awsappmesh.pdf
0 likes4 views
AWS App Mesh is a service mesh that provides visibility and traffic controls for microservices applications. It consists of proxies, virtual nodes, services and routers. The document describes adding App Mesh to an example application with two services - serviceA and serviceB. It involves creating a mesh, virtual services for each service, virtual nodes pointing to the actual services, and a virtual router with routes to distribute traffic between the nodes. This allows controlling and splitting traffic between versions without code changes.
!["listeners": [
{
"portMapping": {
"port": 80,
"protocol": "http2"
}
}
],
"serviceDiscovery": {
"dns": {
"hostname": "serviceB.apps.local"
}
}
},
"virtualNodeName": "serviceB"
}
2. Create the virtual node with the create-virtual-node command using the JSON file as input.
aws appmesh create-virtual-node --cli-input-json file://create-virtual-nodeserviceb.
Json
Step 3: Create a virtual router and route
Virtual routers route traffic for one or more virtual services within your mesh. For more information, see
Virtual routers (p. 68) and Routes (p. 69).
Create the following resources:
• A virtual router named serviceB, since the serviceB.apps.local virtual service does not initiate
outbound communication with any other service. Remember that the virtual service that you created
previously is an abstraction of your actual serviceb.apps.local service. The virtual service sends
traffic to the virtual router. The virtual router will listen for traffic using the HTTP/2 protocol on port
80. Other protocols are also supported.
• A route named serviceB. It will route 100 percent of its traffic to the serviceB virtual node. You
will change the weight in a later step once you have added the serviceBv2 virtual node. Though
not covered in this guide, you can add additional filter criteria for the route and add a retry policy to
cause the Envoy proxy to make multiple attempts to send traffic to a virtual node when it experiences
a communication problem.
AWS Management Console
1. For Virtual router name, enter serviceB.
2. Under Listener configuration, choose http2 for Protocol and specify 80 for Port.
3. For Route name, enter serviceB.
4. For Route type, choose http2.
5. For Virtual node name under Target configuration, select serviceB and enter 100 for
Weight.
6. Under Match configuration, choose a Method.
7. To continue, choose Next.
AWS CLI
1. Create a virtual router.
a. Create a file named create-virtual-router.json with the following contents:
{
"meshName": "apps",
"spec": {
"listeners": [
{
"portMapping": {
"port": 80,
"protocol": "http2"
}
}
]
},
"virtualRouterName": "serviceB"
}
b. Create the virtual router with the create-virtual-router command using the JSON file as
input.
aws appmesh create-virtual-router --cli-input-json file://create-virtualrouter.
Json
2. Create a route.
a. Create a file named create-route.json with the following contents:
{
"meshName" : "apps",
"routeName" : "serviceB",](https://image.slidesharecdn.com/awsappmesh-221119235303-2a613483/85/awsappmesh-pdf-4-320.jpg)
!["spec" : {
"httpRoute" : {
"action" : {
"weightedTargets" : [
{
"virtualNode" : "serviceB",
"weight" : 100
}
]
},
"match" : {
"prefix" : "/"
}
}
},
"virtualRouterName" : "serviceB"
}
b. Create the route with the create-route command using the JSON file as input.
aws appmesh create-route --cli-input-json file://create-route.json
Step 4: Review and create
Review the settings against the previous instructions.
AWS Management Console
Choose Edit if you need to make changes in any section. Once you are satisfied with the settings,
choose Create mesh.
The Status screen shows you all of the mesh resources that were created. You can see the created
resources in the console by selecting View mesh.
AWS CLI
Review the settings of the mesh you created with the describe-mesh command.
aws appmesh describe-mesh --mesh-name apps
Review the settings of the virtual service that you created with the describe-virtual-service
command.
aws appmesh describe-virtual-service --mesh-name apps --virtual-service-name
serviceb.apps.local
Review the settings of the virtual node that you created with the describe-virtual-node command.
aws appmesh describe-virtual-node --mesh-name apps --virtual-node-name serviceB
Review the settings of the virtual router that you created with the describe-virtual-router command.
aws appmesh describe-virtual-router --mesh-name apps --virtual-router-name serviceB
Review the settings of the route that you created with the describe-route command.
aws appmesh describe-route --mesh-name apps
--virtual-router-name serviceB --route-name service
Step 5: Create additional resources
To complete the scenario, you need to:
• Create one virtual node named serviceBv2 and another named serviceA. Both virtual nodes
listen for requests over HTTP/2 port 80. For the serviceA virtual node, configure a backend of
serviceb.apps.local, since all outbound traffic from the serviceA virtual node is sent to the
virtual service named serviceb.apps.local. Though not covered in this guide, you can also specify
a file path to write access logs to for a virtual node.
