Historically, developers independently implemented error handling, observability, and security within each application or microservice to ensure the success of inbound and outbound communication requests. However, as different teams repeated the process and coded similar functionality into each application (often using different programming languages), complexity, fragmentation, and security vulnerabilities were introduced into the environment.
A service mesh addresses this problem by “outsourcing” the management of service-to-service communication requests to an out-of-process application. Typically implemented alongside the workload as a “sidecar” proxy, a service mesh simplifies and streamlines runtime operations. Comprising a “data plane” of interconnected network proxies and a “control plane” for configuring the proxies and collecting metrics, it provides a shared infrastructure layer to manage intra-service runtime communications within a distributed, microservice-based software architecture.
Application agnostic and fully portable, the service mesh can be adopted by an organization to support any service written in any language or framework. Adding uniform capabilities across the environment, a service mesh provides authentication, authorization, discovery, encryption, load balancing, logging, observability, routing, and tracing.
While implementing a service mesh has zero impact on application code (other than “desired changes” such as the removal of redundant functionality handled by the mesh, propagating mesh headers to enable tracing, or other changes to maximize the benefits of the mesh), it does affect operational procedures and requires the familiarization of DevOps personnel with new concepts and technologies. Additionally, as an emerging technology, taking the time to choose the right service mesh for your organization is essential due to the additional complexity, latency, and resource consumption involved.
Although service mesh patterns can be applied to both monolithic and microservice-based applications, this study focuses on the latter running on various platforms, including containers/Kubernetes and virtual machines (VMs). Also known as K8s, Kubernetes is an open source orchestration platform automating the deployment, management, and scaling of containers.
This report provides an overview of the service mesh landscape based on the following table stakes, which are mature, stable solution features common across all service meshes:
- Dedicated Infrastructure Layer: Delivering fast, reliable, and secure service-to-service communications, a service mesh is a dedicated infrastructure layer fully integrated within the distributed application to control the delivery of service requests. The infrastructure layer provides several functions, including service discovery, authentication and authorization, health checks, failure recovery, load balancing, and observability via the “data plane.”
- Sidecar Implementation: Like a sidecar attached to a motorcycle, a sidecar implementation provides third-party functionality alongside the actual workload within the container. A service proxy—such as Envoy—is attached to a workload during deployment to manage service-to-service communications within a service mesh. All management capabilities required by the workload (monitoring, control, and security) are implemented without changing a single line of application code.
- Control Plane Configuration: Comprising a set of APIs and tools used to control proxy behavior across the mesh, the control plane automatically configures data plane service proxies. Transforming a collection of isolated, stateless sidecar proxies into a distributed system, the control plane implements policies across all data planes running within the mesh.
- Control Plane Telemetry: In addition to configuring and managing proxies used to route traffic and enforce policies, the control plane collects telemetry data for each request. The detailed statistics, logging, and distributed tracing data collected provide observability into service behavior for troubleshooting, maintenance, and service optimization.
With many different service meshes and options available—and the landscape evolving—choosing the best service mesh for your organization depends on your use cases, existing software stack, architectural choices, and in-house capabilities. Your internal resources and skillsets most likely will influence your decision as to whether you adopt a lightweight, developer-friendly service mesh such as Linkerd or NGINX, or an Istio-based solution.
We recommend using this report to explore the different service meshes and delivery models available on the market, while identifying those matching your business requirements, use cases, and capabilities. Then, contact the relevant open source community or commercial vendor for additional information on features, deployment models, and cost…
Chris is highly technical and has excellent organizational and follow up skills. I assigned Chris several initiatives while assigned to my team and his performance was exceptional. He is self motivated and has extensive technical knowledge.
Chris is one of the most brilliant technologists and charismatic speakers I’ve met in a long time. He’s an absolute creative, has a mind focused on solutions, and is driven by a deep belief in what he does. He’s both an inspirational leader and great colleague. I’d work with Chris again any day of the week.
As Chris’ Editor for Exploring IPv6, a Day One book, he kept to his schedule, output exceedingly lucid prose, and gave a sense of instructional design to an extraordinary tough technology to deploy. On time, better than could be expected, and executed with grace.
We appreciated his work ethics and clarity of thought. His mind was always on the “next step” and kept us all on our toes.
Chris consistently generates and delivers on new and creative ideas both within the guided bounds of a project or team goal as well as when left unbounded and allowed to explore. In addition Chris is a great team player willing to help whenever asked. Chris is also a competent and organized leader with great communication skills capable of managing projects from inception to completion.
Chris is a strong team player with tremendous attention to detail. His approach was always well thought out with solid backing to his ideas. His role and growth in the company were key to its survival. He was also very willing and able to wear multiple hats and was a flexible asset to have on hand.
Chris is an excellent organizer and leader with vision and energy. He pulled together the Colorado Chapter of the Internet Society, wrote the inital by-laws and saw the process through to the actual chapter formation.
Chris is a great asset to any company. His dedication and drive for results makes him a consistent high achiever.
We hired Chris with high expectations. He quickly proved to be a good choice as he grasped new concepts exceptionally well and showed an aggressive personal learning regimen, surpassing his peers. I would highly recommend Chris in his future endeavors.
I enjoy working with him on a professional and personal level.
Chris is a consummate professional. Motivated, expressive, talented in everything he attempts. His skills in making things happen for the better are top notch.
Chris Grundemann was among the most energetic and competent members of our Council throughout his time as an elected member. I found(find) Chris a most thoughtful man who brought insight and experience to the role, but was also always a genuine and professional member exerting leadership with tact and good humor. I think highly of Chris both as a technical professional and community leader, but also as a trusted friend.
Chris is one of the sharpest minds you will be lucky to come across, whether in a personal or professional setting. His ability to cut through the noise and see the relevant elements and data in any situation is remarkable.
Chris is intensely focused, dedicated, and capable. He absorbs and synthesizes data quickly, finds the leverage points, focuses on what matters, and delivers results. Any high-performing team will get a boost from engaging with Chris.
His intelligence and wit are only outshone by his friendly and helpful nature. Working with Chris is always a pleasure and a smashing success.
Chris is technically creative, hard working, and extraordinarily effective at working with both internal and external technical expert communities. A pleasure to have had on the team at CableLabs. I fully expect him to significantly move his organization and the industry.
Chris was an amazing colleague to work with. I admire his ability to understand very technical concepts as well as business and market driven ones. He has amazing stakeholder management skills, and has the ability to build relationships and manage working groups and teams. He is a true leader who is very passionate about whatever he is working on. His desire for framing strategic direction and leading execution would be an asset to any organization. I would welcome any opportunity to work with Chris again.