Open In App

What Is Kubernetes Service Mesh ?

Last Updated : 06 Feb, 2024
Improve
Improve
Like Article
Like
Save
Share
Report

Service mesh allows in Kubernetes that the services can be discovered and talk to other services. In addition, it implements smart routing which targets the creation of what connections these endpoints or services make it to API calls and just how is traffic shared among them. As a result, it enables canaries or rolling upgrades, blue/green, and other sophisticated deployment tactics.

Kubernetes Service Mesh Definition

  • Cloud-native applications frequently run in containers as part of a distributed microservices architecture. Kubernetes deployments have become the de-facto standard for the orchestration of these containerized applications.
  • Microservices sprawl, a kind of exponential growth in microservices, is one unintended outcome of using a microservices architecture. This kind of growth presents challenges within a Kubernetes cluster surrounding authentication and authorization, routing between multiple versions and services, encryption, and load balancing.
  • A service mesh is a mesh of Layer 7 proxies, not a mesh of services. Microservices can use a service mesh to abstract the network away, resolving many of the challenges arising from talking to remote endpoints within a Kubernetes cluster.
  • Building on Kubernetes allows the service mesh to abstract away how inter-process and service-to-service communications are handled, as containers abstract away the operating system from the application.

Kubernetes-Service-Mesh

What Is Kubernetes Service Mesh?

  • A Kubernetes service mesh is a tool that inserts security, observability, and reliability features to applications at the platform layer instead of the application layer.
  • Service mesh technology predates Kubernetes. However, growing interest in service mesh solutions is directly related to the proliferation of Kubernetes-based microservices and a resulting interest in Kubernetes service mesh options.
  • Microservices architectures are heavily network reliant. Service mesh manages network traffic between services.
  • The service mesh in Kubernetes is typically implemented as a set of network proxies. Deployed alongside a “sidecar” of application code, these proxies serve as an introduction point for service mesh features and manage communication between the microservices. The data plane of the Kubernetes service mesh is made up by the proxies, which the control plane controls.
  • Kubernetes and service mesh architectures arose as cloud native applications flourished. Hundreds of services may comprise any given application, and there may be thousands of instances of each service. Each of those instances demand dynamic scheduling as they change rapidly, which is where Kubernetes comes in.
  • Clearly, this is a highly complex system of service to service communications, but it’s also a basic, normal part of runtime behavior for a standard application. To ensure the app is reliable, secure, and performs well end-to-end, insightful management is essential.

How Does Kubernetes Service Mesh Work?

  • Distributed applications in any architectural environment, including the cloud, have always required rules to control how their requests get from place to place. A Kubernetes service mesh or any type of service mesh does not introduce new logic or functionality to the runtime environment. Instead, Kubernetes network service mesh abstracts the logic that controls service to service communications to a layer of infrastructure and out of individual services.
  • Service mesh layers atop Kubernetes infrastructure to render inter-service communications over the network reliable and safe. Kubernetes service mesh works similarly to how a tracking and routing service for shipped mail and packages does. It tracks routing rules and directs traffic and package routes dynamically based on those rules to ensure receipt and accelerate delivery.
  • The components of a service mesh include a data plane and a control plane. Lightweight proxies distributed as sidecars comprise the data plane. Users can deploy these proxy technologies to build a service mesh in Kubernetes. The proxies in Kubernetes are in every application-adjacent pod and are run as cycles.
  • Service mesh on Kubernetes architectures also enables secure communication between services. For example, with Kubernetes network service mesh users can enforce communication policies that deny or allow specific types of communication—such as enforcing a policy that denies production services access to development environment client services.
  • Various Kubernetes service mesh options enable users to observe and monitor even highly distributed microservices systems. Kubernetes service mesh also frequently integrates with other tracing and monitoring tools to enable improved discovery and visualization of API latencies, traffic flow, dependencies between services, and tracing.
  • This level of functionality is essential to monitoring complex cloud native applications and the distributed microservices environments that comprise them. Observability and granular insights are critical for a higher level of operational control.

What Is Istio Kubernetes Service Mesh?

  • Istio is an open source, Kubernetes service mesh example that has become the service mesh of choice for many major tech businesses such as Google, IBM, and Lyft. Istio shares the data plane and control plane that all service meshes feature, and is often made up of Envoy proxies. These proxies are deployed within each Kubernetes pod container as sidecars, establishing connections to other services and moderating communications with them.
  • Other components collect metrics on traffic and respond to various data plane queries such as access control, authentication and authorization, or quota checks. They can also interface with monitoring and logging systems, depending on which adapters are enabled, and provide encryption and authentication policies and enforcement. For example, Istio supports TLS authentication and role-based access control.
  • Many other tools integrate with Istio to expand its capabilities.

