SlideShare a Scribd company logo

Introduction to Consul

Viswanath J
Viswanath J

Consul is a service mesh that provides service discovery, configuration, and segmentation for microservices. It uses proxies and sidecars to abstractly manage inter-service communication and enforce network policies. Consul offers key features like service discovery, telemetry collection, security via TLS encryption, intelligent routing, and resilience through retries and circuit breakers. It provides these capabilities through its distributed architecture of agents and servers and uses proxies, intentions, and mutual TLS to implement a service mesh for microservices using Consul Connect.

1 of 54
Download to read offline
Introduction to Consul
What is it? Consul is a service mesh that provides a solution to architectural challenges of operating a micro-services architecture.
Service mesh: Definition • A Service mesh is a mesh of proxies that services can plug into, to completely abstract the network away. It’s comprised of two key architectural components • a data plane which forwards traffic to other services via sidecars • a control plane which handles configuration, administrative, security and monitoring related functions.
Service mesh: Core set of features Service Mesh Service discovery: registry and discovery of services Telemetry: collection of metrics and tracing identifiers Security: TLS-based encryption including key management Routing: intelligent load balancing and network routing, better health checks, automatic deployment patterns such as blue-green or canary deployments Resilience: retries, timeouts and circuit breakers
Consul Service discovery Service segmentation Service configuration Consul offers service mesh capability; which is a combination of 3 distinct pillars.
Service discovery challenge Two services on a distributed system have to discover one-another to interact

Traditional approach • A load balancer between two services allows two way traffic between multiple instances of same service • Problems: • Load balancers are a single point of failure. • Load balancers are manually managed in most cases. If we add another instance of service, it will not be readily available. We will need to register that service into the load balancer to make it accessible • Load balancers increase the latency of inter-service communication.
Consul's approach to service discovery • Consul has a complete and up-to-date map of all the hosts in the network, in its registry. • Consul knows location of services because each service registers with its local Consul client upon start-up. • When a service needs to discover another dependent service for consumption, consumed service's instances are sought by querying the registry. Registry is can be queried using HTTP API or exposed as DNS Registry of consul resolves logical name to IP address of an instance, levelling load and masking all instance failures Register with local Consul client upon start-up for registration
Configuration management challenge Maintaining consistency between the configuration on different services after each update is a challenge; especially when it has to be managed dynamically. Monolith to micro services
Consul's approach to configuration management • Central key-value store captures the configuration information in Consul. • Changes to configuration is pushed in real-time and propagated to all the services; there by dynamically managing them.
Network segmentation challenge: Traditional approach Traditionally, 3-tier zoning system allowed us to segment our network's traffic providing Only the load balancers zone can reach into the application zone and only the application zone can reach into the data zone. 
 It is a straightforward zoning system, simple to implement and manage. Demilitarised zone Application zone Data zone
Network segmentation challenge: Micro services Network traffic and access patterns become complicated across different services. Unlike in monoliths where the traffic flow was sequential, traffic emerging from a service’s endpoint might reach different collaborating services. As various service producers and consumers exist, it becomes essential to identify the source of traffic and verify that it emerges from a verified and trusted entity.
Network segmentation challenge: Micro services Controlling the flow of traffic and segmenting the network into groups becomes a critical issue. One must ensure that strict rules are enforced to partition the network based on allowed access pattern. Centralised view of traffic flow between services or access pattern arises.
Consul's approach to segmentation • Zero trust network - A security posture where the traffic inside our network is subjected to checks, similar to traffic emerging from outside sources.
Consul's approach to segmentation • Consul maintains a centrally managed definition of services and a white-list of collaboration pattern between services. • Service graph: Access pattern rule is elevated to logical level, independent of scale. This is different from rules traditionally set in a firewall, which are tied to the management unit; typically between IP-addresses. • Identity assertion: TLS certificates are issued for services to uniquely identify them. Consul generates certificates and collaborates with external certificate authorities allowing them to sign the generated certificates automatically and rotate them. Service-level policy enforcement to define traffic pattern and segmentation using Consul
Consul connect • Dedicated feature of Consul that enrols inter-service communication policies and implements it as part of the service graph • Access controls are implemented through proxies that run as a side-car. A service interacts with other services by going through its side-car proxy. • Proxies across services use certificate authority to verify consuming service's identity and encrypt the traffic between them using mutual TLS; not being reliant on network within the data centre. • Non TLS aware applications can now leverage the benefit of encrypting the data in transit by delegating the responsibility to proxies. A proxy validates the request against the rules in service graph to validate the request.
Consul connect
Consul’s architecture: Distributed and highly available • Consul is distributed system where agent nodes communicate with server nodes. • Servers are responsible to maintain the cluster's state • An agent is responsible to perform health checks of on the node it's running and also of the services running on that node. Consul Agent sits on a node and talks to other agents on the network synchronising all service-level information
Consul agent • The Consul agent runs on every node where you want to keep track of services. • A node can be a physical server, VM, or container. • The agent tracks information about the node and its associated services. • Agents report this information to the Consul servers, where we have a central view of node and service status.
Consul servers • Consul servers work together to elect a single leader, which becomes the primary source of truth for the cluster. • All updates to the cluster are forwarded to the cluster leader. If the leader goes down one of the other servers can immediately take its place. • A typical production setup is composed of an odd number of servers (3, 5, 7 etc) to ensure the cluster is still running in case a node fails.
Local installation Verify installation
Development mode, server and client agents • Consul is a static binary written in Go. • Following sections demonstrate Consul in development mode; which must NOT be used in production. Development node contains single node, which is treated as a server by default. • In production one would run each Consul agent in either in server or client mode. • Each Consul datacenter must have at least one server, which is responsible for maintaining Consul's state. In order to make sure that Consul's state is preserved even if a server fails, one should always run either three or five servers in production. • Non-server agents run in client mode. A client is a lightweight process that registers services, runs health checks, and forwards queries to servers. A client must be running on every node in the Consul datacenter that runs services, since clients are the source of truth about service health
Start consul agent in development mode
Check members of Consul’s network using CLI and HTTP API • Development mode has a single node cluster. • Members of the cluster can be listed using consul’s CLI which offers an eventually consistent view. The members command runs against the Consul client, which gets its information via gossip protocol.  • Consul also provides a rich HTTP API which in development mode listens on port 8500 by default. The HTTP API offers a strongly consistent view as the request is forwarded to Consul servers. • The /catalog endpoint allows one to register, deregister and list nodes and services.
DNS interface • Consul offers DNS interface to discover nodes. • Unless caching is enabled, it forwards the query to Consul servers. • Consul agent's DNS server runs on port 8600 by default. 
• Consul's web UI allows you to view and interact with Consul via a graphical user interface • As the agent is running in development mode, the UI is automatically enabled at http://localhost:8500/ui • Services: a list of all registered services including their health, tags, type, and source • Nodes: an overview of the entire datacenter including the health status of each node Consul Web UI
• Key/Value: A page for Consul key-value pairs where the keys page has a folder-like structure. Objects appear nested according to their key prefix. • Access Control Lists (ACLs): Consul uses Access Control Lists (ACLs) to secure the UI, API, CLI, service communications, and agent communications. ACLs operate by grouping rules into policies, then associating one or more policies with a token. ACLs are imperative for all Consul production environments. • Intentions: Services are secured by defining intentions in Consul. Intentions describe a white list of allowed communication between service producers and consumers. Consul Web UI
Services Register a Service with health check 
 Use service discovery to query the service
Service: HTTP Echo • A small GO web server • It serves the contents with which it was started as a HTML page • The default port is 5678, but this is configurable via the -listen flag:
 http-echo -listen=:8080 -text=“Hi there!”
Define a service in consul • Register the service either by providing a service definition • Create a dedicated directory for Consul's configuration files • Create a service definition configuration file by naming the service hello running on port 8080. Once can create multiple service definition files to register multiple services. • check part of service definition adds a HTTP based health check which tries to connect to the web service every 10 seconds with 1 second time-out. • Any 2xx code is considered passing, a 429 Too ManyRequests is a warning, and anything else is a failure.
• Re(start) the agent by specifying the configuration directory and • Notice that agent loaded the service definition from the configuration file and has successfully registered it in the service catalog. Define a service in consul
Consul UI • Consul agent is to manage system-level and application-level health checks.  • A health check is considered to be application-level if it is associated with a service. • If not associated with a service, the check monitors the health of the entire node.
Query the service using HTTP API • The HTTP API lists all nodes hosting a given service. • One can adjust the HTTP API query to look for only healthy instances as shown below • http://localhost:8500/v1/health/service/hello? passing
Query the service using DNS • The DNS name for a service registered with Consul is <registered-service-name>.service.consul • By default, all DNS names are in the consul namespace • A record is returned containing the IP address where the service was registered • DNS query automatically filters out unhealthy service instances
Service mesh with consul connect Start services
 Register and start side car proxies Manage communication between services using intentions
Traditional set-up greeter http-consumer Direct consumption over http using IP address to locate dependency 9090 8080
Greeter service • Create a network named ‘consul’ to allow inter container communication using the command
 
