Chapter 17. Service Mesh Flashcards
What is Service Mesh?
- network communication infrastructure layer for microservice-based application
What does a Service Mesh allow?
- when multiple microservices are communicating with each other, a service mesh allows to decouple resilient communication patterns (like circuit breakers, timeouts, …) from the application code
How is a Service Mesh implemented?
- usually using a sidecar proxy
- sidecar proxy: container, that runs alongside the primary application and compliments it with additional features like logging, monitoring and traffic routing
What is the sidecar pattern implementing in a Service Mesh architecture?
- implements inter-service communication, monitoring or other features, that can be decoupled and abstracted away from individual services
What are features of Service Mesh? (8)
- Communication - flexible and reliable communicatoin between various service instances
- Circuit breakers - restricts traffic to unhealthy service instances
- Routing - passes a REST request from the local service instance, to which the service is connected
- Retries and Timeouts - can automatically retry requests on certain failures and can timeout requests after a specific period
- Service Discovery - discovery healthy, available instances of services
- Observability - monitors latency, traces traffic flow and generates acces logs
- Authentication and Authorization - can authenticate and authorize incoming requests
- Transport Layer Security (TLS) Encryption - can secure service-to-service communication using TLS
What planes exist in a service mesh?
- features (like software-defined networking) Data and Control planes
- Service Mesh Data Plane - implements the Service Mesh features, touches every packte/request in the system
- Service Mesh Control Plane - provides policy and configuration for the Data Plane. For example by using the control plane, we can specify the settings for load balancing, weighted load balancing and circuit breakers
Name a few Service Mesh implementations
- Envoy (open source)
- Consul (open source)
- Istio (open source)
- Kuma
- Linkerd (open source)
- Traefik Mesh (open source)
- Meshery (open source)
What is Envoy? What kind of architecture has it?
- open source project, that provides a proxy and communication bus for large, modern, service-oriented architectures
- has out of process architecture - therefore not dependent on application code, sidecar pattern
What How is Istio build up?
Two planes:
- Data Plane: composed of set of Envoy proxies deployed as sidecars to provide medium for communication and to control all network communication between microservices
- Control Plane: manages and configures proxies to route traffic, enforces policies at runtime, and collects telemetry. Includes the Citaled, Gallery and Pilot
What are Istio main components?
- Envoy Proxy: Istio uses extended version of envoy proxies. implements it using features like load-balancing, dynamic service discovery, health checks. Deployed as sidecars
- Istiod - provides service discovery, configuration and certificate management
Benefits of Istio?
- traffic control with rich routing rules and automatic load balancing
- internal and external Gateway supports
- network resiliency
- security and authentication