In this session, learn about how AWS App Mesh can help give you end-to-end visibility and manage traffic routing to ensure high availability for your microservice. We will cover what the need for a service mesh, capabilities of App Mesh, and show you a demo.

1. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T
Service Mesh Magic
M A D 3 0 1
Dr. Frank Munz
Senior Technical Evangelist
Amazon Web Services
@frankmunz

2. © 2019, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
10+ Years Back in Time: SOA
ESB = Service Virtualization Layer
• Reduces complexity #cx:
squared -> linear with ESB
• VETO pattern
• CCC = versioning, monitoring,
security, etc.

3. © 2019, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
Modern Application Architecture: Microservices
Building Blocks
• Containers
• Serverless (FaaS, e.g. AWS Lambda)
• 165 AWS services
• Do NOT stuff everything into container!
-> Container / K8s will not make other cloud services redundant
• EC2

4. © 2019, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
Challenges of Containers at Scale
• More transient
• More distributed and complex
• Networking
• Scheduling / Resource Management
• Not virtualized, but isolated:
containers share Linux kernel
-> Tooling and orchestration required

5. © 2019, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
… so we
built a solution for that

6. © 2019, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
Amazon ECS
Easiest way to deploy and manage
containers at scale
Integration with entire AWS platform
ALB, Auto Scaling, Batch, Elastic Beanstalk,
CloudFormation, CloudTrail, CloudWatch
Events, CloudWatch Logs, CloudWatch
Metrics, ECR, EC2 Spot, IAM, NLB, Parameter
Store, and VPC
Scales to support clusters of any size
Service integrations (like ALB and NLB) are
at container level
1
2
3

7. © 2019, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
Then Kubernetes
entered the stage

8. © 2019, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
… and devOps
❤️
Kubernetes

9. © 2019, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
“Run Kubernetes for me.”

10. © 2019, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
Availability
Zone 1
Availability
Zone 2
Availability
Zone 3
Kubectl
Amazon EKS Architecture

11. © 2019, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
OSSC libraries:
code changes required,
language specific
Service Mesh:
decentral, language agnostic,
polyglot, light-weight
https://www.infoq.com/articles/microservices-post-kubernetes
Need for a Service Mesh
ESB: clustered monolith

12. © 2019, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
Istio Service Mesh with Envoy Proxy

13. © 2019, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
Open Source: Istio Service Mesh
Connect, secure, and observe services
• Shift in where functionality is located
• Control plane = Istio
• Data plane = set of all Envoy proxies
• Envoy proxy as sidecar in K8s pod
• Automatic or manual injection of proxy with EKS

14. © 2019, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
Envoy Proxy
• Level 7 proxy
• HTTP, HTTP/2, gRPC, Amazon Dynamo DB, MongoDB
• C++11 code base , only 8 MB (statically linked)
• No language or framework dependencies
• Rquires no code changes
• Battle proven open source, started at Lyft
• Envoy is not tightly coupled to Istio

15. © 2019, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
Netcraft: Envoy

16. © 2019, Amazon Web Services, Inc. or its Affiliates. All rights reserved. https://martinfowler.com/bliki/BlueGreenDeployment.html
How to update?

17. © 2019, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
But Docker / Kubernetes can do rolling updates!

18. © 2019, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
A bath tub full of cold water ? K8s rolling update
25%
1 pod at a time
… or just wetten your feet? Service Mesh
3%
Traffic routing
🛁 🛁 🛁
💦
🛀🏽🛁
🌊❄️🌊❄️🌊❄️
Fancy a Swim in the Arctic Sea ?
Blue / Green
100%
All services at once
Microservices Update Strategies

19. © 2019, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
But Docker / Kubernetes can do rolling updates!
Yes, but a service mesh separates traffic flow
from replica deployment

20. © 2019, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
… EKS is upstream K8s
and supports
Istio / Envoy

21. © 2019, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
But you asked us for
more…

22. © 2019, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
A mesh for all
compute services

23. S U M M I T © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.

24. © 2019, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
App Mesh works across compute services
Amazon ECS
AWS Fargate
Amazon EKS
Amazon EC2
Kubernetes on EC2

25. © 2019, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
Based on Envoy proxy
Start App Mesh from the AWS CLI, console or SDK
There is no additional charge for using AWS App Mesh
Supports any third-party tool that works with Envoy
App Mesh

26. © 2019, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
How to get started…?