• Create one additional virtual service named servicea.apps.local, which will send all traffic
directly to the serviceA virtual node.
• Update the serviceB route that you created in a previous step to send 75 percent of its traffic
to the serviceB virtual node and 25 percent of its traffic to the serviceBv2 virtual node. Over
time, you can continue to modify the weights until serviceBv2 receives 100 percent of the traffic.
Once all traffic is sent to serviceBv2, you can shut down and discontinue the serviceB virtual
node and actual service. As you change weights, your code does not require any modification,
because the serviceb.apps.local virtual and actual service names don't change. Recall that the
serviceb.apps.local virtual service sends traffic to the virtual router, which routes the traffic to
the virtual nodes. The service discovery names for the virtual nodes can be changed at any time.
AWS Management Console
1. In the left navigation pane, select Meshes.
2. Select the apps mesh that you created in a previous step.
3. In the left navigation pane, select Virtual nodes.
4. Choose Create virtual node.
5. For Virtual node name, enter serviceBv2, for Service discovery method, choose DNS, and for
DNS hostname, enter servicebv2.apps.local.
6. For Listener configuration, select http2 for Protocol and enter 80 for Port.](https://image.slidesharecdn.com/awsappmesh-221119235303-2a613483/85/awsappmesh-pdf-5-320.jpg)
awsappmesh.pdf
- 1. AWS App Mesh AWS App Mesh is a service mesh that makes it easy to monitor and control services. A service mesh is an infrastructure layer dedicated to handling service-to-service communication, usually through an array of lightweight network proxies deployed alongside the application code. App Mesh standardizes how your services communicate, giving you end-to-end visibility and helping to ensure high availability for your applications. App Mesh gives you consistent visibility and network traffic controls for every service in an application. Adding App Mesh to an example application Consider the following simple example application, that doesn’t use App Mesh. The two services can be running on AWS Fargate, Amazon Elastic Container Service (Amazon ECS), Amazon Elastic Kubernetes Service (Amazon EKS), Kubernetes on Amazon Elastic Compute Cloud (Amazon EC2) instances, or on Amazon EC2 instances with Docker. In this illustration, both serviceA and serviceB are discoverable through the apps.local namespace. Let's say, for example, you decide to deploy a new version of serviceb.apps.local named servicebv2.apps.local. Next, you want to direct a percentage of the traffic from servicea.apps.local to serviceb.apps.local and a percentage to servicebv2.apps.local. When you're sure that servicebv2 is performing well, you want to send 100 percent of the traffic to it. App Mesh can help you do this without changing any application code or registered service names. If you use App Mesh with this example application, then your mesh might look like the following illustration.
- 2. In this configuration, the services no longer communicate with each other directly. Instead, they communicate with each other through a proxy. The proxy deployed with the servicea.apps.local service reads the App Mesh configuration and sends traffic to serviceb.apps.local or servicebv2.apps.local, based on the configuration. Components of App Mesh App Mesh is made up of the following components, illustrated in the previous example: • Service mesh – A service mesh is a logical boundary for network traffic between the services that reside within it. In the example, the mesh is named apps, and it contains all other resources for the mesh. For more information. • Virtual services – A virtual service is an abstraction of an actual service that is provided by a virtual node, directly or indirectly, by means of a virtual router. In the illustration, two virtual services represent the two actual services. The names of the virtual services are the discoverable names of the actual services. When a virtual service and an actual service have the same name, multiple services can communicate with each other using the same names that they used before App Mesh was implemented. For more information. • Virtual nodes – A virtual node acts as a logical pointer to a discoverable service, such as an Amazon ECS or Kubernetes service. For each virtual service, you will have at least one virtual node. In the illustration, the servicea.apps.local virtual service gets configuration information for the virtual node named serviceA. The serviceA virtual node is configured with the servicea.apps.local name for service discovery. The serviceb.apps.local virtual service is configured to route traffic to the serviceB and serviceBv2 virtual nodes through a virtual router named serviceB. For more information.
