Chapter 17. Service Mesh

Question 1

What is Service Mesh?

Answer 1

• network communication infrastructure layer for microservice-based application

Question 2

What does a Service Mesh allow?

Answer 2

• when multiple microservices are communicating with each other, a service mesh allows to decouple resilient communication patterns (like circuit breakers, timeouts, …) from the application code

Question 3

How is a Service Mesh implemented?

Answer 3

• usually using a sidecar proxy
• sidecar proxy: container, that runs alongside the primary application and compliments it with additional features like logging, monitoring and traffic routing

Question 4

What is the sidecar pattern implementing in a Service Mesh architecture?

Answer 4

• implements inter-service communication, monitoring or other features, that can be decoupled and abstracted away from individual services

Question 5

What are features of Service Mesh? (8)

Answer 5

• Communication - flexible and reliable communicatoin between various service instances
• Circuit breakers - restricts traffic to unhealthy service instances
• Routing - passes a REST request from the local service instance, to which the service is connected
• Retries and Timeouts - can automatically retry requests on certain failures and can timeout requests after a specific period
• Service Discovery - discovery healthy, available instances of services
• Observability - monitors latency, traces traffic flow and generates acces logs
• Authentication and Authorization - can authenticate and authorize incoming requests
• Transport Layer Security (TLS) Encryption - can secure service-to-service communication using TLS

Question 6

What planes exist in a service mesh?

Answer 6

• features (like software-defined networking) Data and Control planes
• Service Mesh Data Plane - implements the Service Mesh features, touches every packte/request in the system
• Service Mesh Control Plane - provides policy and configuration for the Data Plane. For example by using the control plane, we can specify the settings for load balancing, weighted load balancing and circuit breakers

Question 7

Name a few Service Mesh implementations

Answer 7

• Envoy (open source)
• Consul (open source)
• Istio (open source)
• Kuma
• Linkerd (open source)
• Traefik Mesh (open source)
• Meshery (open source)

Question 8

What is Envoy? What kind of architecture has it?

Answer 8

• open source project, that provides a proxy and communication bus for large, modern, service-oriented architectures
• has out of process architecture - therefore not dependent on application code, sidecar pattern

Question 9

What How is Istio build up?

Answer 9

Two planes:
- Data Plane: composed of set of Envoy proxies deployed as sidecars to provide medium for communication and to control all network communication between microservices
- Control Plane: manages and configures proxies to route traffic, enforces policies at runtime, and collects telemetry. Includes the Citaled, Gallery and Pilot

Question 10

What are Istio main components?

Answer 10

• Envoy Proxy: Istio uses extended version of envoy proxies. implements it using features like load-balancing, dynamic service discovery, health checks. Deployed as sidecars
• Istiod - provides service discovery, configuration and certificate management

Question 11

Benefits of Istio?

Answer 11

• traffic control with rich routing rules and automatic load balancing
• internal and external Gateway supports
• network resiliency
• security and authentication