27. © 2019, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
https://eksctl.io/
Tip: Easy way to create an EKS cluster:
$ eksctl create cluster --name meshtest --appmesh-access

28. © 2019, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
Install AppMesh
# AppMesh Installation with Grafana/Prometheus
# and Envoy, AWS X-Ray daemon sidecar
# and StatsD Prometheus exporter
$ helm install -n aws-appmesh
--namespace appmesh-system
https://github.com/PaulMaddox/
aws-appmesh-helm/releases/
latest/download/aws-appmesh.tgz
https://github.com/PaulMaddox/aws-appmesh-helm

29. © 2019, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
Install Demo App
# create ns & enable auto-injection
$ kubectl create ns appmesh-demo
$ kubectl label namespace appmesh-demo
appmesh.k8s.aws/sidecarInjectorWebhook=enabled
# deploy the demo
$ helm install -n aws-appmesh-demo
--namespace appmesh-demo
https://github.com/.../aws-appmesh-demo.tgz

30. © 2019, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
Observability: AWS X-Ray Service Map

31. © 2019, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
AWS X-Ray: Traces

32. © 2019, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
AWS X-Ray: Response Time Precentiles

33. © 2019, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
Open-Source Grafana: AppMesh Overview

34. © 2019, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
Open-Source Grafana: Service View

35. © 2019, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
Logging
HTTP access logging
Amazon CloudWatch Logs
Available as container logs on
Amazon ECS, Amazon EKS,
AWS Fargate
Metrics
CloudWatch metrics
StatsD (with tags)
Prometheus
Tracing
AWS X-Ray
Other Envoy tracing drivers
Observability

36. © 2019, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
Traffic shaping
Load balancing
Weighted targets
Service discovery (DNS + AWS Cloud Map)
Health checks
Retries*
Timeouts*
Circuit breakers*
*Coming soon
Traffic Management
Routing controls
Protocols support (HTTP, TCP, gRPC*)
Path-based
Header-based*
Cookie-based*
Host-based*

37. © 2019, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
App Mesh constructs
Mesh
Virtual node
Virtual router and routes
Virtual service
Create and manage these in App
Mesh API, CLI, SDK, or
AWS Management Console
Proxies
Services
Service discovery
Configure and run proxies and
services on Amazon ECS, Fargate,
Amazon EKS, Amazon EC2
Service discovery with
AWS Cloud Map

38. © 2019, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
App Mesh constructs

39. © 2019, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
AWS App Mesh Roadmap is Public
https://github.com/aws/aws-app-mesh-roadmap

40. © 2019, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
AWS App Mesh
Customers & Partners

41. © 2019, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
Partners

42. © 2019, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
Summary
• Architect wisely
• Running K8s is hard, use a managed K8s service
• EKS is unforked upstream K8s
• A Service Mesh complements K8s:
It adds observability and traffic management
• AWS App Mesh is free to use
and works across compute services

43. © 2019, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
AWS Summit Presentation (App Mesh Deep Dive)
https://www.youtube.com/watch?v=1UDRGlmbiZA

44. © 2019, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
CODE One Presentation (Istio with Envoy on EKS)
https://www.youtube.com/watch?v=fDmJf9kWFws

45. © 2019, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
Thank you!
S U M M I T © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.
frankmunz
@frankmunz https://medium.com/@frank.munz (Blog)
https://speakerdeck.com/fmunz (Slides)