Keynote: Brendan Burns Demos HashiCorp Consul Service on Azure

Watch Kubernetes co-creator Brendan Burns demo the first-ever fully managed service mesh product: HashiCorp Consul Service on Azure.

In this portion of the keynote, Mitchell Hashimoto invites Brendan Burns, a Distinguished Engineer at Microsoft and one of the original creators of Kubernetes, onto the stage to demonstrate HashiCorp Consul Service (HCS) on Azure with a simple game of Pong.

HCS is the first fully managed service mesh on the market, and it allows operators to just focus on applications and workloads while connecting microservices securely. The system works through Azure identity and billing systems, providing an Azure-native user experience.



Brendan Burns: Thanks, Mitchell. It's been really great to develop this partnership with HashiCorp and see the benefits that the combined forces of Hashi and Azure can bring to our joint customers.

Because the truth is that when you're building applications in the real world, it's a really complicated, hybrid environment. You need the ability to interact with both existing services that might be running on VM-based infrastructure, with newer microservices that might be running in the Azure Kubernetes service. You need to be able to have all of this stuff work on-premises as well as in the cloud, across a wide variety of environments.

Most applications that we see out there aren't the pretty diagrams that you see in the cloud-native application portfolio, but rather a complex collection of pipes going in different directions.

The combination of Azure's technology and Consul can make a really great way of building those applications together.

To give a demonstration of this, I'm going to go through our legacy application that we're using Consul and Azure to help modernize, and that is Cloud Pong.

Cloud Pong has been a successful legacy application. Well, it started out as a new application, but it became a legacy application based on virtual machines, hard-coded IP addresses between the different players.

We’re pretty happy with it, but our agility just isn't where it needs to be. So we're going to microservice-ify that thing. Like in a recent Dilbert cartoon, we had the pointy-haired boss come in and say "Kubernetes" to us. So we're Kubernetes-ifying our service

But as we do that, the question becomes, "We've got these services over here. Kubernetes is cloud-native, and that's wonderful. But it’s still VM-based for our second Cloud Pong player, and we have to do this migration successfully. How can we make sure that we bridge the world of dynamic services and Kubernetes with a more legacy world of virtual machines?" And it turns out that to do that, Consul is a great solution.

An open service mesh implementation

Consul is something that we see with our customers a lot, specifically around this notion of bridging from a mesh that's in Kubernetes to a mesh that is in other environments. But the question is, How do I drive this? How do I make this work in a Kubernetes-centric way, and how do I ensure that, if I want to use other service mesh implementations, it all works, and that I'm learning and my tools can use the same thing?

To do that, a while ago, at KubeCon in Barcelona, we partnered with HashiCorp and others to come up with this service mesh interface specification. It's an open specification; it's out there on GitHub. You can use this open specification to drive your service mesh so that you're not bound to any particular implementation.

You can use Consul if that works great in the managed service on Azure. If you're in a different environment with a different implementation of service mesh, you can use the exact same Kubernetes objects to configure and set up your application.

To give an example of this in the real world, I've deployed exactly this architecture out onto Azure using Consul, using the Azure Kubernetes service, using a legacy VM, and I want to give a demo of this.

In order to do that, we're going to have a demo of Cloud Pong. Of course, you really can't play Pong without another player. I understand we have a volunteer from the audience who's going to come up here, and we'll do a little Pong on stage for you.

All right, I'm going to set up my game here. Many thanks by the way to the folks who helped me build this. And over here, we're going to set up Player 2. It looks like Player 2's not connecting. She's going to be at a disadvantage. I'm going to win.

No, I'm kidding. It turns out, the reason for this is because Consul, as Mitchell mentioned, is secured by default, and if I go over to the Consul UI here, and if I hit refresh, the intentions are there. Now, if I go back to my Pong, we are ready. Are you ready? It's arrow keys up and down. Space bar if you want to hit the ball. It's my serve.

Guest: OK.

Brendan Burns: All right, here we go. It's thrilling. I should've had a play-by-play announcer.

Guest: It's not moving.

Brendan Burns: Try holding it down.

Guest: This is rigged.

Brendan Burns: It's rigged? No. All right, let's try it now. No? Well, I'm going to have to apologize. I really didn't intend for me to be the only one with controls that worked, but I guess that's the situation we find ourselves in. All right, well, thank you so much.

Guest: Very welcome.

Brendan Burns: Thank you. We're going to have Mitchell come back onto the stage and tell you more. Thanks.

More resources like this one

  • 2/3/2023
  • Case Study

Automating Multi-Cloud, Multi-Region Vault for Teams and Landing Zones

  • 12/13/2022
  • White Paper

A Field Guide to Zero Trust Security in the Public Sector

  • 12/5/2022
  • Case Study

Enabling infrastructure as code at LinkedIn

  • 11/30/2022
  • Case Study

How Weyerhaeuser automates secrets with Vault and Terraform