Service Mesh: Putting It Together, Taking It Apart
Joe Thompson
Kubernetes Community Days 2024
Kubernetes Community Days 2024
What is a service mesh? The simplest possible example:
[Service A] <=> [Service B]What is a service mesh? The simplest possible example:
[Service A] [Proxy] <=> [Proxy] [Service B]Services I know; why is it called a mesh?
- Each service contacts other services through an intermediary network of agents (proxies)
- Instead of service-to-service traffic being routed through the usual service routing mechanisms, traffic is sent directly to other mesh agents
- The proxies are programmed with knowledge of the other agents by the mesh control plane
What can I do with a service mesh?
You can attack observe, modify and conduct tests and experiments on your application traffic:
- mTLS
- Metrics gathering
- A/B tests and progressive rollouts
- Fault injection
- Circuit breaking
- ...etc.
Wait, how does this work?
- Applications use their local proxy (either explicitly or via transparent proxying)
- Most service meshes implement the proxies as per-pod sidecars
- Typically injected by a Mutating Admisson Controller
- Recently Istio added "ambient mode" features via eBPF and per-host data plane proxies
How do you get started picking a service mesh?
The CNCF Landscape has a whole section devoted to them:
Further reading and information
Service mesh support in Gateway API: blog post and documentationThank you!
Slides:
