About the Service Mesh Data Plane
byChristian Posta
 
PPTX
Leveraging Envoy Proxy and GraphQL to Lower the Risk of Monolith to Microserv...
byChristian Posta
 
PPTX
Deep Dive: Building external auth plugins for Gloo Enterprise
byChristian Posta
 
PPTX
Service-mesh options with Linkerd, Consul, Istio and AWS AppMesh
byChristian Posta
 
Chaos Debugging for Microservices
byChristian Posta
 
Role of edge gateways in relation to service mesh adoption
byChristian Posta
 
Kubernetes Ingress to Service Mesh (and beyond!)
byChristian Posta
 
Multi-cluster service mesh with GlooMesh
byChristian Posta
 
The Truth About the Service Mesh Data Plane
byChristian Posta
 
Leveraging Envoy Proxy and GraphQL to Lower the Risk of Monolith to Microserv...
byChristian Posta
 
Deep Dive: Building external auth plugins for Gloo Enterprise
byChristian Posta
 
Service-mesh options with Linkerd, Consul, Istio and AWS AppMesh
byChristian Posta
 

What's hot

PPTX
API World: The service-mesh landscape
byChristian Posta
 
PPTX
Multicluster Kubernetes and Service Mesh Patterns
byChristian Posta
 
PDF
Layer 7 Observability and Centralized Configuration with Consul Service Mesh
byMitchell Pronschinske
 
PDF
Open Source Networking Days- Service Mesh
byCloudOps2005
 
PPTX
Navigating the service mesh landscape with Istio, Consul Connect, and Linkerd
byChristian Posta
 
PDF
20190727 HashiCorp Consul Workshop: 管管你們家 config 啦
byJiun-Yi Chen
 
PPTX
PHX DevOps Days: Service Mesh Landscape
byChristian Posta
 
PPTX
microXchg 2018: "What is a Service Mesh? Do I Need One When Developing 'Cloud...
byDaniel Bryant
 
PPTX
Intro Istio and what's new Istio 1.1
byChristian Posta
 
PDF
Consul: Service Mesh for Microservices
byArmonDadgar
 
PPTX
Istio a service mesh
byChandresh Pancholi
 
PDF
Introduction to Istio on Kubernetes
byJonh Wendell
 
PDF
Istio service mesh: past, present, future (TLV meetup)
byelevran
 
PPTX
CloudNativeLondon 2017: "What is a Service Mesh, and Do I Need One when Devel...
byDaniel Bryant
 
PPTX
O'Reilly 2017: "Introduction to Service Meshes"
byDaniel Bryant
 
PDF
Running Consul on Kubernetes and Beyond
byMitchell Pronschinske
 
PDF
The Service Mesh: It's about Traffic
byC4Media
 
PPTX
Istio - A Service Mesh for Microservices as Scale
byRam Vennam
 
PPTX
Api service mesh and microservice tooling
byRed Hat
 
PPTX
Microservices on kubernetes
byChandresh Pancholi
 
API World: The service-mesh landscape
byChristian Posta
 
Multicluster Kubernetes and Service Mesh Patterns
byChristian Posta
 
Layer 7 Observability and Centralized Configuration with Consul Service Mesh
byMitchell Pronschinske
 
Open Source Networking Days- Service Mesh
byCloudOps2005
 
Navigating the service mesh landscape with Istio, Consul Connect, and Linkerd
byChristian Posta
 
20190727 HashiCorp Consul Workshop: 管管你們家 config 啦
byJiun-Yi Chen
 
PHX DevOps Days: Service Mesh Landscape
byChristian Posta
 
microXchg 2018: "What is a Service Mesh? Do I Need One When Developing 'Cloud...
byDaniel Bryant
 
Intro Istio and what's new Istio 1.1
byChristian Posta
 
Consul: Service Mesh for Microservices
byArmonDadgar
 
Istio a service mesh
byChandresh Pancholi
 
Introduction to Istio on Kubernetes
byJonh Wendell
 
Istio service mesh: past, present, future (TLV meetup)
byelevran
 
CloudNativeLondon 2017: "What is a Service Mesh, and Do I Need One when Devel...
byDaniel Bryant
 