 docker network create -o com.docker.network.bridge.enable_icc=true consul • Start the greeter service using the public docker image image bloque/greeter • The container belongs to the network consul and service listens on port 9090 and exposes three endpoints • /health-check • /greet/<name> • /joke
HTTP-consumer service • The service is an utility that makes a HTTP GET request to URL supplied by environment variable SERVICE_URL every 2 seconds • Identify the IP address of the greeter container that’s running within the network consul and use it to set the environment variable for http-consumer container upon start-up. • Please utilise the public docker image bloque/http-consumer and start the container as shown
Target set-up using consul connect Side car proxy Side car proxy greeter http-consumer Mutual TLS Upstream 
 service Dependent 
 service Service discovery and access control 9090 9192 Sidecar proxy listens to port 9192 and establishes mutual TLS connection with greeter
Register the Greeter service 1. Create a service definition for greeter service (ideally greeting.json) in location /etc/consul.d/ 2. Consul will look for a service running on port 9090 and advertise it as the greeter service. 1. On a properly configured node, this can be reached as greeter.service.consul through DNS. 3. A blank proxy is defined. This enables proxy communication for greeter service through Consul Connect on a dynamically allocated port. 1. Consul bundles L4 proxy for testing purposes but in production, one must use envoy. 4. A health check examines the local /health-check endpoint every 30 seconds to determine whether the service is healthy and can be exposed to other services.
DNS look-up for greeter service
Start the Greeter service 1.Start the greeter service on port 9090 as it was specified in service configuration file greeter.json
Start the proxy for Greeter service 1. Reload consul for configuration refresh and start the side-car 2. Monitor the logs of consul agent for verification 3. Also, check the management console.
Register the dependent ‘http-consumer’ service with its proxy • Register the service with Consul using a new service definition • Create a service definition for http- consumer service (ideally http- consumer.json) in location /etc/consul.d/ • http-consumer service shall communicate with greeter service through corresponding encrypted side-car proxies • Proxy configuration specifies http- consumer's upstream dependency on greeter service, and the port 9192 at which proxy should listen in order to establish mutual TLS connection.
Register the dependent ‘http-consumer’ service with its proxy • Start the proxy process for http-consumer • Start the http-consumer service supplying the address of its side-car proxy to communicate
Result • The service http-consumer communicates to its proxy http-consumer-sidecar-proxy on port 9192 • The side-car proxy http-consumer- sidecar-proxy then encrypts its traffic and send it over the network to the sidecar proxy for greeter service which is greeter- sidecar-proxy • greeter-sidecar-proxy decrypts the traffic and send it locally to greeter service on a loopback address at port 9090
Proxy configurations
Intentions • Intentions control communication between services. • In development mode, the default ACL is “allow-all” connections • Intentions allow one to segment the network relying on the services' logical names rather than the IP addresses of each individual service instance.  • An intention is created here to deny access from http-consumer to greeter service. • It specifies policy, source and destination services.
Intentions
Key-value store • Consul includes a key value store, which you can use to • dynamically configure applications, • coordinate services, • manage leader election and more • There are three ways to interact with the Consul KV store • HTTP API • Command line interface • Consul UI
Key-value store via CLI
Automate service configuration using consul template • Consul template is a small agent that can manage files and populate them with data from the Consul’s key-value store. • Installation can be done via home-brew • brew install consul-template • Consul template takes a template file with placeholders pointing to KV entries, processes it and saves in a new file with values populated. • It can run in a loop, thus providing near real time synchronisation
Consul template in action • Consul template utilises the template file hello.tpl and substitutes values in handle-bar like placeholders i.e. {{ }} by consulting consul’s key-value store • By default, Consul template runs continuously to apply new values for supplied keys as soon as they’re available. • For demonstration purpose, here the -once flag is used to apply the substitution only once.
Next steps

Recommended

Introducing Service Discovery for Amazon ECS - CON403 - re:Invent 2017
Introducing Service Discovery for Amazon ECS - CON403 - re:Invent 2017Introducing Service Discovery for Amazon ECS - CON403 - re:Invent 2017
Introducing Service Discovery for Amazon ECS - CON403 - re:Invent 2017
Amazon Web Services
 
Getting Started with Consul
Getting Started with ConsulGetting Started with Consul
Getting Started with Consul
Ramit Surana
 
Consul
ConsulConsul
Consul
Ariel Moskovich
 
Continuous Delivery with AWS Lambda - AWS April 2016 Webinar Series
Continuous Delivery with AWS Lambda - AWS April 2016 Webinar SeriesContinuous Delivery with AWS Lambda - AWS April 2016 Webinar Series
Continuous Delivery with AWS Lambda - AWS April 2016 Webinar Series
Amazon Web Services
 
OpenStack keystone identity service
OpenStack keystone identity serviceOpenStack keystone identity service
OpenStack keystone identity service
openstackindia
 
Nginx dhruba mandal
Nginx dhruba mandalNginx dhruba mandal
Nginx dhruba mandal
Dhrubaji Mandal ♛
 
ansible why ?
ansible why ?ansible why ?
ansible why ?
Yashar Esmaildokht
 
WebSphere Application Server V8.5.5 Libertyプロファイルのご紹介 #jjug_ccc #ccc_r51
WebSphere Application Server V8.5.5 Libertyプロファイルのご紹介 #jjug_ccc #ccc_r51WebSphere Application Server V8.5.5 Libertyプロファイルのご紹介 #jjug_ccc #ccc_r51
WebSphere Application Server V8.5.5 Libertyプロファイルのご紹介 #jjug_ccc #ccc_r51
Takakiyo Tanaka
 

Recommended

Introducing Service Discovery for Amazon ECS - CON403 - re:Invent 2017
Introducing Service Discovery for Amazon ECS - CON403 - re:Invent 2017Introducing Service Discovery for Amazon ECS - CON403 - re:Invent 2017
Introducing Service Discovery for Amazon ECS - CON403 - re:Invent 2017
Amazon Web Services
 
Getting Started with Consul
Getting Started with ConsulGetting Started with Consul
Getting Started with Consul
Ramit Surana
 
Consul
ConsulConsul
Consul
Ariel Moskovich
 
Continuous Delivery with AWS Lambda - AWS April 2016 Webinar Series
Continuous Delivery with AWS Lambda - AWS April 2016 Webinar SeriesContinuous Delivery with AWS Lambda - AWS April 2016 Webinar Series
Continuous Delivery with AWS Lambda - AWS April 2016 Webinar Series
Amazon Web Services
 
OpenStack keystone identity service
OpenStack keystone identity serviceOpenStack keystone identity service
OpenStack keystone identity service
openstackindia
 
Nginx dhruba mandal
Nginx dhruba mandalNginx dhruba mandal
Nginx dhruba mandal
Dhrubaji Mandal ♛
 
ansible why ?
ansible why ?ansible why ?
ansible why ?
Yashar Esmaildokht
 
WebSphere Application Server V8.5.5 Libertyプロファイルのご紹介 #jjug_ccc #ccc_r51
WebSphere Application Server V8.5.5 Libertyプロファイルのご紹介 #jjug_ccc #ccc_r51WebSphere Application Server V8.5.5 Libertyプロファイルのご紹介 #jjug_ccc #ccc_r51
WebSphere Application Server V8.5.5 Libertyプロファイルのご紹介 #jjug_ccc #ccc_r51
Takakiyo Tanaka
 
Introduction to kubernetes
Introduction to kubernetesIntroduction to kubernetes
Introduction to kubernetes
Rishabh Indoria
 
Automated testing using Selenium & NUnit
Automated testing using Selenium & NUnitAutomated testing using Selenium & NUnit
Automated testing using Selenium & NUnit
Alfred Jett Grandeza
 
Nginx Deep Dive Kubernetes Ingress
Nginx Deep Dive Kubernetes IngressNginx Deep Dive Kubernetes Ingress
Nginx Deep Dive Kubernetes Ingress
Knoldus Inc.
 
