DZone
Thanks for visiting DZone today,
Edit Profile
  • Manage Email Subscriptions
  • How to Post to DZone
  • Article Submission Guidelines
Sign Out View Profile
  • Post an Article
  • Manage My Drafts
Over 2 million developers have joined DZone.
Log In / Join
Refcards Trend Reports Events Over 2 million developers have joined DZone. Join Today! Thanks for visiting DZone today,
Edit Profile Manage Email Subscriptions Moderation Admin Console How to Post to DZone Article Submission Guidelines
View Profile
Sign Out
Refcards
Trend Reports
Events
Zones
Culture and Methodologies Agile Career Development Methodologies Team Management
Data Engineering AI/ML Big Data Data Databases IoT
Software Design and Architecture Cloud Architecture Containers Integration Microservices Performance Security
Coding Frameworks Java JavaScript Languages Tools
Testing, Deployment, and Maintenance Deployment DevOps and CI/CD Maintenance Monitoring and Observability Testing, Tools, and Frameworks
Partner Zones AWS Cloud
by AWS Developer Relations
Culture and Methodologies
Agile Career Development Methodologies Team Management
Data Engineering
AI/ML Big Data Data Databases IoT
Software Design and Architecture
Cloud Architecture Containers Integration Microservices Performance Security
Coding
Frameworks Java JavaScript Languages Tools
Testing, Deployment, and Maintenance
Deployment DevOps and CI/CD Maintenance Monitoring and Observability Testing, Tools, and Frameworks
Partner Zones
AWS Cloud
by AWS Developer Relations
Building Scalable Real-Time Apps with AstraDB and Vaadin
Register Now

Trending

  • Knowing and Valuing Apache Kafka’s ISR (In-Sync Replicas)
  • Alpha Testing Tutorial: A Comprehensive Guide With Best Practices
  • Designing a New Framework for Ephemeral Resources
  • Integrating AWS With Salesforce Using Terraform

Trending

  • Knowing and Valuing Apache Kafka’s ISR (In-Sync Replicas)
  • Alpha Testing Tutorial: A Comprehensive Guide With Best Practices
  • Designing a New Framework for Ephemeral Resources
  • Integrating AWS With Salesforce Using Terraform
  1. DZone
  2. Testing, Deployment, and Maintenance
  3. Deployment
  4. Service Mesh: The Next Step to Kubernetes in the Era of Microservices

Service Mesh: The Next Step to Kubernetes in the Era of Microservices

Service mesh is the next logical step for combining microservices and cloud native computing. Check out the benefits of service meshes here.

manvi garg user avatar by
manvi garg
CORE ·
Updated Jun. 29, 20 · Analysis
Like (13)
Save
Tweet
Share
16.67K Views

Join the DZone community and get the full member experience.

Join For Free

Often designed as a group of distributed microservices running in containers, cloud-native applications are better known as containerized applications. Increasingly, the containerized applications are Kubernetes-based, Kubernetes being the de-facto standard for container orchestration. But the exponential growth in microservices makes it quite challenging to find out how to enforce and standardize routing between multiple services, encryption, authentication and authorization, as well as load balancing within a Kubernetes cluster. Building on service mesh helps to tackle these challenges. Like containers abstract away the operating system from the application, a service mesh abstracts away how inter-process communications are tackled.

What Is a Service Mesh?

A service mesh refers to a dedicated infrastructure layer for tackling service-to-service communication. It enables reliable delivery of requests through the complex topology of services constituting a modern, cloud native application. Practically, the service mesh implements as an array of lightweight network proxies deployed alongside application code. In other words, it is made up of sidecar proxies attached to all the pods in an application. The concept of the service mesh in terms of a distinct layer is connected to the growth of the cloud native application. Remember service-to-service communication is not only complex, but a fundamental aspect of runtime behavior and ubiquitous. Managing it is crucial to assure end-to-end performance and reliability.

Service meshes handle functions outside of Kubernetes’ role, including security, routing, and observability. If you are an organization that needs to achieve a centralized control, that’s the only way to guarantee internal governance policies are well-enforced by the centralized platform team.

