Some of the key takeaways at the recent ServiceMeshCon conference were about service mesh usage in a multi-cluster environment, service mesh failure stories at scale, canary deployments as a great use case for service mesh, and using WebAssembly plugin to inject custom logic. The conference was held as a virtual event as part of KubeCon + CloudNativeCon Europe 2020 Conference
Christian Posta form Solo.io discussed multi-cluster Kubernetes and service mesh patterns. He talked about the challenges in adopting a service mesh across multiple clusters and across multiple meshes. Some of these challenges include federating identity, establishing a single pane of glass for observability, and developing policies for routing.
Posta described the Service Mesh Hub, a multi-cluster service mesh management plane, that helps with taking the operational burden away regardless of which service mesh you pick for your organization. He talked about the Virtual Mesh component used to register and manage multiple service meshes. The VirtualMesh CRD also allows to federate two meshes using the Identity Federation mode.
He showed how to configure two clusters and install service mesh hub to manage the service meshes running in those clusters. He also discussed how to configure traffic routing API in a multi-cluster aware way, using the sample BookInfo application. Multiple rules can be applied to a specific service using meshctl describe service
command.
Concluding his presentation, Posta mentioned that Kuma, which supports managing multiple service meshes in one cluster, recently joined the CNCF community.
In another session, Istio Simplified, Louis Ryan, principal engineer at Google, and Steve Dake, open source leader at IBM, talked about how to set up, configure and deploy Istio in production environment. They discussed the Istio architecture and recent changes made based on the feedback they received from the community in administering Istio.
Ryan said Istio is built on strict principles of microservices which promote team agility, including the deployment and ongoing support of those microservices in production. He discussed how they simplified the Istio architecture components by comparing version 1.4 to 1.5, in terms of Custom Resource Definitions (CRDs), control plane pods, and daemonsets. He also talked about what's coming up in Istio which includes safer in-place upgrades, reduce injection churn, and stock Envoy releases.
Dake showed, using a sample "Online Boutique" application, how to onboard new apps to Istio as well as upgrade Istio to new versions, with an example of rollout deployment that doesn't affect the applications.
At the ServiceMeshCon event, there were also other talks on WebAssembly for Istio telemetry and iteratively implementing Istio service mesh with no downtime.
Earlier in the conference, Posta welcomed the attendees to the second ServiceMeshCon event and delivered the opening remarks. He explained what a service mesh is, and discussed the need for applications to talk to each other over a network where the network is not always reliable. Service mesh solutions help with assigning the identity to applications instead of relying on previously established identity which may not be valid any more.
Posta said Service mesh adoption is real and mentioned the top three capabilities driving the adoption:
- mTLS/Security
- Observability
- Traffic control/routing
He stated the service mesh ecosystem is very vibrant right now with new releases from various projects in this space like Linkerd, Istio, Consul Connect, Kuma, Maesh, and AWS AppMesh.