O'Reilly 2017: "Introduction to Service Meshes"
byDaniel Bryant
 
Running Consul on Kubernetes and Beyond
byMitchell Pronschinske
 
The Service Mesh: It's about Traffic
byC4Media
 
Istio - A Service Mesh for Microservices as Scale
byRam Vennam
 
Api service mesh and microservice tooling
byRed Hat
 
Microservices on kubernetes
byChandresh Pancholi
 

Similar to Cloud-Native Application Debugging with Envoy and Service Mesh

PPTX
Debugging Microservices - QCON 2017
byIdit Levine
 
PPTX
The Hardest Part of Microservices: Calling Your Services
byChristian Posta
 
PPTX
Service Mesh in the Real World [Raleigh NC Meetup]
bySolo.io
 
PPTX
Chaos engineering in the cloud
byYuval Birenboum
 
PDF
Role of Integration and Service Mesh in Cloud Native Architecture KubeCon 2108
byBallerina
 
PDF
Docker microservices and the service mesh
byDocker, Inc.
 
PDF
Paasta: Application Delivery at Yelp
byC4Media
 
PPTX
Atlanta Microservices Day: Istio Service Mesh
byChristian Posta
 
PPTX
Docker, Microservices, and the Service Mesh
byTony Pujals
 
PPTX
Evolution of integration and microservices patterns with service mesh
byChristian Posta
 
PDF
Service mesh in Microservice World to Manage end to end service communications
bySatya Syam
 
PPTX
Kubernetes And Istio and Azure AKS DevOps
byOfir Makmal
 
PPTX
Microservices and Integration: what's next with Istio service mesh
byChristian Posta
 
PPTX
Sanger, upcoming Openstack for Bio-informaticians
byPeter Clapham
 
PPTX
Flexible compute
byPeter Clapham
 
PDF
Dipping Your Toes Into Cloud Native Application Development
byMatthew Farina
 
PDF
What is a Service Mesh and what can it do for your Microservices
byMatt Turner
 
PDF
[WSO2Con Asia 2018] Architecting for Container-native Environments
byWSO2
 
PPTX
JAX London 2019 "Cloud Native Communication: Using an API Gateway and Service...
byDaniel Bryant
 
PPTX
Bring Service Mesh To Cloud Native-apps
byThang Chung
 
Debugging Microservices - QCON 2017
byIdit Levine
 
The Hardest Part of Microservices: Calling Your Services
byChristian Posta
 
Service Mesh in the Real World [Raleigh NC Meetup]
bySolo.io
 
Chaos engineering in the cloud
byYuval Birenboum
 
Role of Integration and Service Mesh in Cloud Native Architecture KubeCon 2108
byBallerina
 
Docker microservices and the service mesh
byDocker, Inc.
 
Paasta: Application Delivery at Yelp
byC4Media
 
Atlanta Microservices Day: Istio Service Mesh
byChristian Posta
 
Docker, Microservices, and the Service Mesh
byTony Pujals
 
Evolution of integration and microservices patterns with service mesh
byChristian Posta
 
Service mesh in Microservice World to Manage end to end service communications
bySatya Syam
 
Kubernetes And Istio and Azure AKS DevOps
byOfir Makmal
 
Microservices and Integration: what's next with Istio service mesh
byChristian Posta
 
Sanger, upcoming Openstack for Bio-informaticians
byPeter Clapham
 
Flexible compute
byPeter Clapham
 
Dipping Your Toes Into Cloud Native Application Development
byMatthew Farina
 
What is a Service Mesh and what can it do for your Microservices
byMatt Turner
 
[WSO2Con Asia 2018] Architecting for Container-native Environments
byWSO2
 
JAX London 2019 "Cloud Native Communication: Using an API Gateway and Service...
byDaniel Bryant
 
Bring Service Mesh To Cloud Native-apps
byThang Chung
 

More from Christian Posta

PDF
What Istio Got Wrong: Learnings from the last seven years of service mesh
byChristian Posta
 
PDF
Move Auth, Policy, and Resilience to the Platform
byChristian Posta
 
PDF
Comparing Sidecar-less Service Mesh from Cilium and Istio
byChristian Posta
 
PDF
Understanding Wireguard, TLS and Workload Identity
byChristian Posta
 
PDF
Compliance and Zero Trust Ambient Mesh
byChristian Posta
 
PDF
Cilium + Istio with Gloo Mesh
byChristian Posta
 
PPTX
API Gateways are going through an identity crisis
byChristian Posta
 
PPTX
KubeCon NA 2018: Evolution of Integration and Microservices with Service Mesh...
byChristian Posta
 