OpenStack VDI and DaaS with Leostream and the Teradici Pervasive Cloud Comput...
OpenStack VDI and DaaS with Leostream and the Teradici Pervasive Cloud Comput...OpenStack VDI and DaaS with Leostream and the Teradici Pervasive Cloud Comput...
OpenStack VDI and DaaS with Leostream and the Teradici Pervasive Cloud Comput...
Leostream
 
Consul: Service Mesh for Microservices
Consul: Service Mesh for MicroservicesConsul: Service Mesh for Microservices
Consul: Service Mesh for Microservices
ArmonDadgar
 
DevOps Meetup ansible
DevOps Meetup ansibleDevOps Meetup ansible
DevOps Meetup ansible
sriram_rajan
 
Introducing Managed Rules for AWS WAF (with a Customer Story) - AWS Online Te...
Introducing Managed Rules for AWS WAF (with a Customer Story) - AWS Online Te...Introducing Managed Rules for AWS WAF (with a Customer Story) - AWS Online Te...
Introducing Managed Rules for AWS WAF (with a Customer Story) - AWS Online Te...
Amazon Web Services
 
OAuth 2
OAuth 2OAuth 2
OAuth 2
ChrisWood262
 
Nginx
NginxNginx
Nginx
Dhrubaji Mandal ♛
 
AWS Advanced Networking: BGP
AWS Advanced Networking: BGPAWS Advanced Networking: BGP
AWS Advanced Networking: BGP
RJ Jafarkhani ☁
 
Load Testing with k6 framework
Load Testing with k6 frameworkLoad Testing with k6 framework
Load Testing with k6 framework
Svetlin Nakov
 
The-Hacker-Playbook-Practical-Guide-To-Penetration-Testing-2014.pdf
The-Hacker-Playbook-Practical-Guide-To-Penetration-Testing-2014.pdfThe-Hacker-Playbook-Practical-Guide-To-Penetration-Testing-2014.pdf
The-Hacker-Playbook-Practical-Guide-To-Penetration-Testing-2014.pdf
prasunkagrawal
 
"15 Technique to Exploit File Upload Pages", Ebrahim Hegazy
"15 Technique to Exploit File Upload Pages", Ebrahim Hegazy"15 Technique to Exploit File Upload Pages", Ebrahim Hegazy
"15 Technique to Exploit File Upload Pages", Ebrahim Hegazy
HackIT Ukraine
 
OpenStack Architecture
OpenStack ArchitectureOpenStack Architecture
OpenStack Architecture
Mirantis
 
Galen Framework - Responsive Design Automation
Galen Framework - Responsive Design AutomationGalen Framework - Responsive Design Automation
Galen Framework - Responsive Design Automation
Venkat Ramana Reddy Parine
 
Overview of Google’s BeyondCorp Approach to Security
Overview of Google’s BeyondCorp Approach to Security Overview of Google’s BeyondCorp Approach to Security
Overview of Google’s BeyondCorp Approach to Security
Priyanka Aash
 
02 api gateway
02 api gateway02 api gateway
02 api gateway
Janani Velmurugan
 
Apache Karaf - Building OSGi applications on Apache Karaf - T Frank & A Grzesik
Apache Karaf - Building OSGi applications on Apache Karaf - T Frank & A GrzesikApache Karaf - Building OSGi applications on Apache Karaf - T Frank & A Grzesik
Apache Karaf - Building OSGi applications on Apache Karaf - T Frank & A Grzesik
mfrancis
 
Selenium WebDriver with Java
Selenium WebDriver with JavaSelenium WebDriver with Java
Selenium WebDriver with Java
Fayis-QA
 
Bp101-Can Domino Be Hacked
Bp101-Can Domino Be HackedBp101-Can Domino Be Hacked
Bp101-Can Domino Be Hacked
Howard Greenberg
 
Open Source Networking Days- Service Mesh
Open Source Networking Days- Service MeshOpen Source Networking Days- Service Mesh
Open Source Networking Days- Service Mesh
CloudOps2005
 
Transforming Legacy Applications Into Dynamically Scalable Web Services
Transforming Legacy Applications Into Dynamically Scalable Web ServicesTransforming Legacy Applications Into Dynamically Scalable Web Services
Transforming Legacy Applications Into Dynamically Scalable Web Services
Adam Takvam
 

More Related Content

What's hot

Introduction to kubernetes
Introduction to kubernetesIntroduction to kubernetes
Introduction to kubernetes
Rishabh Indoria
 
Automated testing using Selenium & NUnit
Automated testing using Selenium & NUnitAutomated testing using Selenium & NUnit
Automated testing using Selenium & NUnit
Alfred Jett Grandeza
 
Nginx Deep Dive Kubernetes Ingress
Nginx Deep Dive Kubernetes IngressNginx Deep Dive Kubernetes Ingress
Nginx Deep Dive Kubernetes Ingress
Knoldus Inc.
 
OpenStack VDI and DaaS with Leostream and the Teradici Pervasive Cloud Comput...
OpenStack VDI and DaaS with Leostream and the Teradici Pervasive Cloud Comput...OpenStack VDI and DaaS with Leostream and the Teradici Pervasive Cloud Comput...
OpenStack VDI and DaaS with Leostream and the Teradici Pervasive Cloud Comput...
Leostream
 
Consul: Service Mesh for Microservices
Consul: Service Mesh for MicroservicesConsul: Service Mesh for Microservices
Consul: Service Mesh for Microservices
ArmonDadgar
 
DevOps Meetup ansible
DevOps Meetup ansibleDevOps Meetup ansible
DevOps Meetup ansible
sriram_rajan
 
Introducing Managed Rules for AWS WAF (with a Customer Story) - AWS Online Te...
Introducing Managed Rules for AWS WAF (with a Customer Story) - AWS Online Te...Introducing Managed Rules for AWS WAF (with a Customer Story) - AWS Online Te...
Introducing Managed Rules for AWS WAF (with a Customer Story) - AWS Online Te...
Amazon Web Services
 
OAuth 2
OAuth 2OAuth 2
OAuth 2
ChrisWood262
 
Nginx
NginxNginx
Nginx
Dhrubaji Mandal ♛
 
AWS Advanced Networking: BGP
AWS Advanced Networking: BGPAWS Advanced Networking: BGP
AWS Advanced Networking: BGP
RJ Jafarkhani ☁
 
Load Testing with k6 framework
Load Testing with k6 frameworkLoad Testing with k6 framework
Load Testing with k6 framework
Svetlin Nakov
 
The-Hacker-Playbook-Practical-Guide-To-Penetration-Testing-2014.pdf
The-Hacker-Playbook-Practical-Guide-To-Penetration-Testing-2014.pdfThe-Hacker-Playbook-Practical-Guide-To-Penetration-Testing-2014.pdf
The-Hacker-Playbook-Practical-Guide-To-Penetration-Testing-2014.pdf
prasunkagrawal
 
"15 Technique to Exploit File Upload Pages", Ebrahim Hegazy
"15 Technique to Exploit File Upload Pages", Ebrahim Hegazy"15 Technique to Exploit File Upload Pages", Ebrahim Hegazy
"15 Technique to Exploit File Upload Pages", Ebrahim Hegazy
HackIT Ukraine
 
OpenStack Architecture
OpenStack ArchitectureOpenStack Architecture
OpenStack Architecture
Mirantis
 
Galen Framework - Responsive Design Automation
Galen Framework - Responsive Design AutomationGalen Framework - Responsive Design Automation
Galen Framework - Responsive Design Automation
Venkat Ramana Reddy Parine
 
Overview of Google’s BeyondCorp Approach to Security
Overview of Google’s BeyondCorp Approach to Security Overview of Google’s BeyondCorp Approach to Security
Overview of Google’s BeyondCorp Approach to Security
Priyanka Aash
 