Benefits Of Service Mesh In Kubernetes

  • Microservices architecture has been a key step in the move towards cloud native architecture. While it provides flexibility, microservices architecture is also inherently complex. Container services can manage and deploy microservices architectures, but as they grow and sprawl, insight becomes more limited.
  • An example of a service mesh is creating simplifications of some of the complexities as the services of multiple stack layers can be accessed in a single infrastructure layer regardless of any integrations or code alterations carried out by the application developers.
  • This improves the speed and reliability of communications between services. From the perspective of the management component, a service mesh in Kubernetes implementation also provides observability through logging, tracing and monitoring; coarse granularity based traffic management; security in terms of encryption, authentication and authorization; and failure recovery.
  • In practice, using a Kubernetes service mesh makes it easier to implement security and encryption between services and reduces the burden on dev-Ops teams. A service mesh also makes tracing a service latency issue simpler. And although different service meshes provide different features, common capabilities include:
    • API (Kubernetes Custom Resource Definitions (CRD), programmable interface)
    • Communication resiliency (circuit-breaking, retries, rate limiting, timeouts)
    • Load balancing (consistent hashing, least request, zone/latency aware)
    • Observability (alerting, Layer 7 metrics, tracing)
    • Routing control (traffic mirroring, traffic shifting)
    • Security (authorization policies, end-to-end mutual TLS encryption, service level and method level access control)
    • Service discovery (distributed cache)

Kubernetes Security Booost: VMware NSX & Tanzu Service Mesh

  • The VMware NSX Advanced Load Balancer integrates with the Tanzu Service Mesh (TSM) which is built on top of Istio with value added services. By expanding on the TSM solution, VMware NSX Advanced Load Balancer offers north-south connectivity, security, and observability inside and across Kubernetes clusters, and multiple sites and clouds.
  • In addition, enterprises are able to connect modern Kubernetes applications to traditional application components in VM environments and clouds, secure transactions from end-users to the application, and seamlessly bridge between multiple environments.

Conclusion

A service mesh has many benefits in a modern, large, and dynamic networking environment, such as Kubernetes-based systems, where new workloads are deployed constantly, pods come and go, and instances scale up or down. The service mesh externalizes all the networking concerns from the applications.

Kubernetes Service Mesh – FAQs

What Value Does A Service Mesh Provide?

Distributed application services are controlled by service meshes which provide visibility, traffic, resiliency and security. Much value is promised here, especially insofar as much is given without the need to change your application code.

What If I Deploy One service mesh Like Istio, Then I Need To Switch To Another Service Mesh?

To circumvent switching costs across service meshes, Service Mesh Interface specification can be applied. The aim of SMI specifications is to create a generic standard through which one can interact with any type of mesh.

What Are Service Mesh Standards And Why Do They Matter?

Three service mesh abstractions have arisen given the high number of service meshes available (see the Service Mesh Landscape)

  • Service Mesh Performance (SMP) – A standard for capturing and characterizing service mesh performance.
  • Service Mesh Interface (SMI) – A standard interface for using common service mesh functionality on Kubernetes.

How Does A Service Mesh Help Me In My Role?

Developers can change their minds and send their internal stakeholders to a canary that has beta functions, without having to deal with Operators.

  • Also security experts are able to declaratively define how authentication and authorization should look like, as enforced by the service mesh.
  • Earlier Network Engineers could only do certain things, but now they have an opportunity to control applications at a very high degree of control.

When Should I Use A Service mesh?

There are various service meshes other than deployment models of choice. For you and your organization what is right, depends on where you are in your skill set curve (Cloud Native”), the number of services, for which infrastructure, and how important technology is to business.



Like Article
Suggest improvement
Next
What is Azure Kubernetes Service?
Share your thoughts in the comments

Similar Reads

Kubernetes - Monolithic Architecture of Kubernetes
Kubernetes - Creating Deployment and Services using Helm in Kubernetes
Why Kubernetes? Benefits of using Kubernetes
Kubernetes Controller VS Kubernetes Operator
Kubernetes - Service
Kubernetes - Load Balancing Service
Kubernetes - Service DNS
What is Azure Kubernetes Service?
Kubernetes - NodePort Service
Types of Service in Kubernetes

R
rushisupekar20
Article Tags :
We use cookies to ensure you have the best browsing experience on our website. By using our site, you acknowledge that you have read and understood our Cookie Policy & Privacy Policy
Lightbox