►
From YouTube: Hoot [Episode 4] - AWS App Mesh
Description
Hoot is a livestream by engineers talking about and trying out new technology.
Get to Know Service Mesh
We kick this off with a series on service mesh - each episode will look into a different service mesh provider.
* Istio
* Linkerd
* Consul
* AWS App Mesh
* More meshes like Kuma and Maesh
* Compare and contrast the different service meshes, explain their unique features and how to choose which one(s) to use for your applications.
A
We
discussed
sto
with
Christian
posta,
linker
D,
with
Rick
Dukat
and
console
with
you've,
all
Co,
havi
and
so
lot
in
that
in
such
a
series,
we're
just
gonna,
I'm
gonna
give
a
quick
unboxing
of
AWS
at
mesh
and
its
features
as
well
as
what
makes
it
special
and
a
good
contender
in
the
market.
So
with
that
in
mind,
let's,
let's
jump
right
in
so
AWS
at
mesh.
A
It's
it's
really
built
from
the
ground
up
to
work
in
non
kubernetes
environment,
so,
as
I
mentioned
earlier,
with
ETS
and
ec2,
and
that
is
a
big
Pro
and
as
as
well
as
a
AWS
Fargate,
which
is
the
newest
offering
from
that--from
from
Amazon
in
this
regard,
which
is
more
of
a
server
list
kubernetes
offering.
And
so,
if
we
just
quickly
look
here
just
to
Justice
game,
the
docs,
as
I
said,
you
can
use
it
with
any
other
services
and
it's
built
on
top
of
of
envoy
similar
to
it
Sto.
A
A
So
if
we
look
quickly
at
their
architecture
diagram,
we
we
see
that
the
AWS
at
mesh,
what
what?
What
separates
at
mesh
from
some
of
the
other
meshes
is
traditionally
you
have,
or
yet,
in
a
kubernetes
native
service
mesh.
There
is
the
data
plane
which
consists
of
all
of
the
containers
and
they're
in
their
side
cars.
A
But
then
there
is
the
control
plane
which,
in
the
stos
case,
is
like
pilot
and
sit
it
out
and
other
components
in
and
linker
D
has
routing
and
the
policy
also,
but
in
the
case
of
Atmos,
the
control
plane
actually
does
not
live
in
kubernetes,
but
rather
lives
in
in
a
centralized
location
so
to
interact
with
AWS
at
mesh.
You
actually
need
to
make
API
calls
to
Amazon.
A
A
So
yeah,
if
we
look
at
features
really
quick,
yeah,
open
source
visibility,
traffic
control
so
in
terms
of
their
traffic
control
features
at
mesh,
allows
you
to
do
the
canary
style
routing
and
we're
going
to
show
that
here
in
a
minute
as
as
well
as
as
retries
and
some
other
basic
traffic
management
policies,
and
it's
worth
saying
that
it's
fully
managed
by
AWS
so
actually
using
their
mesh
features
is
completely
free.
If
you
already
are
using
8
AWS.
A
So
with
that
I
think
we're
gonna
jump
right
into
a
demo
and
to
do
that.
The
demo
that
I'm
following
so
you
can
check
it
out
at
home.
Is
this
one
there's
the
link
right
there,
I'll
I'll
leave
that
up
for
a
few
seconds
while
I
just
talk
about
it.
So
at
mesh,
as
I
said
earlier,
runs
within
Amazon.
It
does
actually
run
in
cluster
so
to
configure
it
requires
communicating
with
the
AWS
API.
A
So
originally,
if
you
wanted
to
configure
Atma,
if
you
either
had
to
do
it
through
the
API
or
through
the
web
console
which
is
which
I
have
up
here,
this
will
be
populated.
Later,
we
will
get
back
to
that.
However,
they
recently
created
a
controller
to
translate
CR
DS
into
their
API
objects,
which
is
very
useful,
as
well
as
a
sidecar
injector.
A
A
But,
however,
for
this
unboxing
I
have
chosen
to
do
it
on
eks,
because
that's
the
environment
that
here
at
solo,
we
work
with
the
most
and
is
definitely
the
most
popular
for
the
surface
mesh
and
so
yeah,
like
I,
said
I
installed
with
eks
CTL
for
anyone
who's
curious
about
what
command
I
used.
This
is
the
one.
A
A
So
with
that,
we'll
just
jump
right
in
so
if
I
go
ahead
and
get
my
pods
running
in
all
namespaces
I
do
not
have
much
running
just
the
standard.
Aw
snowed
core,
DNS
and
coop
proxy.
So
now
that
that's
all
done,
I'm
gonna
go
ahead
and
try
out
at
mesh
with
the
controller.