02 api gateway
02 api gateway02 api gateway
02 api gateway
Janani Velmurugan
 
Apache Karaf - Building OSGi applications on Apache Karaf - T Frank & A Grzesik
Apache Karaf - Building OSGi applications on Apache Karaf - T Frank & A GrzesikApache Karaf - Building OSGi applications on Apache Karaf - T Frank & A Grzesik
Apache Karaf - Building OSGi applications on Apache Karaf - T Frank & A Grzesik
mfrancis
 
Selenium WebDriver with Java
Selenium WebDriver with JavaSelenium WebDriver with Java
Selenium WebDriver with Java
Fayis-QA
 
Bp101-Can Domino Be Hacked
Bp101-Can Domino Be HackedBp101-Can Domino Be Hacked
Bp101-Can Domino Be Hacked
Howard Greenberg
 

What's hot (20)

Introduction to kubernetes
Introduction to kubernetesIntroduction to kubernetes
Introduction to kubernetes
 
Automated testing using Selenium & NUnit
Automated testing using Selenium & NUnitAutomated testing using Selenium & NUnit
Automated testing using Selenium & NUnit
 
Nginx Deep Dive Kubernetes Ingress
Nginx Deep Dive Kubernetes IngressNginx Deep Dive Kubernetes Ingress
Nginx Deep Dive Kubernetes Ingress
 
OpenStack VDI and DaaS with Leostream and the Teradici Pervasive Cloud Comput...
OpenStack VDI and DaaS with Leostream and the Teradici Pervasive Cloud Comput...OpenStack VDI and DaaS with Leostream and the Teradici Pervasive Cloud Comput...
OpenStack VDI and DaaS with Leostream and the Teradici Pervasive Cloud Comput...
 
Consul: Service Mesh for Microservices
Consul: Service Mesh for MicroservicesConsul: Service Mesh for Microservices
Consul: Service Mesh for Microservices
 
DevOps Meetup ansible
DevOps Meetup ansibleDevOps Meetup ansible
DevOps Meetup ansible
 
Introducing Managed Rules for AWS WAF (with a Customer Story) - AWS Online Te...
Introducing Managed Rules for AWS WAF (with a Customer Story) - AWS Online Te...Introducing Managed Rules for AWS WAF (with a Customer Story) - AWS Online Te...
Introducing Managed Rules for AWS WAF (with a Customer Story) - AWS Online Te...
 
OAuth 2
OAuth 2OAuth 2
OAuth 2
 
Nginx
NginxNginx
Nginx
 
AWS Advanced Networking: BGP
AWS Advanced Networking: BGPAWS Advanced Networking: BGP
AWS Advanced Networking: BGP
 
Load Testing with k6 framework
Load Testing with k6 frameworkLoad Testing with k6 framework
Load Testing with k6 framework
 
The-Hacker-Playbook-Practical-Guide-To-Penetration-Testing-2014.pdf
The-Hacker-Playbook-Practical-Guide-To-Penetration-Testing-2014.pdfThe-Hacker-Playbook-Practical-Guide-To-Penetration-Testing-2014.pdf
The-Hacker-Playbook-Practical-Guide-To-Penetration-Testing-2014.pdf
 
"15 Technique to Exploit File Upload Pages", Ebrahim Hegazy
"15 Technique to Exploit File Upload Pages", Ebrahim Hegazy"15 Technique to Exploit File Upload Pages", Ebrahim Hegazy
"15 Technique to Exploit File Upload Pages", Ebrahim Hegazy
 
OpenStack Architecture
OpenStack ArchitectureOpenStack Architecture
OpenStack Architecture
 
Galen Framework - Responsive Design Automation
Galen Framework - Responsive Design AutomationGalen Framework - Responsive Design Automation
Galen Framework - Responsive Design Automation
 
Overview of Google’s BeyondCorp Approach to Security
Overview of Google’s BeyondCorp Approach to Security Overview of Google’s BeyondCorp Approach to Security
Overview of Google’s BeyondCorp Approach to Security
 
02 api gateway
02 api gateway02 api gateway
02 api gateway
 
Apache Karaf - Building OSGi applications on Apache Karaf - T Frank & A Grzesik
Apache Karaf - Building OSGi applications on Apache Karaf - T Frank & A GrzesikApache Karaf - Building OSGi applications on Apache Karaf - T Frank & A Grzesik
Apache Karaf - Building OSGi applications on Apache Karaf - T Frank & A Grzesik
 
Selenium WebDriver with Java
Selenium WebDriver with JavaSelenium WebDriver with Java
Selenium WebDriver with Java
 
Bp101-Can Domino Be Hacked
Bp101-Can Domino Be HackedBp101-Can Domino Be Hacked
Bp101-Can Domino Be Hacked
 

Similar to Introduction to Consul

Open Source Networking Days- Service Mesh
Open Source Networking Days- Service MeshOpen Source Networking Days- Service Mesh
Open Source Networking Days- Service Mesh
CloudOps2005
 
Transforming Legacy Applications Into Dynamically Scalable Web Services
Transforming Legacy Applications Into Dynamically Scalable Web ServicesTransforming Legacy Applications Into Dynamically Scalable Web Services
Transforming Legacy Applications Into Dynamically Scalable Web Services
Adam Takvam
 
Consul: Microservice Enabling Microservices and Reactive Programming
Consul: Microservice Enabling Microservices and Reactive ProgrammingConsul: Microservice Enabling Microservices and Reactive Programming
Consul: Microservice Enabling Microservices and Reactive Programming
Rick Hightower
 
Fallsem2021 22 ita2012-eth_vl2021220101938_reference_material_i_06-aug-2021_m...
Fallsem2021 22 ita2012-eth_vl2021220101938_reference_material_i_06-aug-2021_m...Fallsem2021 22 ita2012-eth_vl2021220101938_reference_material_i_06-aug-2021_m...
Fallsem2021 22 ita2012-eth_vl2021220101938_reference_material_i_06-aug-2021_m...
DineshKumar746335
 
Introduction to Enterprise Service Bus
Introduction to Enterprise Service BusIntroduction to Enterprise Service Bus
Introduction to Enterprise Service Bus
Mahmoud Ezzat
 
Event-Driven Serverless Architecture - the next big thing in the cloud (Cleme...
Event-Driven Serverless Architecture - the next big thing in the cloud (Cleme...Event-Driven Serverless Architecture - the next big thing in the cloud (Cleme...
Event-Driven Serverless Architecture - the next big thing in the cloud (Cleme...
Codit
 
Service Mesh CTO Forum (Draft 3)
Service Mesh CTO Forum (Draft 3)Service Mesh CTO Forum (Draft 3)
Service Mesh CTO Forum (Draft 3)
Rick Hightower
 
Developing Enterprise Applications for the Cloud, from Monolith to Microservices
Developing Enterprise Applications for the Cloud, from Monolith to MicroservicesDeveloping Enterprise Applications for the Cloud, from Monolith to Microservices
Developing Enterprise Applications for the Cloud, from Monolith to Microservices
David Currie
 
Developing Enterprise Applications for the Cloud, from Monolith to Microservice
Developing Enterprise Applications for the Cloud, from Monolith to MicroserviceDeveloping Enterprise Applications for the Cloud, from Monolith to Microservice
Developing Enterprise Applications for the Cloud, from Monolith to Microservice
Jack-Junjie Cai
 
Azure service fabric overview
Azure service fabric overviewAzure service fabric overview
Azure service fabric overview
Baskar rao Dsn
 
Service Mesh Talk for CTO Forum
Service Mesh Talk for CTO ForumService Mesh Talk for CTO Forum
Service Mesh Talk for CTO Forum
Rick Hightower
 
Managing Microservices With The Istio Service Mesh on Kubernetes
Managing Microservices With The Istio Service Mesh on KubernetesManaging Microservices With The Istio Service Mesh on Kubernetes
Managing Microservices With The Istio Service Mesh on Kubernetes
Iftach Schonbaum
 
DevOps-training-in-chandigarh-Join-now--
DevOps-training-in-chandigarh-Join-now--DevOps-training-in-chandigarh-Join-now--
DevOps-training-in-chandigarh-Join-now--
asmeerana605
 
Comparison of Current Service Mesh Architectures
Comparison of Current Service Mesh ArchitecturesComparison of Current Service Mesh Architectures
Comparison of Current Service Mesh Architectures
Mirantis
 