PPTX
Intro to Knative
byChristian Posta
 
PPTX
Making sense of microservices, service mesh, and serverless
byChristian Posta
 
PPTX
Come for the traffic management, stay for the security
byChristian Posta
 
PPTX
A microservices journey - Round 2
byChristian Posta
 
PDF
An eventful tour from enterprise integration to serverless and functions
byChristian Posta
 
PDF
Lowering the risk of monolith to microservices
byChristian Posta
 
PDF
Istio: solving challenges of hybrid cloud
byChristian Posta
 
What Istio Got Wrong: Learnings from the last seven years of service mesh
byChristian Posta
 
Move Auth, Policy, and Resilience to the Platform
byChristian Posta
 
Comparing Sidecar-less Service Mesh from Cilium and Istio
byChristian Posta
 
Understanding Wireguard, TLS and Workload Identity
byChristian Posta
 
Compliance and Zero Trust Ambient Mesh
byChristian Posta
 
Cilium + Istio with Gloo Mesh
byChristian Posta
 
API Gateways are going through an identity crisis
byChristian Posta
 
KubeCon NA 2018: Evolution of Integration and Microservices with Service Mesh...
byChristian Posta
 
Intro to Knative
byChristian Posta
 
Making sense of microservices, service mesh, and serverless
byChristian Posta
 
Come for the traffic management, stay for the security
byChristian Posta
 
A microservices journey - Round 2
byChristian Posta
 
An eventful tour from enterprise integration to serverless and functions
byChristian Posta
 
Lowering the risk of monolith to microservices
byChristian Posta
 
Istio: solving challenges of hybrid cloud
byChristian Posta
 

Recently uploaded

PDF
Session 7 Specialized AI Associate Series: UiPath Communications Mining Overview
byDianaGray10
 
PDF
Generalizable Image Repair for Robust Visual Control
byIvan Ruchkin
 
PDF
Top 11 Sites to Buy Verified GitHub Accounts in 2025
byBuy GitHub Accounts Looking for a verified GitHub account?
 
PDF
Poster: Generalizable Image Repair for Robust Visual Control
byIvan Ruchkin
 
PPTX
Introduction to WordPress Workshop - WCEH 2025
byShanta Nathwani
 
PDF
Airtable Building Semantic Search with Milvus
byZilliz
 
PDF
G.O.RT.No. 1173_LRS Extension of time limit
byRAGHU RAM
 
DOCX
Formula 2 - APIC HBEL general calculation.docx
byMarkus Janssen
 
PDF
Energia Nowa and byteLAKE Partner to Develop Intelligent Services for Energy ...
bybyteLAKE
 
PPTX
Enterprise Architecture for Microsoft 365: From Vision to Value
bySimon Denton
 
PDF
Top Features of Effective Executive BI Dashboards for Business Success.pdf
bybullseye enagegement
 
PPTX
ScalaF: Functional Refactoring and Automated Code Transformations
byhelloshrikha
 
PDF
RaBitQ, JSON Index, Schema Evolution, What's New in Milvus 2.6
byZilliz
 
PDF
The Invisible Threads: How 'Connection' Builds the Smartest Organizations. By...
byTheta Prime Institute, Cheyenne, Wyoming, USA.
 
PPTX
Flutter for Beginners widgets types.pptx
byKongu Engineering College, Perundurai, Erode
 
PPTX
Strategic Briefing - Supply-Chain and Autonomous AI Convergence - October-18-...
bySergio De Gregorio
 
PPTX
xCapture v3: Efficient, Always-On Thread Level Observability with eBPF by Tan...
byScyllaDB
 
PDF
🚀 Agentic Automation in Action 1/3 – From RPA to Agentic Automation (Arabic S...
byanabulhac
 
DOCX
Formula 1 - APIC general MACO calculation.docx
byMarkus Janssen
 
PDF
AWS Community Day Indonesia 2025 - Attack the Cloud Before Attackers Do Build...
byMuhammad Yuga Nugraha
 
Session 7 Specialized AI Associate Series: UiPath Communications Mining Overview
byDianaGray10
 
Generalizable Image Repair for Robust Visual Control
byIvan Ruchkin
 
Top 11 Sites to Buy Verified GitHub Accounts in 2025
byBuy GitHub Accounts Looking for a verified GitHub account?
 
