Mini book: Service Meshes: Managing Complex Communication within Cloud Native Applications
MMS • RSS
Modern cloud-native applications often focus on architectural styles such as microservices, function as a service, eventing, and reactivity. Cloud-native applications typically run within virtualized environments — whether this involves sandboxed process isolation, container-based solutions, or hardware VMs — and applications and services are dynamically orchestrated. Although this shift to building cloud-native systems provides many benefits, it also introduces several new challenges, particularly around the deployment of applications and runtime configuration of networking.
Some of these technological challenges have been solved with the emergence of de facto solutions: for example, Docker for container packaging and Kubernetes for deployment and runtime orchestration. However, one of the biggest challenges, implementing and managing dynamic and secure networking, did not initially get as much traction as other problem spaces. Innovators like Calico, Weave, and CoreOS provided early container networking solutions, but it arguably took the release of Buoyant’s Linkerd, Lyft’s Envoy proxy, and Google’s Istio to really drive engineering interest in this space.
The service mesh space is a rapidly emerging technical and commercial opportunity, and although we expect some aggregation or attrition of offerings over the coming months and years, for the moment, there are plenty of options to choose from (many of which we have covered on InfoQ):
– Istio and Envoy, which are covered in this emag;
– Linkerd (and Linkerd 2, which includes Conduit) are also covered here;
– Cilium, API-aware networking and security powered by the eBPF kernel features;
– HashiCorp Consul Connect, a distributed service mesh to connect, secure, and configure services across any runtime platform; and
– NGINX (with Istio and nginMesh) or NGINX Plus with Controller.
We hope this InfoQ emag will help you decide if your organisation would benefit from using a service mesh, and if so, that it also guides you on your service mesh journey. We are always keen to publish practitioner experience and learning, and so please do get in touch if you have a service mesh story to share.
The InfoQ eMag – Service Meshes: Managing Complex Communication within Cloud Native Applications includes:
- Istio and the Future of Service Meshes – A service mesh provides a transparent and language-independent way to flexibly and easily automate networking, security, and observation functions. This article examines the past, present and future of the Istio service mesh. The near-term goal is to launch Istio to 1.0, when the key features will all be in beta, including support for Hybrid environments.
- Service Mesh: Promise or Peril? – Service meshes such as Istio, Linkerd, and Cilium are gaining increased visibility as companies adopt microservice architectures. The arguments for a service mesh are compelling: full-stack observability, transparent security, systems resilience, and more. But is a service mesh really the right solution for you? This article examines when a service mesh makes sense and when it might not.
- Envoy Service Mesh Case Study: Mitigating Cascading Failure at Lyft – Over the past four years, Lyft has transitioned from a monolithic architecture to hundreds of microservices. As the number of microservices grew, so did the number of outages due to cascading failure or accidental internal denial of service. Today, these failure scenarios are largely a solved problem within the Lyft infrastructure due to the use of the Envoy Proxy as a service mesh.
- Increasing Security with a Service Mesh: Christian Posta Explores the Capabilities of Istio – Istio attempts to solve some particularly difficult challenges when running applications in a cloud platform: application networking, reliability, and observability and (the focus of this article) security. With Istio, communication between services in the mesh is secure and encrypted by default. Istio can also help with “origin” or “end-user” JWT identity token verification.
- How to Adopt a New Technology: Advice from Buoyant on Utilising a Service Mesh – When adding a new technology like a service mesh into your production stack, be mindful of the impact this will have on you and your colleagues. Be clear about what problem you are solving, and define appropriate acceptance criteria. Run experiments that attempt to show how a service mesh can make life better for the various stakeholders.
- Virtual Panel: Microservices Communication and Governance Using Service Mesh – Service mesh is a dedicated infrastructure layer for handling service-to-service communication and offers a platform to connect, manage, and secure microservices. InfoQ spoke with subject matter experts in the service mesh area to learn more about why service mesh frameworks have become critical components of cloud native architectures.
InfoQ eMags are professionally designed, downloadable collections of popular InfoQ content – articles, interviews, presentations, and research – covering the latest software development technologies, trends, and topics.