ISTIO Deep Dive
ISTIO Deep DiveISTIO Deep Dive
ISTIO Deep Dive
Yong Feng
 
SOA and Monolith Architecture - Micro Services.pptx
SOA and Monolith Architecture - Micro Services.pptxSOA and Monolith Architecture - Micro Services.pptx
SOA and Monolith Architecture - Micro Services.pptx
Kongu Engineering College, Perundurai, Erode
 
Magento Developer Talk. Microservice Architecture and Actor Model
Magento Developer Talk. Microservice Architecture and Actor ModelMagento Developer Talk. Microservice Architecture and Actor Model
Magento Developer Talk. Microservice Architecture and Actor Model
Igor Miniailo
 
Deep Dive on Microservices and Amazon ECS by Raul Frias, Solutions Architect,...
Deep Dive on Microservices and Amazon ECS by Raul Frias, Solutions Architect,...Deep Dive on Microservices and Amazon ECS by Raul Frias, Solutions Architect,...
Deep Dive on Microservices and Amazon ECS by Raul Frias, Solutions Architect,...
Amazon Web Services
 
JS Fest 2019/Autumn. Anton Cherednikov. Choreographic or orchestral architect...
JS Fest 2019/Autumn. Anton Cherednikov. Choreographic or orchestral architect...JS Fest 2019/Autumn. Anton Cherednikov. Choreographic or orchestral architect...
JS Fest 2019/Autumn. Anton Cherednikov. Choreographic or orchestral architect...
JSFestUA
 
Chapeter 2 introduction to cloud computing
Chapeter 2 introduction to cloud computingChapeter 2 introduction to cloud computing
Chapeter 2 introduction to cloud computing
eShikshak
 

Similar to Introduction to Consul (20)

Open Source Networking Days- Service Mesh
Open Source Networking Days- Service MeshOpen Source Networking Days- Service Mesh
Open Source Networking Days- Service Mesh
 
Transforming Legacy Applications Into Dynamically Scalable Web Services
Transforming Legacy Applications Into Dynamically Scalable Web ServicesTransforming Legacy Applications Into Dynamically Scalable Web Services
Transforming Legacy Applications Into Dynamically Scalable Web Services
 
Consul: Microservice Enabling Microservices and Reactive Programming
Consul: Microservice Enabling Microservices and Reactive ProgrammingConsul: Microservice Enabling Microservices and Reactive Programming
Consul: Microservice Enabling Microservices and Reactive Programming
 
Fallsem2021 22 ita2012-eth_vl2021220101938_reference_material_i_06-aug-2021_m...
Fallsem2021 22 ita2012-eth_vl2021220101938_reference_material_i_06-aug-2021_m...Fallsem2021 22 ita2012-eth_vl2021220101938_reference_material_i_06-aug-2021_m...
Fallsem2021 22 ita2012-eth_vl2021220101938_reference_material_i_06-aug-2021_m...
 
Introduction to Enterprise Service Bus
Introduction to Enterprise Service BusIntroduction to Enterprise Service Bus
Introduction to Enterprise Service Bus
 
Event-Driven Serverless Architecture - the next big thing in the cloud (Cleme...
Event-Driven Serverless Architecture - the next big thing in the cloud (Cleme...Event-Driven Serverless Architecture - the next big thing in the cloud (Cleme...
Event-Driven Serverless Architecture - the next big thing in the cloud (Cleme...
 
Service Mesh CTO Forum (Draft 3)
Service Mesh CTO Forum (Draft 3)Service Mesh CTO Forum (Draft 3)
Service Mesh CTO Forum (Draft 3)
 
Developing Enterprise Applications for the Cloud, from Monolith to Microservices
Developing Enterprise Applications for the Cloud, from Monolith to MicroservicesDeveloping Enterprise Applications for the Cloud, from Monolith to Microservices
Developing Enterprise Applications for the Cloud, from Monolith to Microservices
 
Developing Enterprise Applications for the Cloud, from Monolith to Microservice
Developing Enterprise Applications for the Cloud, from Monolith to MicroserviceDeveloping Enterprise Applications for the Cloud, from Monolith to Microservice
Developing Enterprise Applications for the Cloud, from Monolith to Microservice
 
Azure service fabric overview
Azure service fabric overviewAzure service fabric overview
Azure service fabric overview
 
Service Mesh Talk for CTO Forum
Service Mesh Talk for CTO ForumService Mesh Talk for CTO Forum
Service Mesh Talk for CTO Forum
 
Managing Microservices With The Istio Service Mesh on Kubernetes
Managing Microservices With The Istio Service Mesh on KubernetesManaging Microservices With The Istio Service Mesh on Kubernetes
Managing Microservices With The Istio Service Mesh on Kubernetes
 
DevOps-training-in-chandigarh-Join-now--
DevOps-training-in-chandigarh-Join-now--DevOps-training-in-chandigarh-Join-now--
DevOps-training-in-chandigarh-Join-now--
 
Comparison of Current Service Mesh Architectures
Comparison of Current Service Mesh ArchitecturesComparison of Current Service Mesh Architectures
Comparison of Current Service Mesh Architectures
 
ISTIO Deep Dive
ISTIO Deep DiveISTIO Deep Dive
ISTIO Deep Dive
 
SOA and Monolith Architecture - Micro Services.pptx
SOA and Monolith Architecture - Micro Services.pptxSOA and Monolith Architecture - Micro Services.pptx
SOA and Monolith Architecture - Micro Services.pptx
 
Magento Developer Talk. Microservice Architecture and Actor Model
Magento Developer Talk. Microservice Architecture and Actor ModelMagento Developer Talk. Microservice Architecture and Actor Model
Magento Developer Talk. Microservice Architecture and Actor Model
 
Deep Dive on Microservices and Amazon ECS by Raul Frias, Solutions Architect,...
Deep Dive on Microservices and Amazon ECS by Raul Frias, Solutions Architect,...Deep Dive on Microservices and Amazon ECS by Raul Frias, Solutions Architect,...
Deep Dive on Microservices and Amazon ECS by Raul Frias, Solutions Architect,...
 
JS Fest 2019/Autumn. Anton Cherednikov. Choreographic or orchestral architect...
JS Fest 2019/Autumn. Anton Cherednikov. Choreographic or orchestral architect...JS Fest 2019/Autumn. Anton Cherednikov. Choreographic or orchestral architect...
JS Fest 2019/Autumn. Anton Cherednikov. Choreographic or orchestral architect...
 
Chapeter 2 introduction to cloud computing
Chapeter 2 introduction to cloud computingChapeter 2 introduction to cloud computing
Chapeter 2 introduction to cloud computing
 

More from Viswanath J

Apache kafka
Apache kafkaApache kafka
Apache kafka
Viswanath J
 
Getting started with Cassandra 2.1
Getting started with Cassandra 2.1Getting started with Cassandra 2.1
Getting started with Cassandra 2.1
Viswanath J
 
Introduction to NOSQL quadrants
Introduction to NOSQL quadrantsIntroduction to NOSQL quadrants
Introduction to NOSQL quadrants
Viswanath J
 
Improving effectiveness of a meeting
Improving effectiveness of a meetingImproving effectiveness of a meeting
Improving effectiveness of a meeting
Viswanath J
 
Inside the Android application framework - Google I/O 2009
Inside the Android application framework - Google I/O 2009Inside the Android application framework - Google I/O 2009
Inside the Android application framework - Google I/O 2009
Viswanath J
 
Android : How Do I Code Thee?
Android : How Do I Code Thee?Android : How Do I Code Thee?
Android : How Do I Code Thee?
Viswanath J
 
The anatomy and philosophy of Android - Google I/O 2009
The anatomy and philosophy of Android - Google I/O 2009The anatomy and philosophy of Android - Google I/O 2009
The anatomy and philosophy of Android - Google I/O 2009
Viswanath J
 
Introduction To Docbook 4 .5 Authoring
Introduction To Docbook 4 .5 AuthoringIntroduction To Docbook 4 .5 Authoring
Introduction To Docbook 4 .5 Authoring
Viswanath J
 

More from Viswanath J (8)

Apache kafka
Apache kafkaApache kafka
Apache kafka
 
Getting started with Cassandra 2.1
Getting started with Cassandra 2.1Getting started with Cassandra 2.1
Getting started with Cassandra 2.1
 
Introduction to NOSQL quadrants
Introduction to NOSQL quadrantsIntroduction to NOSQL quadrants
Introduction to NOSQL quadrants
 
Improving effectiveness of a meeting
Improving effectiveness of a meetingImproving effectiveness of a meeting
Improving effectiveness of a meeting
 
Inside the Android application framework - Google I/O 2009
Inside the Android application framework - Google I/O 2009Inside the Android application framework - Google I/O 2009
Inside the Android application framework - Google I/O 2009
 
Android : How Do I Code Thee?
Android : How Do I Code Thee?Android : How Do I Code Thee?
Android : How Do I Code Thee?
 