Poster: Generalizable Image Repair for Robust Visual Control
byIvan Ruchkin
 
Introduction to WordPress Workshop - WCEH 2025
byShanta Nathwani
 
Airtable Building Semantic Search with Milvus
byZilliz
 
G.O.RT.No. 1173_LRS Extension of time limit
byRAGHU RAM
 
Formula 2 - APIC HBEL general calculation.docx
byMarkus Janssen
 
Energia Nowa and byteLAKE Partner to Develop Intelligent Services for Energy ...
bybyteLAKE
 
Enterprise Architecture for Microsoft 365: From Vision to Value
bySimon Denton
 
Top Features of Effective Executive BI Dashboards for Business Success.pdf
bybullseye enagegement
 
ScalaF: Functional Refactoring and Automated Code Transformations
byhelloshrikha
 
RaBitQ, JSON Index, Schema Evolution, What's New in Milvus 2.6
byZilliz
 
The Invisible Threads: How 'Connection' Builds the Smartest Organizations. By...
byTheta Prime Institute, Cheyenne, Wyoming, USA.
 
Flutter for Beginners widgets types.pptx
byKongu Engineering College, Perundurai, Erode
 
Strategic Briefing - Supply-Chain and Autonomous AI Convergence - October-18-...
bySergio De Gregorio
 
xCapture v3: Efficient, Always-On Thread Level Observability with eBPF by Tan...
byScyllaDB
 
🚀 Agentic Automation in Action 1/3 – From RPA to Agentic Automation (Arabic S...
byanabulhac
 
Formula 1 - APIC general MACO calculation.docx
byMarkus Janssen
 
AWS Community Day Indonesia 2025 - Attack the Cloud Before Attackers Do Build...
byMuhammad Yuga Nugraha
 

