The document discusses service mesh and compares different service mesh solutions. It defines service mesh as providing a language-neutral standard attachment to application containers, enabling configuration of policies without redeploying applications, and separating application and attachment concerns. It compares key service mesh players like Envoy, Istio, Linkerd, Consul Connect, AWS App Mesh, Kong Kuma, and the Service Mesh Interface project. The document provides overviews of each solution's origins, architecture, and value propositions.

1. Photo by Markos Mant on Unsplash
The Crazy Service
Mesh Ecosystem Lin Sun
Senior Technical Staff Member, IBM
Twitter: @linsun_unc
Koto Feja / Getty Images

2. IBM Cloud
Why Service Mesh?

3. IBM Cloud
try {
HttpResponse response = httpClient.get(
“http://secretsauce.internal/recipe”);
cook(response.body);
} catch (NetworkError ne) {
fixmePleaseOMG(ne);
}
Credit to Louis Ryan for this fun example

4. IBM Cloud
try {
// Load balancing
IP ip = DNS.lookupSRV(“secretsauce.internal”).pickOne();
HttpResponse response = httpClient.open(ip).get(
“http://secretsauce.internal/recipe”);
cook(response.body);
} catch (NetworkError ne) {
fixmePleaseOMG(ne);
}
Credit to Louis Ryan for this fun example

5. IBM Cloud
for (int i = 0; i < 3; i++) { // Retry
try {
IP ip = DNS.lookupSRV(“secretsauce.internal”).pickOne();
HttpResponse response = httpClient.open(ip).get(
“http://secretsauce.internal/recipe”);
cook(response.body);
} catch (NetworkError ne) {
if (i == 2) fixmePleaseOMG(ne);
else Thread.sleep(random(5) * 1000);
}
}
Credit to Louis Ryan for this fun example

6. IBM Cloud
Secret key = new Secret(new File(“/somewhere/safe/key”);
for (int i = 0; i < 3; i++) {
try {
IP ip = DNS.lookupSRV(“secretsauce.internal”).pickOne();
HttpResponse response = httpClient.open(ip)
.setHeader(“Authorization”, key.toString())
.get(“http://secretsauce.internal/recipe”);
cook(response.body);
} catch (NetworkError ne) {
if (i == 2) fixmePleaseOMG(ne);
else Thread.sleep(random(5) * 1000);
}
}
Credit to Louis Ryan for this fun example

7. IBM Cloud
Secret key = new Secret(new File(“/somewhere/safe/key”);
for (int i = 0; i < 3; i++) {
try {
IP ip = DNS.lookupSRV(“secretsauce.internal”).pickOne();
HttpResponse response = httpClient.open(ip)
.setHeader(“Authorization”, key.toString())
.get(“http://secretsauce.internal/recipe”);
log(“Success”);
cook(response.body);
} catch (NetworkError ne) {
log(“Failed”);
if (i == 2) fixmePleaseOMG(ne);
else Thread.sleep(random(5) * 1000);
}
}
Credit to Louis Ryan for this fun example

8. IBM Cloud

9. IBM Cloud
Imagine you have
many services like
this room.
Each may use
different languages.

10. IBM Cloud
Each service owner
needs to build all
these?
Can we trust each
service owner to
build all these
consistently?

11. IBM Cloud
What exactly is
service mesh?

12. IBM Cloud

13. IBM Cloud

14. IBM Cloud
A Service Mesh is…
Language neutral Dummy initialization Program the attachment to be smartVisibility +

15. IBM Cloud
Before Service Mesh

16. IBM Cloud
Add to mesh command
Dummy initialization Visibility +

17. IBM Cloud
apply policy command
Program the attachment to be smart
mTLS
mTLS

18. IBM Cloud
Key Benefits
- Provides language neutral standard attachment to
your application container
- Provides user interfaces to configure policies for the
attachment, without redeploying your application
- Enables clear separation from the application (Dev)
and attachment (Ops)

19. IBM Cloud
Do you really need
service mesh?

20. IBM Cloud
Navigate the Ecosystem
- Is it an open-source project governed by a diverse
contributor base?
- Does it use a proprietary proxy?
- Is the project part of a foundation?
- Does it contain the feature set you need?
- Does it integrate well with the existing system you
have?

21. IBM Cloud
Key Service Mesh Players
- Envoy
- Istio
- Linkerd
- Consul Connect
- AWS App Mesh
- Kong Kuma
- AspenMesh
- Service Mesh Interface

22. IBM Cloud
Envoy
- Created at Lyft
- Graduated CNCF Project
- Written in C++
- Out of process architecture
- Advanced load balancing
- APIs for config mgmt
- Observability

23. IBM Cloud

24. IBM Cloud
Istio
- Co-founded by IBM, Google and Lyft
- Use Envoy as sidecar
- Open service mesh platform
- Very rich feature sets
- Knative built on top of Istio

25. IBM Cloud

26. IBM Cloud
Linkerd
- CNCF incubating project
- Use home grown sidecar written in Rust
- mTLS among services, observability, traffic shifting
- Focus on Kubernetes
- Known for simple UX and zero config

27. IBM Cloud

28. IBM Cloud

29. IBM Cloud
Consul Connect
- Developed by Hashicorp
- Open-source project
- Extends existing Consul offering
- Use Envoy as sidecar
- Integrate with Vault to manage security
certificates
- mTLS among microservices, observability & L7
traffic management

30. IBM Cloud
App Mesh
- Cloud service hosted by AWS
- Not open source
- Support for all compute services in AWS
- Use envoy as sidecar proxy
- Similar control plane as Istio’s
- Focus on traffic routing and telemetry

31. IBM Cloud
Kong Kuma
- Universal open-source control plane
- Use envoy as sidecar proxy
- Run natively across Kubernetes and VM
- mTLS among services, observability, proxy config
templating
- Multi-tenancy

32. IBM Cloud
AspenMesh
- A supported distribution of the Istio project
- UI/Dashboard to view and manage Istio resources
- Istio Vet
- Interesting business model

33. IBM Cloud

34. IBM Cloud
Service Mesh Interface
- Relatively New, announced KubeCon EU 2019
- Microsoft, partnered with Solo.io, Linkerd, Hashicorp
and Vmware etc.
- Attempt to find a common ground for service mesh
on Kubernetes

35. IBM Cloud

36. IBM Cloud
Demo time!

37. IBM Cloud
• Preview available around
KubeCon US 2019
• Final book available by
end of 2019