AWS App Mesh is a service mesh that provides application-level networking to make it easy for your services to communicate with each other across multiple types of compute infrastructure. App Mesh gives end-to-end visibility and high-availability for your applications.
AWS App Mesh makes it easy to run services by providing consistent visibility and network traffic controls for services built across multiple types of compute infrastructure. App Mesh removes the need to update application code to change how monitoring data is collected or traffic is routed between services. App Mesh configures each service to export monitoring data and implements consistent communications control logic across your application. This makes it easy to quickly pinpoint the exact location of errors and automatically re-route network traffic when there are failures or when code changes need to be deployed.
AWS App Mesh is a service mesh based on the Envoy proxy.
Envoy is the data plane of the modern service mesh
A service mesh is a logical boundary for network traffic between the services that reside within it. In the example, the mesh is named apps, and it contains all other resources for the mesh.
A virtual service is an abstraction of a real service that is provided by a virtual node directly or indirectly by means of a virtual router. Dependent services call your virtual service by its
virtualServiceName, and those requests are routed to the virtual node or virtual router that is specified as the provider for the virtual service.
A virtual node acts as a logical pointer to a particular task group, such as an Amazon ECS service or a Kubernetes deployment. When you create a virtual node, you must specify a service discovery method for your task group. Any inbound traffic that your virtual node expects is specified as a listener. Any virtual service that a virtual node sends outbound traffic to is specified as a backend.
A virtual gateway allows resources that are outside of your mesh to communicate to resources that are inside of your mesh. The virtual gateway represents an Envoy proxy running in an Amazon ECS service, in a Kubernetes service, or on an Amazon EC2 instance. Unlike a virtual node, which represents Envoy running with an application, a virtual gateway represents Envoy deployed by itself.
A gateway route is attached to a virtual gateway and routes traffic to an existing virtual service. If a route matches a request, it can distribute traffic to a target virtual service. This topic helps you work with gateway routes in a service mesh.
(including Routes) resources through the App Mesh API.
Virtual routers handle traffic for one or more virtual services within your mesh. After you create a virtual router, you can create and associate routes for your virtual router that direct incoming requests to different virtual nodes.
I am using the guide from AWS blogs to provision AWS App Mesh and AWS EKS : Link
(Note: For the AWS blog, it is using AWS Cloud9 which is a Cloud IDE managed by AWS to provision all the resources. Alternatively, you can also use Visual Studio Code to provision all your resources and configurations)
1) Deploy AWS App Mesh into existing container application as sidecar
2) Create upgraded versions of App and shape traffics to the new app version
3) Gradual route of user traffics to the new app version
#Clone the demo application git clone https://github.com/aws/aws-app-mesh-examples.git #Change Directory to the cloned demo application folder cd aws-app-mesh-examples/walkthroughs/eks-getting-started/ #Deploy the application yelb kubectl apply -f infrastructure/yelb_initial_deployment.yaml #Get the URL of Ingress load balancer kubectl get service yelb-ui -n yelb
Alternatively, proceed to AWS Console > EC2 > Load Balancers > click on the Load Balancer, copy the DNS name and paste in your browser:
helm upgrade -i appmesh-controller eks/appmesh-controller \ --namespace appmesh-system \ --set region=$AWS_REGION \ --set serviceAccount.create=false \ --set serviceAccount.name=appmesh-controller
kubectl get deployment appmesh-controller \ -n appmesh-system \ -o json | jq -r ".spec.template.spec.containers.image" | cut -f2 -d ':'
kubectl label namespace yelb mesh=yelb kubectl label namespace yelb appmesh.k8s.aws/sidecarInjectorWebhook=enabled
apiVersion: appmesh.k8s.aws/v1beta2 kind: Mesh metadata: name: yelb spec: namespaceSelector: matchLabels: mesh: yelb
kubectl apply -f infrastructure/appmesh_templates/appmesh-yelb-redis.yaml kubectl apply -f infrastructure/appmesh_templates/appmesh-yelb-db.yaml kubectl apply -f infrastructure/appmesh_templates/appmesh-yelb-appserver.yaml kubectl apply -f infrastructure/appmesh_templates/appmesh-yelb-ui.yaml
kubectl -n yelb delete pods --all
#Get all pods in the yelb namespace kubectl -n yelb get pods #Describe pods to see there is an additional envoy sidecar container in each pod kubectl -n yelb describe pod redis-server-74556bbcb7-kmhgj
kubectl apply -f yelb_appserver_v2_deployment.yaml
kubectl apply -f infrastructure/appmesh_templates/appmesh-yelb-appserver-v2.yaml
kubectl get pods -n yelb
kubectl apply -f ./infrastructure/appmesh_templates/appmesh-virtual-router-appserver-v1-v2.yaml
2. Lastly, let’s change the Virtual Route to route all (100%) traffic to the newest version (v2) of yelb-appserver :
kubectl apply -f infrastructure/appmesh_templates/appmesh-virtual-router-appserver-v2.yaml
!! Do remember to tear down your AWS EKS cluster and you are done!
The views expressed and the content shared in all published articles on this website are solely those of the respective authors, and they do not necessarily reflect the views of the author’s employer or the techbeatly platform. We strive to ensure the accuracy and validity of the content published on our website. However, we cannot guarantee the absolute correctness or completeness of the information provided. It is the responsibility of the readers and users of this website to verify the accuracy and appropriateness of any information or opinions expressed within the articles. If you come across any content that you believe to be incorrect or invalid, please contact us immediately so that we can address the issue promptly.