The anatomy and philosophy of Android - Google I/O 2009
The anatomy and philosophy of Android - Google I/O 2009The anatomy and philosophy of Android - Google I/O 2009
The anatomy and philosophy of Android - Google I/O 2009
 
Introduction To Docbook 4 .5 Authoring
Introduction To Docbook 4 .5 AuthoringIntroduction To Docbook 4 .5 Authoring
Introduction To Docbook 4 .5 Authoring
 

Recently uploaded

Oracle Database 19c New Features for DBAs and Developers.pptx
Oracle Database 19c New Features for DBAs and Developers.pptxOracle Database 19c New Features for DBAs and Developers.pptx
Oracle Database 19c New Features for DBAs and Developers.pptx
Remote DBA Services
 
Modelling Up - DDDEurope 2024 - Amsterdam
Modelling Up - DDDEurope 2024 - AmsterdamModelling Up - DDDEurope 2024 - Amsterdam
Modelling Up - DDDEurope 2024 - Amsterdam
Alberto Brandolini
 
Need for Speed: Removing speed bumps from your Symfony projects ⚡️
Need for Speed: Removing speed bumps from your Symfony projects ⚡️Need for Speed: Removing speed bumps from your Symfony projects ⚡️
Need for Speed: Removing speed bumps from your Symfony projects ⚡️
Łukasz Chruściel
 
Measures in SQL (SIGMOD 2024, Santiago, Chile)
Measures in SQL (SIGMOD 2024, Santiago, Chile)Measures in SQL (SIGMOD 2024, Santiago, Chile)
Measures in SQL (SIGMOD 2024, Santiago, Chile)
Julian Hyde
 
Lecture 2 - software testing SE 412.pptx
Lecture 2 - software testing SE 412.pptxLecture 2 - software testing SE 412.pptx
Lecture 2 - software testing SE 412.pptx
TaghreedAltamimi
 
Transform Your Communication with Cloud-Based IVR Solutions
Transform Your Communication with Cloud-Based IVR SolutionsTransform Your Communication with Cloud-Based IVR Solutions
Transform Your Communication with Cloud-Based IVR Solutions
TheSMSPoint
 
2024 eCommerceDays Toulouse - Sylius 2.0.pdf
2024 eCommerceDays Toulouse - Sylius 2.0.pdf2024 eCommerceDays Toulouse - Sylius 2.0.pdf
2024 eCommerceDays Toulouse - Sylius 2.0.pdf
Łukasz Chruściel
 
Oracle 23c New Features For DBAs and Developers.pptx
Oracle 23c New Features For DBAs and Developers.pptxOracle 23c New Features For DBAs and Developers.pptx
Oracle 23c New Features For DBAs and Developers.pptx
Remote DBA Services
 
ALGIT - Assembly Line for Green IT - Numbers, Data, Facts
ALGIT - Assembly Line for Green IT - Numbers, Data, FactsALGIT - Assembly Line for Green IT - Numbers, Data, Facts
ALGIT - Assembly Line for Green IT - Numbers, Data, Facts
Green Software Development
 
Top 9 Trends in Cybersecurity for 2024.pptx
Top 9 Trends in Cybersecurity for 2024.pptxTop 9 Trends in Cybersecurity for 2024.pptx
Top 9 Trends in Cybersecurity for 2024.pptx
devvsandy
 
UI5con 2024 - Boost Your Development Experience with UI5 Tooling Extensions
UI5con 2024 - Boost Your Development Experience with UI5 Tooling ExtensionsUI5con 2024 - Boost Your Development Experience with UI5 Tooling Extensions
UI5con 2024 - Boost Your Development Experience with UI5 Tooling Extensions
Peter Muessig
 
在线购买加拿大英属哥伦比亚大学毕业证本科学位证书原版一模一样
在线购买加拿大英属哥伦比亚大学毕业证本科学位证书原版一模一样在线购买加拿大英属哥伦比亚大学毕业证本科学位证书原版一模一样
在线购买加拿大英属哥伦比亚大学毕业证本科学位证书原版一模一样
mz5nrf0n
 
Odoo ERP Vs. Traditional ERP Systems – A Comparative Analysis
Odoo ERP Vs. Traditional ERP Systems – A Comparative AnalysisOdoo ERP Vs. Traditional ERP Systems – A Comparative Analysis
Odoo ERP Vs. Traditional ERP Systems – A Comparative Analysis
Envertis Software Solutions
 
Requirement Traceability in Xen Functional Safety
Requirement Traceability in Xen Functional SafetyRequirement Traceability in Xen Functional Safety
Requirement Traceability in Xen Functional Safety
Ayan Halder
 
Mobile App Development Company In Noida | Drona Infotech
Mobile App Development Company In Noida | Drona InfotechMobile App Development Company In Noida | Drona Infotech
Mobile App Development Company In Noida | Drona Infotech
Drona Infotech
 
Fundamentals of Programming and Language Processors
Fundamentals of Programming and Language ProcessorsFundamentals of Programming and Language Processors
Fundamentals of Programming and Language Processors
Rakesh Kumar R
 
Top Benefits of Using Salesforce Healthcare CRM for Patient Management.pdf
Top Benefits of Using Salesforce Healthcare CRM for Patient Management.pdfTop Benefits of Using Salesforce Healthcare CRM for Patient Management.pdf
Top Benefits of Using Salesforce Healthcare CRM for Patient Management.pdf
VALiNTRY360
 
zOS Mainframe JES2-JES3 JCL-JECL Differences
zOS Mainframe JES2-JES3 JCL-JECL DifferenceszOS Mainframe JES2-JES3 JCL-JECL Differences
zOS Mainframe JES2-JES3 JCL-JECL Differences
YousufSait3
 
How Can Hiring A Mobile App Development Company Help Your Business Grow?
How Can Hiring A Mobile App Development Company Help Your Business Grow?How Can Hiring A Mobile App Development Company Help Your Business Grow?
How Can Hiring A Mobile App Development Company Help Your Business Grow?
ToXSL Technologies
 
Microservice Teams - How the cloud changes the way we work
Microservice Teams - How the cloud changes the way we workMicroservice Teams - How the cloud changes the way we work
Microservice Teams - How the cloud changes the way we work
Sven Peters
 

Recently uploaded (20)

Oracle Database 19c New Features for DBAs and Developers.pptx
Oracle Database 19c New Features for DBAs and Developers.pptxOracle Database 19c New Features for DBAs and Developers.pptx
Oracle Database 19c New Features for DBAs and Developers.pptx
 
Modelling Up - DDDEurope 2024 - Amsterdam
Modelling Up - DDDEurope 2024 - AmsterdamModelling Up - DDDEurope 2024 - Amsterdam
Modelling Up - DDDEurope 2024 - Amsterdam
 
Need for Speed: Removing speed bumps from your Symfony projects ⚡️
Need for Speed: Removing speed bumps from your Symfony projects ⚡️Need for Speed: Removing speed bumps from your Symfony projects ⚡️
Need for Speed: Removing speed bumps from your Symfony projects ⚡️
 
Measures in SQL (SIGMOD 2024, Santiago, Chile)
Measures in SQL (SIGMOD 2024, Santiago, Chile)Measures in SQL (SIGMOD 2024, Santiago, Chile)
Measures in SQL (SIGMOD 2024, Santiago, Chile)
 
Lecture 2 - software testing SE 412.pptx
Lecture 2 - software testing SE 412.pptxLecture 2 - software testing SE 412.pptx
Lecture 2 - software testing SE 412.pptx
 
Transform Your Communication with Cloud-Based IVR Solutions
Transform Your Communication with Cloud-Based IVR SolutionsTransform Your Communication with Cloud-Based IVR Solutions
Transform Your Communication with Cloud-Based IVR Solutions
 