Let us now see how enterprises get effective control over security, routing or load balancing, and observability by employing a service mesh, along with Kubernetes.

Security

Security is the primary concern for using a service mesh. It assures that encryption and granular access control rules are practiced throughout the organization, in a way they are centrally controlled. The ability to control east-west and north-south traffic makes for a better security posture than simply controlling one, or the other.

Improved Transparency

It isn’t easy to follow the complex flow of traffic behavior within an unclear and dense cloud-native environment. Messages take a winding path through the topology, moving between the infrastructure layers and transitioning from pod to pod on a unique track. This is where service mesh brings transparency to the way application modernization services are delivered. You can thus track their behavior effectively.

Enhanced Security

With an increase in microservices, there is a rise in network traffic parallelly. This makes it easier for hackers to break into the flow of communication. Service mesh thus secures interactions within the network by providing for a mutual Transport Layer Security (TLS) as a full-stack solution for authenticating services, enforcing security policies, and encrypting traffic between services.

Encryption

Solid encryption emerges to be a strong pillar of network security due to increased communication between microservices. There should be management of keys, certificates, and TLS configuration for continuous encryption, and service mesh does that. The user no longer needs to execute encryption or manage certificates. Besides, service mesh offers policy-based authentication to establish mutual TLS configuration between two services for safe service-to-service encrypted communication and end user authentication.

Routing

In addition to security and observability (that is discussed further), enterprises use a service mesh to help control load balancing and routing. Intelligent routing controls the flow of traffic and then there is API calling between services. Due to its ability to control traffic, service mesh aids to execute blue and green deployments and safely rollout new application upgrades without any type of service interruption. In the absence of a service mesh, the responsibility to manage layer seven routing and load balancing is on the application developer.

A service mesh can make changes to security, observability, or routing rules at a fleet level. Anything that is controllable by the side-car proxy can easily be changed for many services by a central team, whereas there’s no way to make changes fleet-wide through Kubernetes alone.

Observability

Though Kubernetes help to maintain the health of your pod and enable the CPU memory utilization of your pods and nodes, it doesn’t tell the customer who deployed their app and how the app is performing. This is the major thing infrastructure people look for. A service mesh, on the other hand, improves observability into distributed services with its capabilities into service-level visibility, tracing, and monitoring. It acts as a great means to provide useful information on what is happening at the application level. It brings visibility to the application layer, much beneath layer three and four, allowing businesses to learn about the health of each service and the health of the application overall.

You can troubleshoot and alleviate incidents with better visibility. If one service in the architecture behaves like a bottleneck, service mesh enables you to easily break the circuit to failed services, thus disabling non-functioning replicas, while keeping the API responsive.

Have You Gone the Service Mesh Way?

Being a critical component of the cloud native stack, the service mesh is the dashboard for microservices architecture (MSA) that enables you to troubleshoot issues, rate limits, administer traffic policies, and test new code. Service mesh is known to be the hub for supervising, tracing, and controlling the interactions between all services – how they are connected, the way they perform, and are secured.

microservice Kubernetes application

Opinions expressed by DZone contributors are their own.

Trending

  • Knowing and Valuing Apache Kafka’s ISR (In-Sync Replicas)
  • Alpha Testing Tutorial: A Comprehensive Guide With Best Practices
  • Designing a New Framework for Ephemeral Resources
  • Integrating AWS With Salesforce Using Terraform

Comments

Partner Resources

X

ABOUT US

  • About DZone
  • Send feedback
  • Careers
  • Sitemap

ADVERTISE

  • Advertise with DZone

CONTRIBUTE ON DZONE

  • Article Submission Guidelines
  • Become a Contributor
  • Visit the Writers' Zone

LEGAL

  • Terms of Service
  • Privacy Policy

CONTACT US

  • 600 Park Offices Drive
  • Suite 300
  • Durham, NC 27709
  • support@dzone.com

Let's be friends: