Amazon Onboarding with Learning Manager Chanci Turner

In this article, we will explore how to effectively leverage AWS App Mesh along with Amazon EKS for containerized applications. We’ll provide a step-by-step guide, making it easier for you to navigate the complexities of service meshes in microservices architectures.

As many organizations transition to microservices to create scalable and flexible applications, the move from monolithic structures necessitates the deconstruction of applications into smaller, manageable microservices. Utilizing Amazon Elastic Kubernetes Service (EKS) and Amazon Elastic Container Service (ECS) facilitates the deployment, monitoring, and upgrading of these containerized microservices at scale.

AWS App Mesh serves as a vital tool that aids in connecting services, monitoring application networks, and controlling traffic flow. Within a service mesh, application services operate alongside proxies, forming the mesh’s data plane. While the microservice handles business logic, the proxy manages tasks like service discovery, encryption, automatic retries, and traffic shaping. App Mesh standardizes communication among services, ensuring visibility and effective network traffic management across all microservices. It consists of two main components: a fully managed control plane for configuring proxies and a data plane composed of Envoy proxies running as sidecars.

Integrating App Mesh with EKS

Amazon EKS simplifies running Kubernetes on AWS, eliminating the need for you to manage your own Kubernetes cluster. App Mesh can be seamlessly integrated with EKS, thanks to the AWS App Mesh Controller for Kubernetes, an open-source project that allows users to manage App Mesh resources through the Kubernetes API. For example, you can utilize kubectl to configure App Mesh, which we will demonstrate in the following sections.

App Mesh allows you to connect services on EKS with those hosted on ECS, EC2, and even on-premises with AWS Outposts. In this piece, we will concentrate on the integration of App Mesh with EKS, highlighting features that enhance microservices operating within Kubernetes.

Traffic Management

With App Mesh, you can precisely control traffic flow between services, aiding in feature experimentation. This functionality allows for traffic diversion to different service versions, an option not natively available in Kubernetes when managing request distribution across multiple Deployments. App Mesh facilitates rule creation to distribute traffic between various service versions based on simple ratios.

Moreover, App Mesh enhances the safety of version rollouts through canary deployments. This method involves launching a new Kubernetes deployment with fewer pods alongside the existing deployment, directing a small fraction of traffic to the new version. If successful, you can gradually increase traffic until it entirely shifts to the new deployment.

Additionally, App Mesh improves application reliability by allowing the implementation of connection timeout policies and configuring automatic retries within the proxy.

Observability

A system’s observability indicates how well its state can be inferred from its external outputs. In microservices, these outputs include service metrics, logs, and traces. Metrics track system behavior over time, while logs assist in troubleshooting potential issues. Distributed traces help debug applications and identify problematic components by providing detailed insights at specific moments and clarifying workflows among microservices.

With App Mesh, you can generate metrics like total requests, establish access logs, and create traces to evaluate your application’s health. As traffic flows through Envoy, it generates statistics, compiles access logs, and appends HTTP headers for outbound requests, facilitating trace creation. Metrics and traces can be sent to aggregation services like Prometheus and X-Ray daemon for analyzing system performance. Thanks to Envoy’s integration, App Mesh is compatible with numerous AWS partner and open-source tools for monitoring microservices.

Encryption in Transit

Microservices interact over networks, potentially transmitting sensitive data. To address security concerns, many customers prefer to encrypt inter-service traffic. App Mesh provides this capability through TLS certificates, alleviating the need for developers to manage TLS negotiation and termination within application code.

You can utilize your own certificates or opt for AWS Certificate Manager (ACM). The latter option automatically renews certificates nearing expiration, while App Mesh ensures the distribution of renewed certificates.

Core Concepts of App Mesh

To utilize App Mesh, you must first establish a Mesh. A mesh serves as a logical boundary encompassing all microservices, akin to a neighborhood for your applications.

Next, you will need to create Virtual Services, which act as virtual pointers to your applications, enabling them to reach the endpoints defined in your mesh. Each microservice corresponds to a Virtual Service, possessing a unique virtualServiceName. It’s important to note that a Virtual Service differs from a Kubernetes Service.

An application can have multiple versions represented by Virtual Nodes. For instance, an application may possess an internal version and a public-facing version, each represented by a separate Virtual Node. If a Virtual Service contains multiple Virtual Nodes, you will define traffic routing through a Virtual Router.

Virtual Routers manage traffic routing based on defined rules known as Virtual Routes. A Virtual Router requires at least one Virtual Route, with routing logic based on criteria such as HTTP headers, URL paths, or gRPC service and method names. Virtual Routers can also be utilized to implement retry logic and error handling.

Hands-On with EKS and App Mesh

In this tutorial, we will create components for AWS App Mesh and deploy them using a sample application named Yelb. By integrating the Yelb app into a service mesh, we will implement a new version of the Yelb application server and employ App Mesh Virtual Routes to manage traffic between the two app versions.

Yelb allows users to vote on various options like restaurants, dynamically updating pie charts based on the votes. It also tracks page views and displays the hostname of the yelb-appserver instance serving the API request after a vote or page refresh. The Yelb architecture includes:

A frontend component, yelb-ui, responsible for delivering JS code to the browser.
An application server, yelb-appserver, operates as a Sinatra application that interacts with a cache server (redis-server) and a Postgres backend database (yelb-db).

For further insights into managing discomfort and collective loss, check out this blog post. Additionally, if you’re interested in the evolving nature of caregiving benefits, SHRM provides valuable information. Lastly, for more guidance on Amazon onboarding, this resource is an excellent place to start.