As the adoption of microservices and their underlying orchestration platforms has accelerated in the last couple of years, service mesh has become a very important instrument for an effective 12-factor application development and deployment in production. And a lot of organizations have adopted services meshes to resolve their distributed systems challenges such as latency in the network, securing service to service discovery and communication, and removing multiple third-party libraries which different teams adopt to resolve similar challenges.
But are we utilizing our Service Mesh layer to the fullest?
Many implementations of Service Mesh are still at a nascent stage and there are valid reasons for that as mesh infrastructure layer is not easy to set up if your IT infrastructure team is trying that for the first time. On top of that development teams are scrambling to lift and shift your current applications and just trying to fit their current applications into the board puzzle of microservices infrastructure and cloud deployments.
But as we become more familiar with Service Mesh we should start using some of the advanced features of this infrastructure layer. One such service mesh implementation provider, Istio, lists here all the available features.
Out of many listed features from Istio, OpenShift Container Platform(OCP) recently adopted some of the important features in their 4.10 release. My favorite features in this release are Service Mesh proxy Extensions with the use of WebAssembly and Federation across multi-tenant or multi-cluster OCP deployments.
Service Mesh Envoy Proxy Extensions
With Mixer being removed from Openshift Service Mesh upstream project Istio, we now have WebAssembly(WASM) available to us for extending Envoy proxy with the latest version of Istio. Mixer had multiple drawbacks, as It could become a central bottleneck and resource hog and extensions could only be written in C++.
WebAssembly is a format that allows extensions to be written in more than 15 programming languages. The Istio and Envoy communities have been developing Wasm extensibility into Envoy since Istio 1.5. This will allow mesh operators to incorporate custom cross-cutting functionality at the proxy level. One very important use case of using extensions is doing request and response caching at the proxy level which could prove to be very effective. WASM gives us the liberty to implement the caching mechanism in many dimensions. One use case of such extension is very well explained in this blog post which was done with an older version of OCP. Hopefully, for my future blog post, I would be able to expand on this use case with the latest version of OCP.
Service Mesh Federation
Federation by OpenShift Service Mesh provides a guided path for sharing services between meshes - both within a single multi-tenant OpenShift cluster and across different OpenShift clusters. Using this feature you can facilitate multi-cluster service mesh use cases, where each mesh is managed by an independent control plane and information sharing is controlled via Import and Export resources.
Federated service meshes maintain tenant boundaries with services shared on a “need to know” basis. This does not require cross-cluster API Server connectivity as well. With some limitations, this does require careful planning while setting up your clusters and should seriously be considered to enable better security between your clusters.
There are many more features that I am planning to explore in my future blog post with some concrete example use cases which hopefully will give you some more clarity on the many benefits Service Meshes bring to the new universe of Microservices.