Cloud-Native Application Debugging with Envoy and Service Mesh

  • 1.
    Cloud-native Application Debugging withEnvoy and Service Mesh Christian Posta Field CTO – Solo.io
  • 2.
    2 | Copyright© 2020 CHRISTIAN POSTA Global Field CTO, Solo.io @christianposta christian@solo.io https://blog.christianposta.com https://slideshare.net/ceposta
  • 3.
    3 | Copyright© 2020 01 02 03 04 05 06 Challenges of microservices, debugging Introduction to our lab environment Distributed tracing with a service mesh Debugging microservices Debugging in production with record and replay Proactive debugging with chaos experimentation Approximate flow of workshop
  • 4.
    4 | Copyright© 2020 Moving to microservices?
  • 5.
    5 | Copyright© 2020 Microservices and Kubernetes
  • 6.
    6 | Copyright© 2020 Move fast, safely https://puppet.com/resources/whitepaper/state-of-devops-report
  • 7.
    7 | Copyright© 2020 SERVICE MESH JOURNEY INNOVATION MODERNIZE TO MICROSERVICES SERVICE MESH MANAGEMENT ANY MESH - ANYWHERE ADAPTIVE SERVICE MESH
  • 8.
    8 | Copyright© 2020 December 11, 2018 2018 TOP WOMEN ENTREPRENEURS IN CLOUD INNOVATION Seventh Annual Award Honors Women Founders for Outstanding Accomplishments in Cloud and Emerging Technologies, Sponsored by Facebook, Intel, and Google. Award Winning Innovation Key Industry Collaborations
  • 9.
    9 | Copyright© 20209 | Copyright © 2020 The problem
  • 10.
    10 | Copyright© 2020 As we move to services architectures, on cloud-native deployment platforms, we increase the complexity between our services.
  • 11.
    11 | Copyright© 2020 Cloud application networking challenges • Service discovery • Retries • Timeouts • Load balancing • Rate limiting • Thread bulk heading • Circuit breaking
  • 12.
    12 | Copyright© 2020 Cloud application networking challenges • Edge/DMZ routing • Surgical / fine / per-request routing • A/B rollout • Traffic shaping • Request racing • Internal releases / dark launches • Request shadowing • Fault injection
  • 13.
    13 | Copyright© 2020 Cloud application networking challenges • Adaptive, zone-aware routing • Deadlines • Health checking • Stats, metric, collection • Logging • Distributed tracing • Security
  • 14.
    14 | Copyright© 2020 How do we begin to understand what’s happening so we can debug?
  • 15.
    15 | Copyright© 2020 How we typically like to solve this problem:
  • 16.
    16 | Copyright© 202016 | Copyright © 2020 Decentralized, language-independent observability in the network Foundational technology to help solve these challenges in a cloud-native application architecture
  • 17.
    17 | Copyright© 2020 Envoy is to Application Networking what Kubernetes is to Container Deployment http://envoyproxy.io
  • 18.
    18 | Copyright© 2020 Envoy implements: • zone aware, least request load balancing • circuit breaking • outlier detection • retries, retry policies • timeout (including budgets) • traffic shadowing • request racing • rate limiting • access logging, statistics collection • Many other features!
  • 19.
    19 | Copyright© 2020 Envoy to do application networking heavy lifting
  • 20.
    20 | Copyright© 2020 Why Envoy? • C++ • Built ground-up for services environment • Large, diverse, vibrant community • Dynamic configuration model • Highly extensible (in C++  we’ll come back to this) • Many out of the box L7 filters (HTTP, HTTP2, grpc, redis, mysql, DynamoDB, thrift, zookeeper, kafka, et. al.) • Incredible trove of telemetry, tracing out of the box • Very versatile deployment options (as we’ll see)
  • 21.
    21 | Copyright© 2020 Versatility of Envoy: Edge proxy
  • 22.
    22 | Copyright© 2020 Versatility of Envoy: Middle proxy
  • 23.
    23 | Copyright© 2020 Versatility of Envoy: Service proxy
  • 24.
    24 | Copyright© 2020 Control plane for managing mesh of service proxies
  • 25.
    25 | Copyright© 2020 Service proxy lives with application instance
  • 26.
