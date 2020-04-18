Successfully reported this slideshow.
  1. 1. © 2020 Cingulara, Inc. NATS as a Service Mesh Using the power and simplicity of NATS to create a service mesh
  2. 2. © 2020 Cingulara, Inc. Table of Contents ■ Define Service Mesh ■ NATS Service Discovery ■ NATS Security ■ NATS Metrics ■ NATS Tracing ■ NATS Load Balancing ■ NATS Routing Control
  3. 3. © 2020 Cingulara, Inc. Define Service Mesh What is a Service Mesh, Where would you use it, Why would you use it
  4. 4. © 2020 Cingulara, Inc. What is a Service Mesh? ❏ Infrastructure Layer for your applications ❏ Helps with interactions between / among services and microservices ❏ Service Discovery (eventual consistency, distributed caching) ❏ Load Balancing (least request, hashing, zone/latency aware) ❏ Communication Resiliency (retries, timeouts, circuit-breaking, rate limiting) ❏ Security (end-to-end encryption, AuthN, AuthZ, ACLs) ❏ Observability (metrics, tracing, alerts, control theory a.k.a. MipsyTipsy) ❏ Routing Control (traffic shifting, mirroring) ❏ API (programmable, K8s CRDs) ❏ Automated Rollouts (canary, blue/green) ❏ Fault Injection (add a timeout or error to test its resiliency)
  5. 5. © 2020 Cingulara, Inc. Why Use a Service Mesh ❏ Mutual TLS implementation (security both ways) ❏ Put complexity into your framework, not your services ❏ Ephemeral containers moving around a Kubernetes type orchestration system ❏ Hype Engine ❏ “Read it on Twitter” ❏ “Saw it at KubeCon” IMPORTANT TO NOTE: ❏ Make sure you need it, you can implement it, you can support it ❏ If you are asking “Do I need a service mesh” you may not...
  6. 6. © 2020 Cingulara, Inc. Where are Service Meshes Used ❏ You see a lot in Kubernetes ❏ Istio (K8s native, Aspen Mesh, Tetrate and Red Hat OpenShift’s) ❏ Linkerd ❏ Kong Kuma ❏ Hashicorp Consul Service Mesh ❏ Used with larger, more complex systems where appropriate ❏ Used to solve those problems as they come up
  7. 7. © 2020 Cingulara, Inc. NATS Service Discovery NATS and Service Discovery
  8. 8. © 2020 Cingulara, Inc. Service Discovery in Service Mesh ❏ Answers the “Hey where are you?” ❏ Think multiple services or microservices ❏ You need to know where each other are ❏ Can call by IP or Name, but you need to know what that is ❏ Picture to right is from the Istio docs online ❏ Hint: there is a registry that keeps track of where the services are
  9. 9. © 2020 Cingulara, Inc. Service Discovery in NATS ❏ Answers the “Hey where are you?” ❏ Think multiple services or microservices ❏ You do not necessarily need to know where each other are ❏ What is important is the subject hierarchy and account/namespace ❏ Crude picture to right is from my article on medium.com ❏ Hint: we don’t care necessarily WHERE you are just that you are online
  10. 10. © 2020 Cingulara, Inc. NATS Security NATS and Security
  11. 11. © 2020 Cingulara, Inc. Security in a Service Mesh ❏ End-to-end encryption with mutual TLS ❏ Authentication ❏ Authorization ❏ Access Control ❏ Done in YAML files ❏ Must configure this correctly ❏ Centralized security model ❏ Manages the security certificates for you
  12. 12. © 2020 Cingulara, Inc. Security in NATS (2.0+) ❏ NKeys ❏ JSON Web Tokens ❏ Operator -- Account -- Users security model ❏ More decentralized ❏ Can run with TLS and certificates -- you must manage
  13. 13. © 2020 Cingulara, Inc. NATS Metrics NATS and Tracking Metrics
  14. 14. © 2020 Cingulara, Inc. Metrics in a Service Mesh ❏ Metrics captured inherently ❏ Success rates, errors, response times ❏ API to API ❏ Service Mesh components ❏ Kiali ❏ Prometheus and Grafana
