Service Mesh
- Introduction
- Service Mesh and API Gateways
- Tools For Evaluating Service Meshes
- Service Mesh Testing
- Consul Service Mesh
- Linkerd Service Mesh
- Maesh Service Mesh
- Traffic Director (Google’s Service Mesh)
- Envoy Proxy Service Mesh
- Istio Service Mesh
- Open Service Mesh
- Kourier
- AWS App Mesh
- NGINX Service mesh
Introduction
- infoq.com: Service Mesh Ultimate Guide: Managing Service-to-Service Communications in the Era of Microservices
- deloitte.com: Service Mesh en arquitecturas de microservicios
- Service meshes to the rescue: Load balancing and scaling long-lived connections in Kubernetes
- blog.christianposta.com: Do I Need an API Gateway if I Use a Service Mesh?
- thenewstack.io: Service Mesh Adds Security, Observability and Traffic Control to Kubernetes
- lucperkins.dev: Service mesh use cases
- thenewstack.io: Zero-Trust Security with Service Mesh
- solo.io: Identity Federation for Multi-Cluster Kubernetes and Service Mesh
- cncf.io: Service Mesh Is Still Hard
- medium: Part 1 โ Why Red Hat Openshift Service Mesh? ๐
- openshift.com: Introducing OpenShift Service Mesh 2.0 ๐
- weave.works: Introduction to Service Meshes on Kubernetes and Progressive Delivery ๐
- rancher.com: Using Hybrid and Multi-Cloud Service Mesh Based Applications for Distributed Deployments Service Mesh addresses the communication requirements typical in a microservices-based application, including encrypted tunnels, health checks, circuit breakers, load balancing and traffic permission. Leaving the microservices to address these requirements leads to an expensive and time consuming development process. In this blog, weโll provide an overview of the most common microservice communication requirements that the Service Mesh architecture pattern solves.
- thenewstack.io: Offloading Authentication and Authorization from Application Code to a Service Mesh
- thenewstack.io: How a Service Mesh Can Help DevOps Achieve Business Goals
- thenewstack.io: Mutual TLS: Securing Microservices in Service Mesh
- medium: Service Mesh with Istio
- rancher.com: Using Hybrid and Multi-Cloud Service Mesh Based Applications for Distributed Deployments. Get Hands-On with Rancher, Kong and Kong Mesh ๐
- Service Mesh is an emerging architecture pattern gaining traction today. Along with Kubernetes, Service Mesh can form a powerful platform which addresses the technical requirements that arise in a highly distributed environment typically found on a microservices cluster and/or service infrastructure. A Service Mesh is a dedicated infrastructure layer for facilitating service-to-service communications between microservices.
- Service Mesh addresses the communication requirements typical in a microservices-based application, including encrypted tunnels, health checks, circuit breakers, load balancing and traffic permission. Leaving the microservices to address these requirements leads to an expensive and time consuming development process.
- Kong provides an enterprise-class and comprehensive service connectivity platform that includes an API gateway, a Kubernetes ingress controller and a Service Mesh implementation. The platform allows customers to deploy on multiple environments such as on premises, hybrid, multi-ยญยญยญยญยญยญregion and multi-cloud.
- cloudops.com: Comparing Service Meshes: Istio, Linkerd, Consul Connect, and Citrix ADC
- platform9.com: Kubernetes Service Mesh: A Comparison of Istio, Linkerd and Consul
- opensource.com: Why you should care about service mesh Service mesh provides benefits for development and operations in microservices environments.
- containerjournal.com: When Is Service Mesh Worth It?
- thenewstack.io: Service Meshes in the Cloud Native World
- koyeb.com: Service Mesh and Microservices: Improving Network Management and Observability
- thenewstack.io: Accelerate Kubernetes Adoption with a Service Mesh
- toptal.com: A Kubernetes Service Mesh Comparison ๐
- nginx.com: How to Choose a Service Mesh ๐
- cncf.io: Networking with a service mesh: use cases, best practices, and comparison of top mesh options
- layer5.io: The Service Mesh Landscape ๐๐ Comparison of Service Mesh Strengths
- blog.polymatic.systems: Service Mesh Wars, Goodbye Istio After using Istio in production for almost 2 years, weโre saying goodbye to it. Learn why, as well as the current state of the Service Mesh Wars.