2024 eCommerceDays Toulouse - Sylius 2.0.pdf
2024 eCommerceDays Toulouse - Sylius 2.0.pdf2024 eCommerceDays Toulouse - Sylius 2.0.pdf
2024 eCommerceDays Toulouse - Sylius 2.0.pdf
 
Oracle 23c New Features For DBAs and Developers.pptx
Oracle 23c New Features For DBAs and Developers.pptxOracle 23c New Features For DBAs and Developers.pptx
Oracle 23c New Features For DBAs and Developers.pptx
 
ALGIT - Assembly Line for Green IT - Numbers, Data, Facts
ALGIT - Assembly Line for Green IT - Numbers, Data, FactsALGIT - Assembly Line for Green IT - Numbers, Data, Facts
ALGIT - Assembly Line for Green IT - Numbers, Data, Facts
 
Top 9 Trends in Cybersecurity for 2024.pptx
Top 9 Trends in Cybersecurity for 2024.pptxTop 9 Trends in Cybersecurity for 2024.pptx
Top 9 Trends in Cybersecurity for 2024.pptx
 
UI5con 2024 - Boost Your Development Experience with UI5 Tooling Extensions
UI5con 2024 - Boost Your Development Experience with UI5 Tooling ExtensionsUI5con 2024 - Boost Your Development Experience with UI5 Tooling Extensions
UI5con 2024 - Boost Your Development Experience with UI5 Tooling Extensions
 
在线购买加拿大英属哥伦比亚大学毕业证本科学位证书原版一模一样
在线购买加拿大英属哥伦比亚大学毕业证本科学位证书原版一模一样在线购买加拿大英属哥伦比亚大学毕业证本科学位证书原版一模一样
在线购买加拿大英属哥伦比亚大学毕业证本科学位证书原版一模一样
 
Odoo ERP Vs. Traditional ERP Systems – A Comparative Analysis
Odoo ERP Vs. Traditional ERP Systems – A Comparative AnalysisOdoo ERP Vs. Traditional ERP Systems – A Comparative Analysis
Odoo ERP Vs. Traditional ERP Systems – A Comparative Analysis
 
Requirement Traceability in Xen Functional Safety
Requirement Traceability in Xen Functional SafetyRequirement Traceability in Xen Functional Safety
Requirement Traceability in Xen Functional Safety
 
Mobile App Development Company In Noida | Drona Infotech
Mobile App Development Company In Noida | Drona InfotechMobile App Development Company In Noida | Drona Infotech
Mobile App Development Company In Noida | Drona Infotech
 
Fundamentals of Programming and Language Processors
Fundamentals of Programming and Language ProcessorsFundamentals of Programming and Language Processors
Fundamentals of Programming and Language Processors
 
Top Benefits of Using Salesforce Healthcare CRM for Patient Management.pdf
Top Benefits of Using Salesforce Healthcare CRM for Patient Management.pdfTop Benefits of Using Salesforce Healthcare CRM for Patient Management.pdf
Top Benefits of Using Salesforce Healthcare CRM for Patient Management.pdf
 
zOS Mainframe JES2-JES3 JCL-JECL Differences
zOS Mainframe JES2-JES3 JCL-JECL DifferenceszOS Mainframe JES2-JES3 JCL-JECL Differences
zOS Mainframe JES2-JES3 JCL-JECL Differences
 
How Can Hiring A Mobile App Development Company Help Your Business Grow?
How Can Hiring A Mobile App Development Company Help Your Business Grow?How Can Hiring A Mobile App Development Company Help Your Business Grow?
How Can Hiring A Mobile App Development Company Help Your Business Grow?
 
Microservice Teams - How the cloud changes the way we work
Microservice Teams - How the cloud changes the way we workMicroservice Teams - How the cloud changes the way we work
Microservice Teams - How the cloud changes the way we work
 

Introduction to Consul

  • 2. What is it? Consul is a service mesh that provides a solution to architectural challenges of operating a micro-services architecture.
  • 3. Service mesh: Definition • A Service mesh is a mesh of proxies that services can plug into, to completely abstract the network away. It’s comprised of two key architectural components • a data plane which forwards traffic to other services via sidecars • a control plane which handles configuration, administrative, security and monitoring related functions.
  • 4. Service mesh: Core set of features Service Mesh Service discovery: registry and discovery of services Telemetry: collection of metrics and tracing identifiers Security: TLS-based encryption including key management Routing: intelligent load balancing and network routing, better health checks, automatic deployment patterns such as blue-green or canary deployments Resilience: retries, timeouts and circuit breakers
  • 5. Consul Service discovery Service segmentation Service configuration Consul offers service mesh capability; which is a combination of 3 distinct pillars.
  • 6. Service discovery challenge Two services on a distributed system have to discover one-another to interact