- 3. • Virtual routers and routes – Virtual routers handle traffic for one or more virtual services within your mesh. A route is associated to a virtual router. The route is used to match requests for the virtual router and to distribute traffic to its associated virtual nodes. In the previous illustration, the serviceB virtual router has a route that directs a percentage of traffic to the serviceB virtual node, and a percentage of traffic to the serviceBv2 virtual node. You can set the percentage of traffic routed to a particular virtual node and change it over time. You can route traffic based on criteria such as HTTP headers, URL paths, or gRPC service and method names. You can configure retry policies to retry a connection if there is an error in the response. For example, in the illustration, the retry policy for the route can specify that a connection to serviceb.apps.local is retried five times, with ten seconds between retry attempts, if serviceb.apps.local returns specific types of errors. For more information. • Proxy – You configure your services to use the proxy after you create your mesh and its resources. The proxy reads the App Mesh configuration and directs traffic appropriately. In the illustration, all communication from servicea.apps.local to serviceb.apps.local goes through the proxy deployed with each service. The services communicate with each other using the same service discovery names that they used before introducing App Mesh. Because the proxy reads the App Mesh configuration, you can control how the two services communicate with each other. When you want change the App Mesh configuration, you don’t need to change or redeploy the services themselves or the proxies. For more information. Step 1: Create a mesh and virtual service A service mesh is a logical boundary for network traffic between the services that reside within it. For more information, see Service Meshes (p. 56). A virtual service is an abstraction of an actual service. For more information, see Virtual services (p. 56). Create the following resources: • A mesh named apps, since all of the services in the scenario are registered to the apps.local namespace. • A virtual service named serviceb.apps.local, since the virtual service represents a service that is discoverable with that name, and you don't want to change your code to reference another name. A virtual service named servicea.apps.local is added in a later step. You can use the AWS Management Console or the AWS CLI version 1.18.116 or higher or 2.0.38 or higher to complete the following steps. If using the AWS CLI, use the aws --version command to check your installed AWS CLI version. If you don't have version 1.18.116 or higher or 2.0.38 or higher installed, then you must install or update the AWS CLI. Select the tab for the tool that you want to use. AWS Management Console 1. Open the App Mesh console first-run wizard at https://console.aws.amazon.com/appmesh/getstarted. 2. For Mesh name, enter apps. 3. For Virtual service name, enter serviceb.apps.local. 4. To continue, choose Next. AWS CLI 1. Create a mesh with the create-mesh command. aws appmesh create-mesh --mesh-name apps 2. Create a virtual service with the create-virtual-service command. aws appmesh create-virtual-service --mesh-name apps --virtual-service-name serviceb.apps.local --spec {} Step 2: Create a virtual node A virtual node acts as a logical pointer to an actual service. For more information, see Virtual nodes (p. 63). Create a virtual node named serviceB, since one of the virtual nodes represents the actual service named serviceB. The actual service that the virtual node represents is discoverable through DNS with a hostname of serviceb.apps.local. Alternately, you can discover actual services using AWS Cloud Map. The virtual node will listen for traffic using the HTTP/2 protocol on port 80. Other protocols are also supported, as are health checks. You will create virtual nodes for serviceA and serviceBv2 in a later step. AWS Management Console 1. For Virtual node name, enter serviceB. 2. For Service discovery method, choose DNS and enter serviceb.apps.local for DNS hostname. 3. Under Listener configuration, choose http2 for Protocol and enter 80 for Port. 4. To continue, choose Next. AWS CLI 1. Create a file named create-virtual-node-serviceb.json with the following contents: { "meshName": "apps", "spec": {
- 4. "listeners": [ { "portMapping": { "port": 80, "protocol": "http2" } } ], "serviceDiscovery": { "dns": { "hostname": "serviceB.apps.local" } } }, "virtualNodeName": "serviceB" } 2. Create the virtual node with the create-virtual-node command using the JSON file as input. aws appmesh create-virtual-node --cli-input-json file://create-virtual-nodeserviceb. Json Step 3: Create a virtual router and route Virtual routers route traffic for one or more virtual services within your mesh. For more information, see Virtual routers (p. 68) and Routes (p. 69). Create the following resources: • A virtual router named serviceB, since the serviceB.apps.local virtual service does not initiate outbound communication with any other service. Remember that the virtual service that you created previously is an abstraction of your actual serviceb.apps.local service. The virtual service sends traffic to the virtual router. The virtual router will listen for traffic using the HTTP/2 protocol on port 80. Other protocols are also supported. • A route named serviceB. It will route 100 percent of its traffic to the serviceB virtual node. You will change the weight in a later step once you have added the serviceBv2 virtual node. Though not covered in this guide, you can add additional filter criteria for the route and add a retry policy to cause the Envoy proxy to make multiple attempts to send traffic to a virtual node when it experiences a communication problem. AWS Management Console 1. For Virtual router name, enter serviceB. 