    26 | Copyright© 2020 Service mesh technologies provide the following: • Service discovery / Load balancing • Secure service-to-service communication • Traffic control / shaping / shifting • Policy / Intention based access control • Traffic metric collection • Service resilience • API / programmable interface
  • 27.
    27 | Copyright© 2020 These application-networking technologies provide a nice API for programming our network
  • 28.
    28 | Copyright© 202028 | Copyright © 2020 Setting up the lab environment
  • 29.
    29 | Copyright© 2020 http://bit.ly/debug-microservices
  • 30.
    30 | Copyright© 2020 http://bit.ly/debug-microservices
  • 31.
    31 | Copyright© 2020 http://bit.ly/debug-microservices
  • 32.
    32 | Copyright© 2020 Consul Service Mesh
  • 33.
    33 | Copyright© 2020 Consul Service Mesh connect = { proxy = { config = { upstreams = [ { destination_name = "mysql", local_bind_port = 8001 } ] } } }
  • 34.
    34 | Copyright© 2020 Consul Service Mesh
  • 35.
    35 | Copyright© 202035 | Copyright © 2020 Tracing with a service mesh
  • 36.
    36 | Copyright© 2020 @christianposta DB S3 DEBUGGING IN PRODUCTION CLUSTER POD 1 POD 2 POD 3 POD 4
  • 37.
    37 | Copyright© 2020 @christianposta DB S3 P P P P DEBUGGING IN PRODUCTION CLUSTER POD 1 POD 2 POD 3 POD 4
  • 38.
    38 | Copyright© 202038 | Copyright © 2020 Lab: Distributed Tracing
  • 39.
    39 | Copyright© 202039 | Copyright © 2020 Debugging
  • 40.
    40 | Copyright© 2020 THE PROBLEM
  • 41.
    41 | Copyright© 2020 THE PROBLEM A MONOLITHIC APPLICATION CONSISTS OF A SINGLE PROCESS AN ATTACHED DEBUGGER ALLOWS VIEWING THE COMPLETE STATE OF THE APPLICATION DURING RUNTIME A MICROSERVICES APPLICATION CONSISTS OF POTENTIALLY HUNDREDS OF PROCESSES IS IT POSSIBLE TO GET A COMPLETE VIEW OF THE STATE OF A SUCH APPLICATION?!
  • 42.
    42 | Copyright© 202042 | Copyright © 2020 Demo: multi-language, distributed debugging with Squash
  • 43.
    43 | Copyright© 2020 SQUASH DEFAULT MODE SECURE MODE
  • 44.
    44 | Copyright© 2020 SQUASH DEFAULT MODE Node Namespace: ns-a Namespace: squash s-dlvc1
  • 45.
    45 | Copyright© 2020 -> ls -l /proc/self/ns total 0 lrwxrwxrwx 1 idit idit 0 Dec 7 01:14 cgroup -> cgroup:[4026531835] lrwxrwxrwx 1 idit idit 0 Dec 7 01:14 ipc -> ipc:[4026531839] lrwxrwxrwx 1 idit idit 0 Dec 7 01:14 mnt -> mnt:[4026531840] lrwxrwxrwx 1 idit idit 0 Dec 7 01:14 net -> net:[4026532009] lrwxrwxrwx 1 idit idit 0 Dec 7 01:14 pid -> pid:[4026531836] lrwxrwxrwx 1 idit idit 0 Dec 7 01:14 pid_for_children -> pid:[4026531836] lrwxrwxrwx 1 idit idit 0 Dec 7 01:14 user -> user:[4026531837] lrwxrwxrwx 1 idit idit 0 Dec 7 01:14 uts -> uts:[4026531838] -> inod of mnt namespace (unique identifier to the container namespace) via CRI api call ExecSyncRequest Node Namespace: ns-a s-dlv CRI c1 We need to translate the pid of the process (application that run in the container) to the host pid namespace to allow debugger to attach. Namespace: Squash
  • 46.
    46 | Copyright© 2020 SQUASH SECURE MODE Node Namespace: ns-a Namespace: squash s-dlvc1 CRD Intent squash
  • 47.
    47 | Copyright© 2020 DOCS: HTTPS://SQUASH.SOLO.IO GITHUB: HTTPS://GITHUB.COM/SOLO-IO/ SQUASH COMMUNITY: HTTPS://SLACK.SOLO.IO
  • 48.
    48 | Copyright© 202048 | Copyright © 2020 Break: 3:00p – 3:30p When we come back: Debugging microservices lab NOTE: Make sure to charge your devices!
  • 49.
    49 | Copyright© 202049 | Copyright © 2020 Lab: Squash
  • 50.
    50 | Copyright© 202050 | Copyright © 2020 Debugging in production
  • 51.
    51 | Copyright© 2020 @christianposta DB S3 DEBUGGING IN PRODUCTION CLUSTER POD 1 POD 2 > ONLY HEADER WILL BE SENT > SAMPLING POD 3 POD 4
  • 52.
    52 | Copyright© 2020 @christianposta DB S3 P P P P DEBUGGING IN PRODUCTION CLUSTER POD 1 POD 2 POD 3 POD 4 > ONLY HEADER WILL BE SENT > SAMPLING
  • 53.
    53 | Copyright© 2020 @christianposta DB S3 P P P P DEBUGGING IN PRODUCTION CLUSTER
  • 54.
    54 | Copyright© 2020 @christianposta DB S3 P P P P DEBUGGING IN PRODUCTION CLUSTER