So
oh
looks
like
it
needs
to
be
111
or
later
so.
I
have
that
running.
113
I
have
coop
CTL
and
I
have
JQ
and
OpenSSL
cool.
A
Cool
so
as
we
see
it
created
our
new
custom
resource
definitions
as
well
as
the
controller
and
the
and
the
roles
and
the
bindings
that
it
needs
to
run
the
said
controller
and
the
at
mesh
system,
which
it
seems
is
where
it
put
the
controller.
So
if
we
now
do
a
coop,
CT
I'll
get
pods
on
a
mesh
system.
A
We
see
that
we
have
the
controller
running
awesome
now.
If
we
also
go
ahead
and
get
all
of
our
CR
DS,
we
see
that
we
now
have
three
CR
DS
meshes
virtual
nodes
and
virtual
services.
Now
these
are
the
the
three
main
resources
that
at
mesh
uses
to
configure
routing
and
other
traffic
management.
So
now
I
have
so
we
can
confirm
that
this
is
correct.
Let's
run
this
command
and.
A
Successfully
rolled
out
good,
we
already
got
these
CR
DS
and
now,
as
I
said
earlier,
we
need
to
install
the
sidecar
injector,
and
so
this
is
where
the
the
actual
mesh
comes
into
play.
So
that's
the
console
that
I
was
showing
earlier.
So
the
first
thing
that
we're
going
to
create
is
the
mesh
so
in
the
command
line.
I'm
gonna
expose
I'm
gonna
set
my
mesh
name
to.
Let's
do
my
mesh
just
for
the
sake
of
it.
A
A
It's
cool
now,
that's
just
waiting
for
the
injector
to
finish
deploying
and
there
you
go
cool.
So
now.
If
we
get
pods
again
in
the
at
mesh
system
namespace,
we
should
see
that
there
are
two.
There
are
now
two
pods
running:
there's
the
controller
and
the
injector.
So
the
injector,
as
I
said
earlier,
is
going
to
it's
a
it's
a
mutating
webhook
mutating
admission,
webhook
that
is
going
to
capture
all
pod
scheduling,
requests
and
add
the
containers
that
at
mesh
needs
to
intercept
all
the
traffic.
So
it
it
it.
A
So
we
can
just
on
Mac
would
be
a
PB
paste
and
pipe
that
into
coop.
Ctl
apply
F
and
my
mesh
was
created
successfully.
Now,
let's
see
how
we
can
verify
that
that
was
that
that
happened.
Typically
with
kubernetes
resources,
you
can
do
a
get
on
them
and
mate
and
there
might
be
a
status
updated
or
something
like
that.
So
let's
just
go
ahead
and
do
that
and
match
condition
it's
the
mesh
is
active
according
to
the
status,
that's
good
news!
So
let's
go
into
the
console
refresh
boom.
There
we
go.
A
We
have
my
mesh
okay.
Now,
as
I
said
earlier,
this
it
doesn't
so
there
it
doesn't.
This
mesh
doesn't
have
any
resources
on
it
yet
so
the
three
main
resources
are
the
virtual
services,
virtual
routers
and
virtual
nodes,
and
so
we
have
only
created
the
mesh
resource.
So
the
the
purpose
of
the
controller
is
to
sync
the
resources,
the
custom
resources
that
you're
writing
in
to
kubernetes
with
the
AWS
api
and
that's
working
seamlessly
so
far.
So
let's
continue
with
the
tutorial.
A
Let's
just
go
ahead
and
do
this
so
it
looks
like
it
wants
you
to
create
a
virtual
service,
and
so
we
don't
have
services
yet,
but
this
so
I'm,
not
100
in
sure
this
will
work
in
the
next
part
of
the
tutorial.
It
actually
has
you
create
the
services
I
just
want
to
see.
If
I
can
hide
my
this
guy
here,
it's
taking
up
a
lot
of
space
nope
well
anyway.
So
let's
go
ahead
and
try
this.
A
If
we
create
a
namespace
for
it,
let's
say:
coop
CTL
create
namespace
at
mesh
and
we're
gonna
go
ahead.
Actually
this,
unfortunately,
will
not
save
properly
because
the
namespace
is
set
incorrectly.
So
if
we
just
open
up
visual
studio,
make
a
new
window
here,
sorry
make
it
a
new.
Let's
just
open
up
this
guy
open
up
a
new
window
drag
it
out.
A
A
Awesome
and
so
now,
if
we
go
back
into
the
console
that
should
have
been
created
for
us
in
the
virtual
services
no
well,
then
there
might
be
an
error.
Let's
go
see
so:
okay,
yeah
or
coop
CTO
get
virtual
services
and
at
mesh
in
the
animal.