2. Under Listener configuration, choose http2 for Protocol and specify 80 for Port. 3. For Route name, enter serviceB. 4. For Route type, choose http2. 5. For Virtual node name under Target configuration, select serviceB and enter 100 for Weight. 6. Under Match configuration, choose a Method. 7. To continue, choose Next. AWS CLI 1. Create a virtual router. a. Create a file named create-virtual-router.json with the following contents: { "meshName": "apps", "spec": { "listeners": [ { "portMapping": { "port": 80, "protocol": "http2" } } ] }, "virtualRouterName": "serviceB" } b. Create the virtual router with the create-virtual-router command using the JSON file as input. aws appmesh create-virtual-router --cli-input-json file://create-virtualrouter. Json 2. Create a route. a. Create a file named create-route.json with the following contents: { "meshName" : "apps", "routeName" : "serviceB",
- 5. "spec" : { "httpRoute" : { "action" : { "weightedTargets" : [ { "virtualNode" : "serviceB", "weight" : 100 } ] }, "match" : { "prefix" : "/" } } }, "virtualRouterName" : "serviceB" } b. Create the route with the create-route command using the JSON file as input. aws appmesh create-route --cli-input-json file://create-route.json Step 4: Review and create Review the settings against the previous instructions. AWS Management Console Choose Edit if you need to make changes in any section. Once you are satisfied with the settings, choose Create mesh. The Status screen shows you all of the mesh resources that were created. You can see the created resources in the console by selecting View mesh. AWS CLI Review the settings of the mesh you created with the describe-mesh command. aws appmesh describe-mesh --mesh-name apps Review the settings of the virtual service that you created with the describe-virtual-service command. aws appmesh describe-virtual-service --mesh-name apps --virtual-service-name serviceb.apps.local Review the settings of the virtual node that you created with the describe-virtual-node command. aws appmesh describe-virtual-node --mesh-name apps --virtual-node-name serviceB Review the settings of the virtual router that you created with the describe-virtual-router command. aws appmesh describe-virtual-router --mesh-name apps --virtual-router-name serviceB Review the settings of the route that you created with the describe-route command. aws appmesh describe-route --mesh-name apps --virtual-router-name serviceB --route-name service Step 5: Create additional resources To complete the scenario, you need to: • Create one virtual node named serviceBv2 and another named serviceA. Both virtual nodes listen for requests over HTTP/2 port 80. For the serviceA virtual node, configure a backend of serviceb.apps.local, since all outbound traffic from the serviceA virtual node is sent to the virtual service named serviceb.apps.local. Though not covered in this guide, you can also specify a file path to write access logs to for a virtual node. • Create one additional virtual service named servicea.apps.local, which will send all traffic directly to the serviceA virtual node. • Update the serviceB route that you created in a previous step to send 75 percent of its traffic to the serviceB virtual node and 25 percent of its traffic to the serviceBv2 virtual node. Over time, you can continue to modify the weights until serviceBv2 receives 100 percent of the traffic. Once all traffic is sent to serviceBv2, you can shut down and discontinue the serviceB virtual node and actual service. As you change weights, your code does not require any modification, because the serviceb.apps.local virtual and actual service names don't change. Recall that the serviceb.apps.local virtual service sends traffic to the virtual router, which routes the traffic to the virtual nodes. The service discovery names for the virtual nodes can be changed at any time. AWS Management Console 1. In the left navigation pane, select Meshes. 2. Select the apps mesh that you created in a previous step. 3. In the left navigation pane, select Virtual nodes. 4. Choose Create virtual node. 5. For Virtual node name, enter serviceBv2, for Service discovery method, choose DNS, and for DNS hostname, enter servicebv2.apps.local. 6. For Listener configuration, select http2 for Protocol and enter 80 for Port.
- 6. 7. Choose Create virtual node. 8. Choose Create virtual node again. Enter serviceA for the Virtual node name. For Service discovery method, choose DNS, and for DNS hostname, enter servicea.apps.local. 9. For Enter a virtual service name under New backend, enter servicea.apps.local. 10. Under Listener configuration, choose http2 for Protocol, enter 80 for Port, and then choose Create virtual node. 11. In the left navigation pane, select Virtual routers and then select the serviceB virtual router from the list. 12. Under Routes, select the route named ServiceB that you created in a previous step, and choose Edit. 13. Under Targets, Virtual node name, change the value of Weight for serviceB to 75. 14. Choose Add target, choose serviceBv2 from the dropdown list, and set the value of Weight to 25. 15. Choose Save. 16. In the left navigation pane, select Virtual services and then choose Create virtual service. 17. Enter servicea.apps.local for Virtual service name, select Virtual node for Provider, select serviceA for Virtual node, and then choose Create virtual service.