The document discusses the evolution and current state of service mesh technologies within the framework of cloud-native computing, emphasizing their role in building scalable applications across various cloud environments. It highlights how these technologies, including containers and microservices, enhance system resilience and manageability through automation and open-source projects supported by the Cloud Native Computing Foundation (CNCF). Key components such as control and data planes, along with examples like Istio and Envoy, are mentioned as integral to modern application architectures.

1. , 2 , ,1 21 21 1, 0 ,
Service Mesh Status Quo 2018
2019 Service Mesh

3. 1970 1980 1990 2000 2010 2020

4. CNCF Cloud Native Definition v1.0
Cloud native technologies empower organizations to build and run scalable applications in modern, dynamic environments such as public, private, and hybrid
clouds. Containers, service meshes, microservices, immutable infrastructure, and declarative APIs exemplify this approach.
These techniques enable loosely coupled systems that are resilient, manageable, and observable. Combined with robust automation, they allow engineers to
make high-impact changes frequently and predictably with minimal toil.
The Cloud Native Computing Foundation seeks to drive adoption of this paradigm by fostering and sustaining an ecosystem of open source, vendor-neutral
projects. We democratize state-of-the-art patterns to make these innovations accessible for everyone.
https://github.com/cncf/toc/blob/master/DEFINITION.md
Cloud Native CNCF

7. Fallacies of distributed computing
https://en.wikipedia.org/wiki/Fallacies_of_distributed_computing

9. Buoyant’s CEO William Morgan https://blog.buoyant.io/2017/04/25/whats-a-service-mesh-and-why-do-i-need-one/

10. Service Mesh
①

11. PodPodPod
https://docs.microsoft.com/ja-jp/dotnet/standard/microservices-
architecture/implement-resilient-applications/implement-circuit-breaker-pattern
PodPodPod
PodPodPod

12. PodPodPod
PodPodPod
PodPodPod
Service Breaker Destination Rule (Istio)
https://istio.io/docs/tasks/traffic-management/circuit-breaking/
Service Mesh

13. Service Mesh
Data Plane
Control Plane
Envoyproxy Blog: Service mesh data plane vs. control plane
https://blog.envoyproxy.io/service-mesh-data-plane-vs-control-plane-2774e720f7fc
Control Plane
Data Plane Mesh
Data Plane
② Control Plane Data Plane

14. Service Mesh
https://github.com/istio/istio
https://github.com/linkerd/linkerd
https://github.com/runconduit/conduit
https://www.consul.io/
https://www.envoyproxy.io/

15. https://twitter.com/IstioMesh/status/1024339027531624451

16. https://blog.linkerd.io/2018/09/18/announcing-linkerd-2-0/
https://github.com/linkerd/linkerd/issues/2018

17. https://www.hashicorp.com/blog/consul-1-2-service-mesh https://github.com/cncf/landscape/pull/1009
Cloud Native Computing Foundation Announces
Envoy Graduation
https://www.cncf.io/announcement/2018/11/28/cncf-
announces-envoy-graduation/

18. https://kubedex.com/istio-vs-linkerd-vs-linkerd2-vs-consul/
https://docs.google.com/spreadsheets/d/1OBaKrwR030G39i0n_47i-hzcFJ966bJjGArXVKX39_k/

19. https://trends.google.com/trends/explore?date=2017-01-01%202018-12-
17&q=Istio,Linkerd,Hashicorp%20Consul,Envoy%20Proxy
★ Star # (Dec 17, 2018)
Istio 13,865
Linkerd 4,792
Linkerd2 3,004
Consul 14,319
Envoy 7,608

21. “ENVOY IS AN OPEN SOURCE EDGE
AND SERVICE PROXY, DESIGNED
FOR CLOUD-NATIVE APPLICATIONS”
https://www.envoyproxy.io/
Istio
• Dynamic service discovery
• Load balancing
• TLS termination
• HTTP/2 and gRPC proxies
• Circuit breakers
• Health checks
• Staged rollouts with %-based traffic split
• Fault injection
• Rich metrics

22. https://techlife.cookpad.com/entry/2018/05/08/080000
KubeCon 2018 Seattle
https://envoyconna18.sched.com/event/HDdu/building-operating-a-service-mesh-at-a-mid-size-company-taiki-ono-cookpad-inc

23. Demo Code: https://github.com/yokawasa/envoy-proxy-demos/tree/master/front-proxy

24. Front-envoy
process
Front-envoy container
service3
envoy process
Service3 Container
service3
app process
service1
envoy process
Service1 Container
service1
app process
service2
envoy process
Service2 Container
service2
app process
Port 80
Port 80
Port 80
8080
8080
8080
Front envoy
listens on
port 80

25. https://istio.io

26. • Pilot:
• Mixer:
• Citadel:
https://istio.io/docs/concepts/what-is-istio/

27. Discovery & Load Balancing
round robin, random, weighted least request
Traffic Splitting
A/B testing, canary rollouts, staged rollouts
Traffic Control
Handling Failures
circuit breakers, timeouts, and retries
Fault Injections
delays or abort
Rate Limiting
Distributed Tracing
Collecting Logs & Metrics
Service Graph
Authentication Policy
Mutual TLS Authentication
Istio RBAC
https://istio.io/docs/concepts/what-is-istio/

28. https://www.slideshare.net/yokawasa/istio-114360124

29. • Demo Code: https://github.com/istio/istio/tree/master/samples/bookinfo
• Setup: https://github.com/yokawasa/azure-container-labs/blob/master/labs/aks-202-istio-top.md

30. Product
page
Mixer
Pilot
Citadel
Ingress
gateway
Review
V1
Review
V2
Review
V3
Ratings
Details

32. https://github.com/istio/istio/tree/master/tools

33. Mixer
Cache
5ms

34. Istio Proxy
10ms
Proxy Mixer

35. • :
• https://istio.io/docs/reference/config/installation-options/
• Minimal Istio Installation:
• https://istio.io/docs/setup/kubernetes/minimal-install

37. Service Mesh
Service Fabric Mesh
Istio on GKE
App Mesh

38. k8s Service Mesh
Knative - https://github.com/knative/docs

39. •

43. https://istio.io/docs/concepts/security/

44. Istio multicluster

46. Figure 1-1. Traditional network security architecture

47. • Zero Trust Control plane vs Data plane
• Zero Trust Control plane
• Zero Trust Data Plane: Control Plane

49. k8s Service Mesh

50. https://www.slideshare.net/hiromasaoka/noops-125109991