  • 55.
    55 | Copyright© 2020 @christianposta DEBUGGING IN PRODUCTION ++
  • 56.
    56 | Copyright© 202056 | Copyright © 2020 Getting traffic into your mesh Workflow-specific APIs for Envoy Proxy
  • 57.
    57 | Copyright© 2020 Versatility of Envoy: Edge proxy
  • 58.
    58 | Copyright© 2020 Envoy needs a control plane.
  • 59.
    59 | Copyright© 2020 API Gateway built on Envoy https://github.com/solo-io/gloo
  • 60.
    60 | Copyright© 2020 Gloo Data Plane and Control Plane EXTERNAL AUTH RATE LIMITING GLOO FILTERS ROUTER UPSTREAM EXTERNAL AUTH SERVER RATE LIMITING SERVER CACHING DATA LOSS PREVENTION LAMBDA NATS.IO TRANSFORMATION WEB APPLICATION FIREWALL (WAF)
  • 61.
    61 | Copyright© 2020 API Gateway built on Envoy ENVIRONMENT SECRET CONFIGURATION Data Plane Upstream gRPC-JSON transcoder Rate limiting External AUTH … Control Plane Configure and manage envoy’s plugins Router
  • 62.
    62 | Copyright© 2020 Gloo API Gateway • Unify backend APIs running in Kubernetes, VMs, Physical, FaaS, etc • Decentralized configuration: allow service teams to move fast • Declarative configuration • Provides a control plane for Envoy • Security (Oauth/ODIC, API Key, TLS, SNI, OPA, HMAC, custom) • Kubernetes native / run outside Kube as well • Highly pluggable/extensible • “If you know Kubernetes, you know Gloo”  user quote
  • 63.
    63 | Copyright© 202063 | Copyright © 2020 Lab: Using Loop with Gloo
  • 64.
    64 | Copyright© 2020 DOCS: COMING REAL SOON … GITHUB: COMING REAL SOON … COMMUNITY: HTTPS://SLACK.SOLO.IO
  • 65.
    65 | Copyright© 202065 | Copyright © 2020 Demo: Loop with service mesh
  • 66.
    66 | Copyright© 202066 | Copyright © 2020 Proactive debugging
  • 67.
    67 | Copyright© 2020 @christianposta CHAOS ENGINEERING THINK OF A VACCINE OR A FLU SHOT INJECT YOURSELF WITH SOMETHING HARMFUL IN ORDER TO PREVENT A FUTURE ISSUE. CAREFULLY INJECTING THIS HARM INTO YOUR SYSTEMS TO TEST THE SYSTEM’S ABILITY TO RESPOND TO IT. “BREAK THINGS ON PURPOSE" IN ORDER TO LEARN HOW TO BUILD MORE RESILIENT SYSTEMS.
  • 68.
    68 | Copyright© 2020 PROBLEMS WITH CHAOS ENGINEERING TODAY? LANGUAGE SPECIFIC CODE MODIFICATION 1 2
  • 69.
    69 | Copyright© 2020 @christianposta NETWORK ABSTRACTION EAST-WEST TRAFFIC NORTH-SOUTH TRAFFIC SERVICE I SERVICE II SERVICE III SERVICE IV SERVICE V
  • 70.
    70 | Copyright© 2020 @christianposta CONTROL EXPERIMENT ⍄ DEFINE EXPERIMENTS (SET OF: MESSAGE DELAYS, NETWORK FAULTS) ⍄ RUN EVERY INTERVAL (E.G. EVERY FRIDAY AT 9PM) ⍄ GATHERED METRICS – COMPARE BASELINE ⍄ STOP EXPERIMENT IF CONDITION REACHED
  • 71.
    71 | Copyright© 2020 @christianposta GLOOSHOT GLOOSHOT ALLOWS YOU TO PERFORM CHAOS EXPERIMENTS AT THE SERVICE MESH LEVEL. DEFINE ERROR CONDITIONS IN TERMS OF SUCH FAILURE MODES: ⍄ MESSAGE DELAYS ⍄ NETWORK FAULTS. RUN EXPERIMENTS UNTIL A STOP CONDITION IS MET. GLOOSHOT INTERFACES WITH ALL MAJOR SERVICE MESHES THROUGH SERVICE MESH INTERFACE (SMI).
  • 72.
    72 | Copyright© 202072 | Copyright © 2020 Demo: Glooshot
  • 73.
    73 | Copyright© 2020 DOCS: HTTPS://GLOOSHOT.SOLO.IO GITHUB: HTTPS://GITHUB.COM/SOLO-IO/GLOOSHOT COMMUNITY: HTTPS://SLACK.SOLO.IO
  • 74.
    74 | Copyright© 202074 | Copyright © 2020 What to watch for Upcoming improvements for which to keep an eye out
  • 75.
    75 | Copyright© 2020 Web Assembly shaking up the data plane
  • 76.
    76 | Copyright© 2020 Web Assembly shaking up the data plane https://github.com/envoyproxy/envoy-wasm
  • 77.
    77 | Copyright© 2020 Web Assembly shaking up the data plane https://webassemblyhub.io
  • 78.
    78 | Copyright© 2020 @christianposta THANK YOU FOR COMING OUT! @christianposta christian@solo.io https://blog.christianposta.com https://slideshare.net/ceposta
  • 79.
    79 | Copyright© 2020 • https://solo.io • https://slack.solo.io • https://gloo.solo.io • https://envoyproxy.io • https://istio.io • https://webassemblyhub.io • https://servicemeshhub.io • https://blog.christianposta.com