  15. 15. © 2020 Cingulara, Inc. Metrics in NATS ❏ Metrics used with the NATS Prometheus Exporter ❏ Also starting to show metrics with 2.0+ implementation (Surveyor) ❏ Overall metrics, not per client ❏ Prometheus and Grafana ❏ Personally: recently worked on a per-client metrics for my application to show metrics down to the client level -- up in GH/Cingulara/
  16. 16. © 2020 Cingulara, Inc. NATS Tracing NATS and Tracing Messages
  17. 17. © 2020 Cingulara, Inc. Tracing in a Service Mesh ❏ Tracing calls from API A to B to C and back to see latency and issues ❏ Can use Istio/Envoy to export tracing information, Linkerd to collect and export ❏ Also gives you a topology of your calls
  18. 18. © 2020 Cingulara, Inc. Tracing in NATS ❏ Reference architecture to use for Tracing ❏ GitHub has not.go and not.java ❏ https://github.com/nats-io/not.go ❏ Setup your Trace structure ❏ Setup your Span structure ❏ Create a binary representation ❏ Put onto the front of your Message.Data ❏ Read it off the Reply/Subscriber on the other end ❏ Keep using your data as required ❏ I have used with C# .NET Core 2.2+ as well ❏ Publish with C#, read subscriber with Golang, still works great ❏ NATS 2.0+ has a monitoring service to show latency
  19. 19. © 2020 Cingulara, Inc. NATS Load Balancing NATS and Load Balancing
  20. 20. © 2020 Cingulara, Inc. Load Balancing in a Service Mesh ❏ 2 or more services are setup as replicas, the mesh can load balance between them ❏ Can do round robin, locality, etc. not just rotate them around ❏ You can weight the routes
  21. 21. © 2020 Cingulara, Inc. Load Balancing in NATS ❏ Uses Queued Subscriptions, similar to round robin (to me) ❏ Register your client with a queue name, that is the only setup you need ❏ Used with gateways in NATS 2.0 for clusters/superclusters you can have geo-aware subscriptions ❏ Subscribers “closer” get the information unless there is a network issue (auto-DRP) ❏ Roadmap for NATS to have a weighted load balancer, just not there yet
  22. 22. © 2020 Cingulara, Inc. NATS Routing Control NATS and Routing Control
  23. 23. © 2020 Cingulara, Inc. Routing Control in a Service Mesh ❏ Specifically traffic shifting and mirroring ❏ Mirroring / Shadowing to perform functions on another service/set of services (i.e. testing) ❏ Traffic Shifting is slowly migrating traffic from one to another (think canary) ❏ Typical to service mesh, defined in YAML
  24. 24. © 2020 Cingulara, Inc. Routing Control in NATS ❏ Mirroring or shadowing can be done by default based on subscriptions ❏ Subscribe to the subjects or use wildcards ❏ Permissions, data stores, accounts have to match ❏ Harder to do with Publishing in a production environment!
  25. 25. © 2020 Cingulara, Inc. NATS Service Mesh Summary What did we just go over
  26. 26. © 2020 Cingulara, Inc. NATS Service Mesh Functionality ❏ Inherently has some service mesh functionality ❏ You need to know if you even need a service mesh ❏ You need to test if you need Istio/Linkerd/Kuma/Consul/etc. to solve your issues
  27. 27. © 2020 Cingulara, Inc. Other Things on NATS Service Mesh ❏ AFAIK…..it can do ❏ Timeouts ❏ Retries ❏ Request/Reply as well as Pub/Sub ❏ Create a Service Mesh without Kubernetes as a basis ❏ AFAIK…..it cannot do ❏ Circuit Breaking
  28. 28. © 2020 Cingulara, Inc. What Else to Read What else dovetails with this subject
  29. 29. © 2020 Cingulara, Inc. Other Articles & Areas to Further This ❏ Christian Posta on getting started with a service mesh https://itnext.io/getting-started-with-a-service-mesh-starts-with-a-gateway-62a470350242 ❏ R.I. Pienaar Blog Series on NATS at https://choria.io/blog/post/2020/03/23/nats_patterns_1/ ❏ NATS.io blog and online docs ❏ Kevin Hoffman’s blog at https://medium.com/@KevinHoffman/managing-operator-hierarchies-in-nats-2-0-4977600b699d ❏ Slack https://natsio.slack.com/

