Service mesh

Paradigm to implement common functionalities in microservices environments, is based on the concept that each microservice is paired with a sidecar container that implements these services, the implemented ones are

flowchart LR subgraph pod1 direction TB A@{shape: proc,label: sidecar} B@{shape: proc,label: container} A ~~~ B end subgraph pod2 direction TB C@{shape: proc,label: sidecar} D@{shape: proc,label: container} C ~~~ D end subgraph pod3 direction TB E@{shape: proc,label: sidecar} F@{shape: proc,label: container} E ~~~ F end pod1 ~~~ pod2 ~~~ pod3

monitoring sinks
communication east west
security in communication east west
reliability

🔷 Note

This are common challenges in the migration from monolith application to microservices distributed systems

What is a service mash?

Service mash is an infrastructural layer service, it’s divided in 2 layer a data plane and a control plane

--- title: Data mesh --- flowchart TD subgraph data_plane direction LR subgraph pod1 direction TB A@{shape: proc,label: sidecar} B@{shape: proc,label: container} A ~~~ B end subgraph pod2 direction TB C@{shape: proc,label: sidecar} D@{shape: proc,label: container} C ~~~ D end pod1 ~~~ pod2 end subgraph control_plane direction LR subgraph control_pods direction LR E@{shape: db,label: etcd} F@{shape: proc,label: controller1} E ~~~ F end end data_plane ~~~ control_plane

The control plane manages north/south communication, sidecar deployments, service discovery and records on the database

⚠️ Warning

The service mesh has a big overhead due to the number of containers that duplicates because of the sidecar containers and the descriptor configuration management

Over service mesh limits: ambient mash

To avoid container duplication the sidecar container is moved to namespace level and communication between pods is secured using a ztunnel (zero trust tunnel)

--- title: Ambient mesh --- flowchart TD subgraph data_plane subgraph namespace direction LR A@{shape: proc,label: container} B@{shape: proc,label: container} C@{shape: hex,label: sidecar} A ~~~ B ~~~ C A <-- ztunnel --> B end end subgraph control_plane direction LR subgraph control_pods direction LR E@{shape: db,label: etcd} F@{shape: proc,label: controller1} E ~~~ F end end data_plane ~~~ control_plane

🔷 Note

this is a minor improvement but still better than nothing

network service mash

Service mesh is an infrastructural layer that works at layer 4 and above, the network service mesh is a variant that operates at layer 2 and 3 to connect multi site clusters.