  • 7. Traditional approach • A load balancer between two services allows two way traffic between multiple instances of same service • Problems: • Load balancers are a single point of failure. • Load balancers are manually managed in most cases. If we add another instance of service, it will not be readily available. We will need to register that service into the load balancer to make it accessible • Load balancers increase the latency of inter-service communication.
  • 8. Consul's approach to service discovery • Consul has a complete and up-to-date map of all the hosts in the network, in its registry. • Consul knows location of services because each service registers with its local Consul client upon start-up. • When a service needs to discover another dependent service for consumption, consumed service's instances are sought by querying the registry. Registry is can be queried using HTTP API or exposed as DNS Registry of consul resolves logical name to IP address of an instance, levelling load and masking all instance failures Register with local Consul client upon start-up for registration
  • 9. Configuration management challenge Maintaining consistency between the configuration on different services after each update is a challenge; especially when it has to be managed dynamically. Monolith to micro services
  • 10. Consul's approach to configuration management • Central key-value store captures the configuration information in Consul. • Changes to configuration is pushed in real-time and propagated to all the services; there by dynamically managing them.
  • 11. Network segmentation challenge: Traditional approach Traditionally, 3-tier zoning system allowed us to segment our network's traffic providing Only the load balancers zone can reach into the application zone and only the application zone can reach into the data zone. 
 It is a straightforward zoning system, simple to implement and manage. Demilitarised zone Application zone Data zone
  • 12. Network segmentation challenge: Micro services Network traffic and access patterns become complicated across different services. Unlike in monoliths where the traffic flow was sequential, traffic emerging from a service’s endpoint might reach different collaborating services. As various service producers and consumers exist, it becomes essential to identify the source of traffic and verify that it emerges from a verified and trusted entity.
  • 13. Network segmentation challenge: Micro services Controlling the flow of traffic and segmenting the network into groups becomes a critical issue. One must ensure that strict rules are enforced to partition the network based on allowed access pattern. Centralised view of traffic flow between services or access pattern arises.
  • 14. Consul's approach to segmentation • Zero trust network - A security posture where the traffic inside our network is subjected to checks, similar to traffic emerging from outside sources.
  • 15. Consul's approach to segmentation • Consul maintains a centrally managed definition of services and a white-list of collaboration pattern between services. • Service graph: Access pattern rule is elevated to logical level, independent of scale. This is different from rules traditionally set in a firewall, which are tied to the management unit; typically between IP-addresses. • Identity assertion: TLS certificates are issued for services to uniquely identify them. Consul generates certificates and collaborates with external certificate authorities allowing them to sign the generated certificates automatically and rotate them. Service-level policy enforcement to define traffic pattern and segmentation using Consul
  • 16. Consul connect • Dedicated feature of Consul that enrols inter-service communication policies and implements it as part of the service graph • Access controls are implemented through proxies that run as a side-car. A service interacts with other services by going through its side-car proxy. • Proxies across services use certificate authority to verify consuming service's identity and encrypt the traffic between them using mutual TLS; not being reliant on network within the data centre. • Non TLS aware applications can now leverage the benefit of encrypting the data in transit by delegating the responsibility to proxies. A proxy validates the request against the rules in service graph to validate the request.
  • 18. Consul’s architecture: Distributed and highly available • Consul is distributed system where agent nodes communicate with server nodes. • Servers are responsible to maintain the cluster's state • An agent is responsible to perform health checks of on the node it's running and also of the services running on that node. Consul Agent sits on a node and talks to other agents on the network synchronising all service-level information
  • 19. Consul agent • The Consul agent runs on every node where you want to keep track of services. • A node can be a physical server, VM, or container. • The agent tracks information about the node and its associated services. • Agents report this information to the Consul servers, where we have a central view of node and service status.
  • 20. Consul servers • Consul servers work together to elect a single leader, which becomes the primary source of truth for the cluster. • All updates to the cluster are forwarded to the cluster leader. If the leader goes down one of the other servers can immediately take its place. • A typical production setup is composed of an odd number of servers (3, 5, 7 etc) to ensure the cluster is still running in case a node fails.
  • 22. Development mode, server and client agents • Consul is a static binary written in Go. • Following sections demonstrate Consul in development mode; which must NOT be used in production. Development node contains single node, which is treated as a server by default. • In production one would run each Consul agent in either in server or client mode. • Each Consul datacenter must have at least one server, which is responsible for maintaining Consul's state. In order to make sure that Consul's state is preserved even if a server fails, one should always run either three or five servers in production. • Non-server agents run in client mode. A client is a lightweight process that registers services, runs health checks, and forwards queries to servers. A client must be running on every node in the Consul datacenter that runs services, since clients are the source of truth about service health
  • 23. Start consul agent in development mode
  • 24. Check members of Consul’s network using CLI and HTTP API • Development mode has a single node cluster. • Members of the cluster can be listed using consul’s CLI which offers an eventually consistent view. The members command runs against the Consul client, which gets its information via gossip protocol.  • Consul also provides a rich HTTP API which in development mode listens on port 8500 by default. The HTTP API offers a strongly consistent view as the request is forwarded to Consul servers. • The /catalog endpoint allows one to register, deregister and list nodes and services.
  • 25. DNS interface • Consul offers DNS interface to discover nodes. • Unless caching is enabled, it forwards the query to Consul servers. • Consul agent's DNS server runs on port 8600 by default. 
  • 26. • Consul's web UI allows you to view and interact with Consul via a graphical user interface • As the agent is running in development mode, the UI is automatically enabled at http://localhost:8500/ui • Services: a list of all registered services including their health, tags, type, and source • Nodes: an overview of the entire datacenter including the health status of each node Consul Web UI
  • 27. • Key/Value: A page for Consul key-value pairs where the keys page has a folder-like structure. Objects appear nested according to their key prefix. • Access Control Lists (ACLs): Consul uses Access Control Lists (ACLs) to secure the UI, API, CLI, service communications, and agent communications. ACLs operate by grouping rules into policies, then associating one or more policies with a token. ACLs are imperative for all Consul production environments. • Intentions: Services are secured by defining intentions in Consul. Intentions describe a white list of allowed communication between service producers and consumers. Consul Web UI
  • 28. Services Register a Service with health check 
 Use service discovery to query the service
  • 29. Service: HTTP Echo • A small GO web server • It serves the contents with which it was started as a HTML page • The default port is 5678, but this is configurable via the -listen flag:
 http-echo -listen=:8080 -text=“Hi there!”
  • 30. Define a service in consul • Register the service either by providing a service definition • Create a dedicated directory for Consul's configuration files • Create a service definition configuration file by naming the service hello running on port 8080. Once can create multiple service definition files to register multiple services. • check part of service definition adds a HTTP based health check which tries to connect to the web service every 10 seconds with 1 second time-out. • Any 2xx code is considered passing, a 429 Too ManyRequests is a warning, and anything else is a failure.
  • 31. • Re(start) the agent by specifying the configuration directory and • Notice that agent loaded the service definition from the configuration file and has successfully registered it in the service catalog. Define a service in consul
  • 32. Consul UI • Consul agent is to manage system-level and application-level health checks.  • A health check is considered to be application-level if it is associated with a service. • If not associated with a service, the check monitors the health of the entire node.
  • 33. Query the service using HTTP API • The HTTP API lists all nodes hosting a given service. • One can adjust the HTTP API query to look for only healthy instances as shown below • http://localhost:8500/v1/health/service/hello? passing
  • 34. Query the service using DNS • The DNS name for a service registered with Consul is <registered-service-name>.service.consul • By default, all DNS names are in the consul namespace • A record is returned containing the IP address where the service was registered • DNS query automatically filters out unhealthy service instances
  • 35. Service mesh with consul connect Start services
 Register and start side car proxies Manage communication between services using intentions
  • 36. Traditional set-up greeter http-consumer Direct consumption over http using IP address to locate dependency 9090 8080
  • 37. Greeter service • Create a network named ‘consul’ to allow inter container communication using the command
 
 docker network create -o com.docker.network.bridge.enable_icc=true consul • Start the greeter service using the public docker image image bloque/greeter • The container belongs to the network consul and service listens on port 9090 and exposes three endpoints • /health-check • /greet/<name> • /joke
  • 38. HTTP-consumer service • The service is an utility that makes a HTTP GET request to URL supplied by environment variable SERVICE_URL every 2 seconds • Identify the IP address of the greeter container that’s running within the network consul and use it to set the environment variable for http-consumer container upon start-up. • Please utilise the public docker image bloque/http-consumer and start the container as shown
  • 39. Target set-up using consul connect Side car proxy Side car proxy greeter http-consumer Mutual TLS Upstream 
 service Dependent 
 service Service discovery and access control 9090 9192 Sidecar proxy listens to port 9192 and establishes mutual TLS connection with greeter
  • 40. Register the Greeter service 1. Create a service definition for greeter service (ideally greeting.json) in location /etc/consul.d/ 2. Consul will look for a service running on port 9090 and advertise it as the greeter service. 1. On a properly configured node, this can be reached as greeter.service.consul through DNS. 3. A blank proxy is defined. This enables proxy communication for greeter service through Consul Connect on a dynamically allocated port. 1. Consul bundles L4 proxy for testing purposes but in production, one must use envoy. 4. A health check examines the local /health-check endpoint every 30 seconds to determine whether the service is healthy and can be exposed to other services.
  • 41. DNS look-up for greeter service
  • 42. Start the Greeter service 1.Start the greeter service on port 9090 as it was specified in service configuration file greeter.json
  • 43. Start the proxy for Greeter service 1. Reload consul for configuration refresh and start the side-car 2. Monitor the logs of consul agent for verification 3. Also, check the management console.
  • 44. Register the dependent ‘http-consumer’ service with its proxy • Register the service with Consul using a new service definition • Create a service definition for http- consumer service (ideally http- consumer.json) in location /etc/consul.d/ • http-consumer service shall communicate with greeter service through corresponding encrypted side-car proxies • Proxy configuration specifies http- consumer's upstream dependency on greeter service, and the port 9192 at which proxy should listen in order to establish mutual TLS connection.
  • 45. Register the dependent ‘http-consumer’ service with its proxy • Start the proxy process for http-consumer • Start the http-consumer service supplying the address of its side-car proxy to communicate
  • 46. Result • The service http-consumer communicates to its proxy http-consumer-sidecar-proxy on port 9192 • The side-car proxy http-consumer- sidecar-proxy then encrypts its traffic and send it over the network to the sidecar proxy for greeter service which is greeter- sidecar-proxy • greeter-sidecar-proxy decrypts the traffic and send it locally to greeter service on a loopback address at port 9090
  • 48. Intentions • Intentions control communication between services. • In development mode, the default ACL is “allow-all” connections • Intentions allow one to segment the network relying on the services' logical names rather than the IP addresses of each individual service instance.  • An intention is created here to deny access from http-consumer to greeter service. • It specifies policy, source and destination services.
  • 50. Key-value store • Consul includes a key value store, which you can use to • dynamically configure applications, • coordinate services, • manage leader election and more • There are three ways to interact with the Consul KV store • HTTP API • Command line interface • Consul UI
  • 52. Automate service configuration using consul template • Consul template is a small agent that can manage files and populate them with data from the Consul’s key-value store. • Installation can be done via home-brew • brew install consul-template • Consul template takes a template file with placeholders pointing to KV entries, processes it and saves in a new file with values populated. • It can run in a loop, thus providing near real time synchronisation
  • 53. Consul template in action • Consul template utilises the template file hello.tpl and substitutes values in handle-bar like placeholders i.e. {{ }} by consulting consul’s key-value store • By default, Consul template runs continuously to apply new values for supplied keys as soon as they’re available. • For demonstration purpose, here the -once flag is used to apply the substitution only once.