【NOTES】Consul
The followings are the notes taken when spiking Consul.
- host-based to service-based
- service discovery for connectivity
- service registry
- health check
- DNS and HTTP
- keep the real time list of services, location and health
- service segmentation for security
- new approach to secure the service rather than relying on the network
- all the communication is encrypted with TLS
- service configuration for runtime configuration
- let's see the examples...
- static IPs to service discovery
- https://learn.hashicorp.com/consul/getting-started/
- member discovery
- gossip protocol: https://www.consul.io/docs/internals/gossip.html
- eventually consistent
- registration
- service definition
- API call
- DNS
- you can also use tag based domain name lookup
- by sending SIGHUP signal, you can update service definitions, or API calls
- Connect connects with service using TLS
- connect command starts TLS proxy sidecar for registered service
- use intentions to define service communications = service segmentation
- Connect looks very complicated: https://learn.hashicorp.com/consul/getting-started/connect
- To run VM on GCE
- https://cloud.google.com/compute/docs/instances/enable-nested-virtualization-vm-instances
- https://github.com/hashicorp/vagrant/issues/9608
- Enable Intel VT-x instructions for virtualisation
- Only KVM-based hypervisor is supported
- Available for all Linux VM with using Haswell or newer
- Stack in SSHing to VM: https://github.com/hashicorp/vagrant/issues/8157
- node can auto-join on startup
- health check runs as the same user as the Consul process
- exit code >= 2 -> failure
- = 1 -> warning
- member discovery
- https://www.digitalocean.com/community/tutorials/an-introduction-to-using-consul-a-service-discovery-system-on-ubuntu-14-04
- system wide K/V store
- servers and clients (aka agent). and clients contains service monitored by consul
- start one server with bootstrap mode <- leader without election
- after joining all the servers, stop bootstrap mode and re-join as regular member
- place service definition file on service-providing server and run consul agent
- https://www.tutorialspoint.com/consul/
- similar service: etcd, zookeeper
- two modes: client/server
- leader election -> raft algorithm https://raft.github.io/
- RPC is used for server <> client communication
- gossip algorithm: for managing membership
- consul template is a daemon to query and update the system
- it allows you to template configuration files using HCL
- rkt is more secure than Docker?
- DNS default TTL is 0
- consul-alerts daemon to send health check notifications/reminders
- https://sreeninet.wordpress.com/2016/04/17/service-discovery-with-consul/
- In micro-services, services are 1) dynamic and 2) distributed
- Service discovery
- roles: discovery, health check, load balancing
- components: service registry, registrator, health checker, load balancer
- Consul: service-wide KV store, health checking, API and DNS, load balancing, multi datacenter support
- 8400 -> RPC, 8500 -> http, 8600 -> DNS
- http://www.mammatustech.com/consul-service-discovery-and-health-for-microservices-architecture-tutorial
- "service topology"
- servers use WAN to communicate with other servers in different data-centres
- built on top of Serf
- three to five server agents per data-centre
- server agents are the information hub
- http://www.mammatustech.com/Microservice-Service-Discovery-with-Consul
- https://devopscube.com/consul-service-discovery-beginners-guide/
- Consul with Docker-Machine and Swarm
- https://www.javacodegeeks.com/2016/04/service-discovery-docker-consul-part-1.html
- register services by calling API to the nearest agent
- Consul and k8s?
- Deploying a Consul cluster on AWS
miscs
- gossip protocol – Gossip Protocol - Consul by HashiCorp and Serf – Serf by HashiCorp
- Raft algorithm – Raft Consensus Algorithm