- thenewstack.io: Secure Your Service Mesh: A 13-Item Checklist
- infoq.com: Adoption of Cloud Native Architecture, Part 3: Service Orchestration and Service Mesh
- infoq.com: Service Mesh Ultimate Guide - Second Edition: Next Generation Microservices Development
- itnext.io: Stupid Simple Service Mesh โ What, When, Why ๐
- thenewstack.io: The Hidden Costs of Service Meshes
- learnsteps.com: What is a service mesh? Is it born with Kubernetes?
- medium: Microservices and the World with a Service Mesh | Adarsh Prabhu We will look at how the unruly world of distributed microservices can be tamed by using a Service Mesh. Service Meshes form the backbone of some of the very complex applications out there. They solve critical issues of the microservices architecture and provide better Traffic Management, Security and Observability. In most cases these features are enabled without requiring any code changes.
- digitalanarchist.com: Service Mesh โ Mark Chesire, Red Hat (video) When should you look at using a ServiceMesh and/or APIManagement? Mark Chesire, director of product for application services at Red Hat, explains why IT organizations will need a service mesh to manage APIs.
- infoq.com: Deploying Service Mesh in Production
- devops.com: How Are API Management and Service Mesh Different?
- devops.com: When to Use API Management and Service Mesh Together
- infoq.com: Deploying Service Mesh in Production
- infoq.com: The Top-Five Challenges of Running a Service Mesh in an Enterprise ๐
- medium.com/elca-it: Service Mesh Performance Evaluation โ Istio, Linkerd, Kuma and Consul
- medium.com/@pauldotyu: Service Mesh Considerations
- medium.com/4th-coffee: A Comprehensive Tutorial on Service Mesh, Istio, Envoy, Access Log, and Log Filtering
- infoq.com: Sidecars, eBPF and the Future of Service Mesh
Service Mesh and API Gateways
- medium: The Roles of Service Mesh and API Gateways in Microservice Architecture ๐
- medianova.com: Service Mesh vs. API Gateway
Tools For Evaluating Service Meshes
- Meshery.io: Open source tool for evaluating and contrasting service meshes
Service Mesh Testing
- itnext.io: Service Mesh Testing โ Tools & Frameworks (Open Source) There are quite a few open-source toolsets to test and measure performance impact of service meshes. In this article you will compare: Fortio, Nighthawk, Wrk2, Httpbin, Meshery, Isotope, Hyperfoil, Service-mesh-benchmark, Locust & more.
Consul Service Mesh
- consul.io
- medium: Consul in Kubernetes โ Pushing to Production
- medium: HashiCorp Consul: Multi-Cloud and Multi-Platform Service Mesh
- hashicorp.com: Get Started with Consul Service Mesh on Kubernetes ๐
- HashiCorp Consul Ingress Gateways and L7 Traffic Management in Kubernetes Learn about the advanced features of HashiCorp’s Consul service mesh that are valuable to both infrastructure operators and developers.
- hashicorp.com: HashiCorp Consul Ingress Gateways and L7 Traffic Management in Kubernetes ๐
- learn.hashicorp.com: Consul Service Mesh on Kubernetes Design Patterns
- hashicorp.com: Disaster Recovery for HashiCorp Consul on Kubernetes ๐ See the recovery steps to protect your data and secrets during an extended outage using Kubernetes and HashiCorp Consul.
- medium: A Practical Guide to HashiCorp Consul โ Part 1 ๐
- Fabio Load Balancer ๐ fabio is a fast, modern, zero-conf load balancing HTTP(S) and TCP router for deploying applications managed by consul. Register your services in consul, provide a health check and fabio will start routing traffic to them. No configuration required. Deployment, upgrading and refactoring has never been easier.
