With the growing adoption of cloud-based microservices deployments, organizations are hosting multiple services across several clusters. And for this reason, deploying and managing multiple workloads across different clusters has become a complicated task and involves several challenges related to customer experience and application reliability. So, it is important that DevOps teams use the right tools to automate deployment plans to minimize risk to the product and customer experience. For this, several service mesh tools are available with advanced deployment strategies. These service mesh tools also provide synchronization with web communication standards, adapted to varying security protocols, and offer better management. Here are some lesser-known Kubernetes service mesh tools.
Consul, a service mesh solution, has a full-featured control plane. It was first released in 2014 and developed by HashiCorp. This service mesh can be installed and configured on an existing Kubernetes cluster. Its latest version is 1.9.5 that was released on April 15, 2021.
It offers service configuration, discovery, and segmentation features. Users can use these features individually, or they can use them together to build a full-service mesh. It can help manage and control distributed data planes, providing a reliable and scalable mesh. It also supports proxy and native integration models. It comes along with a simple and readily usable built-in proxy. Additionally, it supports third-party proxy integrations (for example, Envoy) as well.
The key features of Consul are health checking, service discovery, KV store (to store key-value pairs), multi-datacenter, and secure service communication. The mesh service is friendly for both application developers and the DevOps community, making it an ideal choice for organizations.
The service comes in three price modes: the first is open-source (a free version), the second is Managed Consul (from $0.027/hour), and the third is Enterprise that comes with custom deployment, so the price varies. Moreover, all three price models come with a different set of features.
Autopilot is a toolkit and SDK used for deploying and developing service mesh operators. It is developed by Solo.io, a service connectivity company. This service was launched in late-2019. The service allows its users to automate the service mesh interface for chaos experimentation, adaptive security, canary automation, and more.
This service builds and deploys Operators. These can be run against a remote or local Kubernetes cluster installed with a Service Mesh. The code and libraries generated by Autopilot allow users to easily automate monitoring and configuration of a service mesh and other infrastructure resources with Kubernetes Operator. In addition, it also provides generated code, primitives, and helper functions, which can interact with other service meshes. It is open-source and leverages libraries from several Kubernetes projects, including Flagger (a mesh operator that deploys canaries), Controller Runtime (libraries for building k8s controllers), and Operator Framework (an SDK for building generalized K8s Operators).
The project intends to support the majority of DevOps workflows constructed on top of Kubernetes+Service mesh.
Open Service Mesh (OSM) is an open-source service mesh created by Microsoft that supports the Kubernetes environment. It is a cloud-native service mesh that allows users to manage and secure service meshes consistently. It also offers out-of-the-box observability features for dynamic microservice environments.
OSM operates as an Envoy-based control plane on Kubernetes. It could be configured with Service Mesh Interface (SMI) APIs. It works by injecting an Envoy proxy into every instance of the application. The proxy can help in capturing routing configuration metrics and execute rules around access control policies. To ensure that policies and routing rules are updated and that proxies are working, the control plane keeps configuring the proxies continuously. Additionally, it offers a simplified configuration of ‘traffic shifting’ for faster deployments. It also provides secure service-to-service communication by facilitating mTLS. It can help in defining and executing fine-grained access control policies for services. It also provides a mechanism to monitor application metrics for debugging and analytical services. It also offers integration with outside certificate management services or solutions with a pluggable interface. It allows automatic insertion of new applications onto the mesh via Envoy proxy.
In September 2020, the OSM project, backed by Microsoft, was accepted to enter the CNCF as a sandbox project. This is considered as Microsoft’s response against Google’s open-source culture, and it is thought to be the base for further collaborative work around multi-cloud interoperability to be leveraged by Microsoft for its cloud offerings.
Layer5 is a service mesh company and a worldwide community that offers a large collection of service mesh projects. The community creates and maintains several projects that focus on the service mesh-centric capabilities in a cloud-based environment.
The key projects operating under the Layer5 community include:
Meshery: Multi-service mesh management plane that allows users to manage the lifecycle of several types of service meshes.
Service Mesh Landscape: Collection of several prominent service mesh projects and offerings, including Linkerd, Istio, Consul, NGINX Service mesh, and Network service mesh, providing a comparison of their strengths.
Service Mesh Performance: Vendor-agnostic specification that can be used to create a performance index. It can help capture detailed information about the environment and infrastructure, service mesh, configuration, and service/application, and then provide statistical analysis of the results.
Image Hub: Demo application that works on Consul and allows WebAssembly modules to be used as Envoy Filters.
Meshery Operator: Multi-service mesh operator that works as Kubernetes controller manager. It can manage the lifecycle of all the meshery components deployed across the cluster.
Learn Layer5: Sample application for learning service mesh. It also provides an SMI Conformance testing environment.
Service Mesh Interface Conformance: Allows for testing the conformance of all participating service mesh projects and also tests their capabilities and compliance status.
GetNightHawk: Layer 7 performance characterization tool.
All of the projects offered by the Layer5 community are open-source and can be used, downloaded, or shared by any individual.
Kuma is an open-source service mesh that provides support for multiple environments across clouds, such as Kubernetes and virtual machines. It was created by Kong, and it was recently added to CNCF as a Sandbox project. Moreover, Kuma is production-ready, and it is still under active development.
The Kuma is a simple yet powerful service mesh. It simplifies the overall process of running a service mesh on every organization with very distinct capabilities such as multi-mesh support, multi-zone support with an intuitive learning curve. It is being used by enterprises worldwide to support distributed service meshes, allowing application teams to work on both VMs and Kubernetes. It has wide universal workload support. It also provides native support for Envoy as its data plane proxy technology. Moreover, it does not require users to have expertise in Envoy. It provides L4-L7 service discovery, routing, connectivity, observability, and security across any service on any platform, including databases.
It was added into CNCF, which operates a large number of fastest-growing open-source projects. Users that need enterprise-level support for Kuma can visit the enterprise offerings page.
Kubernetes service mesh tools: A boon for developers
A service mesh works as an infrastructure layer for the existing environment and facilitates communication between API-powered microservices while increasing security. A proper mesh implementation removes the additional burden from individual services and allows developers to code their applications one by one while DevOps oversees the mesh. In addition, the service meshes have become more capable in recent years and are helping DevOps and application developers a lot. With these open-source service mesh tools, organizations will feel encouraged to look for new ways to operationalize the networking aspect of their microservices development.
Featured image: Pixabay