So
we
can
take
a
look
at
that
status
and
there
is
no
status
on
it.
That
makes
sense
that
it
wouldn't
worked
because
there's
no
router
for
it,
it's
pointing
to
something
that
doesn't
exist
so.
A
Interesting
that
it
wants
you
to
do
it
like
that,
so
we
just
continue
looking
I
think
this
is
more
of
a.
This
is
just
kind
of
to
show
you
what
it
can
do,
and
so
now
what
we're
gonna
do
is
just
go
to
the
part.
The
next
part
of
the
tutorial,
which
is
deploying
the
actual
service
or
app
to
get
injected
by
at
mesh,
and
so
we
can
actually
handle
all
of
the
routing.
A
That
should
go
ahead
and
delete
the
virtual
services
so
now
we're
going
to
deploy
the
sample
app
and
if
that
will
actually
go
ahead
and
create
it.
So
we
have
done
all
of
the
prerequisites.
So
let's
go
ahead
and
see
everything
that
this
is
going
to
apply
because
it's
gonna
apply
a
mesh.
So
if
we
go,
we
just
copy
paste
that
it
looks
like
it's
going
to
create
a
namespace
for
us
called
at
mesh
demo,
which
has
the
webhook
injector
enabled.
A
So
this
label
is
going
to
tell
the
sidecar
injector
to
inject
any
pods
in
this
namespace.
We're
gonna
create
a
mesh
we're
going
to
create
a
virtual
node,
which
is
how
that's,
essentially,
the
the
the
virtual
nodes
are
a
representative
of
the
actual
like
of
the
workload
of
the
sort
of
the
workload
as
a
service,
and
so
how
this,
how
a
given
workload
is,
is
exposed
via
service.
A
Discovery
as
as
well
as
the
backends
that
is
able
to
talk
to
so
the
the
servers
that
this
workload
is
able
to
communicate
with,
and
so
we
have
one
of
those
for
our
colored
gateway,
our
color
teller
and
as
well
as
our
specific
colors,
and
so
we're
just
going
to
go
ahead
and
apply
this,
and
we
can
look
more
into
it
once
it
is
running
in
our
cluster.
So
we're
gonna
copy
that
and
we're
gonna
go
ahead
and
paste
that
and
let
it
run
cool.
A
You
see
that
we
have
an
app
memo
namespace
running
now,
so
if
we
do
coop
CTL
get
pods
and
at
mesh
demo
we
have.
We
have
six
pods
and
if
you
notice
here
each
each
one
of
these
has
ready
of
so
the
second
pod.
The
second
container
running
in
each
of
these
pods
is
the
Envoy
proxy
container,
which
allows
which
actually
handles
all
of
the
inter
mesh
routing
so
that
it
looks
like
the
injection
happened
properly.
A
So
now
we
can
see
it
looks
like
again
all
will
show
us
everything,
including
the
custom
resources.
Hopefully,
and
it
did,
and
so
we
see
that
there
are
all
those
pods
as
well
as
services
for
each
of
our
pods
and,
more
importantly,
here's
our
Atmos.
So
we
have
two
things:
the
the
mesh
my
mesh
is
actually
a
leftover
from
the
first
part,
but
the
color
mesh
is
the
one
that
was
applied
here,
as
well
as
a
virtual
node
for
each
workload
and
virtual
services
which
allows
them
which
handles
the
routing
rules.
A
So
if
we
go
back
into
our
console
here
into
meshes,
we
reload
this.
We
see.
There's
now
this
newly
created
color
mesh
looks
good
there,
and
if
we
go
to
virtual
services,
we
see
our
virtual
routers
or
any
virtual
nodes.
We
have
our
six
virtual
nodes,
so
each
one
of
these
represents
representing
sorry
a
unique
mesh
workflow.
Here
they
are.
We
can
see
that
they
have
unique
DNS
names
which
correspond
to
their
kubernetes
service
names.
A
You
can
tell
from
the
name
name
space,
dot
service,
cluster
local
paradigm
as
well
as
here
the
gateway
is
able
to
communicate
with
two
of
the
other
two
of
the
other
nodes.
And
then,
if
we
look
here
at
virtual
services,
we
can
see
that
this
is
actually
what
handles
the
routing
and
sets
of
weights
and
so
we'll
get
to
that.
We'll
look
further
into
that
in
a
second.
A
A
A
A
Strange
okay:
let's
see
everything
looks
good
up
to
this
point
unfortunately
looks
like
we're:
gonna
have
to
do
a
bit
of
debugging
and
which
is
always
the
fun
part,
so
I
wonder
it
seems
like
we
could
not
connect
to
the
Gateway
on
port.
Ninety
eighty
I
am
guessing
that
our
current
Claud
is
not
injected
for
some
reason
or
another.
A
Let's
see
if
we
can
go,
look
at
it.
Oops
ETL
get
pods
at
mesh
demo
curler
as
we
can
see
it
is
running
in
the
namespace,
but
it
is
not
in
fact
injected,
and
so
it
looks
like
this
demo
is
not
it
does
not.
It
unfortunately
does
not
add
that
to
the
pod
by
default,
so
I'm
wondering
if
I
can
and
I
cannot
delete
the
pod
as
it
was
scheduled
alone.
There
is
no
replica
set
for
it,
so
I
might
have
to
quickly
go
ahead
and
create
a
deployment
for
it.
A
A
Does
not
so
I
thought
that
the
I
was
under
the
impression
that
the
namespace
being
labeled
would
handle
that
for
us,
but
let's
dig
further.
So
let's
get
the
namespace
that
measured
demo
yeah
and
it
looks
like
we
have.
The
sidecar
ejector
enabled
there
so
I'm
wondering
why
this
particular
deployment
does
not
want
to
be
injected.
So,
let's
see,
if
we
look
at
the
deployment
it.
A
A
A
I'm
not
sure
what's
happening.
This
is,
unfortunately
all
right.
Let's
I'm
gonna
quickly
create
a
new
deployment.
A
A
We're
gonna
get
rid
of
most
of
this
stuff,
as
we
don't
need
it
for
now
we
can
keep
that.
Actually
we
keep
that
we're
gonna
get
rid
of
rond,
get
rid
of
unmatched
or
no.
We
don't
want
to
go
to
that.
Sorry,
we
don't
need
any
of
these
I.
Don't
even
do
these
I'm,
hoping
that,
because
this
was
created
in
a
slightly
strange
way
using
that
command.
This
will
alleviate
the
problem,
but
maybe
not
so
we're
gonna
copy
that
and
apply
it
into
our
average
time
linear
space.
A
A
A
A
A
A
A
A
A
And
it
seems
it
does
not
have
any
ports
so
and
I'm
guessing.
It
would
be
the
same
for
our
curler.
A
A
And
we're
gonna
go
ahead
copy
that
in
paste
apply
now
we're
gonna
get
our
pods
and
there
you
go
okay,
successfully.
Debugged
it
turns
out
the
add.
Mesh
injector
will
not
inject
a
pod
without
a
specified
port.
So
now,
let's
go
ahead
exactly
to
the
pod,
try
and
finish
off
the
demo.
So
now
we're
going
to
run
coop
CTL
exec
end
at
mesh
demo.
A
A
Yes,
the
problem
is
that
I,
you
know
the
okay,
so
the
problem
is
that
by
default,
the
the
app
is
only
two
allowed
to
route
to
known
entities
and
our
curler
is
actually
not
a
known
entity
so
I'm
guessing.
We
would
have
to
add
a
I'm
guessing
that
we
would
actually
have
to
add
a
virtual
node,
as
well
as
backends,
to
our
curler
to
be
able
to
route
to
the
caller
gateway,
which
I'm
surprised
is
not
a
part
of
the
demo,
because
that
seems
fairly
obvious.
A
A
Don't
think
this
will
make
a
difference,
but
we
can
try,
we
exec
and
try
our
curl
command
again,
which
is
right
here
now
that,
unfortunately,
does
not
work
so
yeah.
So
it
seems
like
the
problem
here
is
that,
like,
as
I
said,
you
actually
have
to
register
each
service
in
each
sorry
each
note
or
each
workload
into
your
mesh,
and
that
hasn't
actually
not
happened
here.
So.
A
A
I'm
really
liking
the
direction
with
all
of
the
kubernetes
integrations,
and
it's
too
bad
that
this
particular
demo
did
not
go
as
planned.
I
did
see
for
what
it's
worth,
that
it
is
a
few
months
out
of
date.
So
the
version,
the
newer
versions
of
the
app
might
have
changed.
I
could
not
find
a
more
updated
demo,
and
so
I
will
go
ahead
and
get
this
working
offline
and
figure
out
what
the
issue
is.
A
A
A
Unfortunately,
not
but
I
will
continue
to
be
bug
on
my
own,
as
I
said
earlier,
I
hope
this
is
helpful
for
everyone
and
and
reach
out
feel
free
to
reach
out
to
me
on
twitter.
My
handle
is
my
name:
Eitan
underscore
Amish
or
solo
IO
on
Twitter
come
check
out
our
slack,
we're
always
having
interesting
conversations
about
all
things
mesh
and
otherwise.