- hashicorp.com: Getting Started with HCP Consul: Frequently Asked Questions
Consul Connect
Linkerd Service Mesh
- Linkerd
- Announcing Linkerd 2.8: simple, secure multi-cluster Kubernetes
- cncf.io: Kubernetes network policies with Cilium and Linkerd
- cncf.io: Protocol detection and opaque ports in Linkerd
- thenewstack.io: Linkerd 2.0: The Service Mesh for Service Owners, Platform Architects, SREs
- cncf.io: Why Linkerd doesnโt use Envoy
- linkerd.io: Multi-cluster communication This guide will walk you through installing and configuring Linkerd so that two clusters can talk to services hosted on both.
- linkerd.io: Benchmarking Linkerd and Istio
- nais.io: Changing Service Mesh How we swapped Istio with Linkerd with hardly any downtime
- linkerd.io: Announcing Linkerd’s Graduation
- containerjournal.com: Linkerdโs CNCF Graduation Due to its Simplicity
- nais.io: Changing Service Mesh How we swapped Istio with Linkerd with hardly any downtime
- itnext.io: A Practical Guide for Linkerd Authorization Policies
- “Installed Linkerd in staging yesterday using Helm and Terraform. It was incredibly easy to setup and immediately helped me diagnose tricky latency issues between services. I have no idea why I didnโt do this sooner. Canโt wait to get this into production.”
- linkerd.io: Benchmarking Linkerd and Istio: 2021 Redux
- buoyant.io: Go directly to namespace jail: Locking down network traffic between Kubernetes namespaces
- linkerd.io: Announcing automated multi-cluster failover for Kubernetes
- thenewstack.io: Is Linkerd Winning the Service Mesh Race?
- medium.com/attest-product-and-technology: Debugging mislabelled route metrics from Linkerd
- buoyant.io: Upgrading to Linkerd 2.12: Zero-trust-ready route-based policy, Gateway API, access logging In this webinar, you’ll hear all about the Linkerd 2.12 release and what you need to know to upgrade. This massive release introduces route-based policy to Linkerd, allowing users to define and enforce authorization policies based on HTTP paths or gRPC methods in a fully zero-trust way. It also introduces support for iptables-nft and Apache-style access logging, authorizes all probes by default (even in default-deny clusters), and includes a host of other improvements and performance enhancements.
- medium.com/@eshiett314: Mutual TLS with Emissary-Ingress and Linkerd In this article, you’ll learn the meaning of Mutual TLS, why it is needed in Kubernetes and also implement it with Emissary-ingress
- weeraman.com: Getting started with Linkerd
- dev.to: Linkerd and GitOps
- buoyant.io: Multi-Cluster, Multi-Region Setup using Linkerd Service Mesh This article teaches how to enhance Kubernetes with multi-cluster architecture for improved availability, fault tolerance, and performance with a Service Mesh such as Linkerd
Maesh Service Mesh
Traffic Director (Google’s Service Mesh)
- Traffic Director overview
- Google Cloudโs Traffic Director โ What is it and how is it related to the Istio service-mesh?
- Google Traffic Director and the L7 Internal Load Balancer Intermingles Cloud Native and Legacy Workloads
- infoq.com: Introducing Traffic Director: Google’s Service Mesh Control Plane
- Traffic Director and gRPCโproxyless services for your service mesh
Google L7 Internal Load Balancer
Envoy Proxy Service Mesh
- Envoy
- Examining Load Balancing Algorithms with Envoy
- solo.io: Why the control plane matters. Control planes are different than data planes. Separating the control plane from data plane ๐
- ekglue - Envoy/Kubernetes glue Glue the Kubernetes API to Envoy’s xDS APIs
- amalaruja.medium.com: Basic HTTP Routing Strategies with Envoy
xDS protocol (Envoy’s Discovery Service Protocol)
- xDS REST and gRPC protocol
- “The gRPC project is adding support for the xDS protocol, think Envoy Proxy as a library, which will provide a subset of functionality without an external proxy. ๐คฏ The best part, xDS based control planes such as Istio, Traffic Director, and Consul Connect should just work.” Kelsey Hightower
Istio Service Mesh
Open Service Mesh
Kourier
- Kourier: A lightweight Knative Serving ingress
- https://github.com/knative/net-kourier : Kourier is an Ingress for Knative Serving. Kourier is a lightweight alternative for the Istio ingress as its deployment consists only of an Envoy proxy and a control plane for it.