#What is kubernetes service mesh plus
Since the Istio version 1.9.1 they all, excluding Pilot, which is running in a dedicated Docker container, are built as a single binary file called istiod, plus additional Ingress and Egress Controllers. Mixer: monitoring, metrics, logs, traffic control.Galley: configuration management – validates new configs and sends them over mesh.
![what is kubernetes service mesh what is kubernetes service mesh](https://dockerarchitect.com/wp-content/uploads/2019/09/istio_service_mesh.png)
![what is kubernetes service mesh what is kubernetes service mesh](https://rafay.co/wp-content/uploads/2022/07/Screenshot-2022-07-27-at-2.30.29-AM.png)
Pilot: central controller responsible for communication with sidecars using Envoy API.Istio Control Plane inculdes for main componentes: Isitio architecture can be represented as the following diagram: Control plane (“control layer”): manages and configures sidecars, aggregates monitoring metrics, TLS certificates management.
![what is kubernetes service mesh what is kubernetes service mesh](https://image.slidesharecdn.com/sysdigsolosecuringandtroubleshootingkubernetesandservicemeshenvironments-191003173514/95/securing-and-troubleshooting-kubernetes-and-service-mesh-9-638.jpg)
Those sidecars links and controls traffic between applications, collects and sens metrics Data plane (“a data layer”): contains a collection of proxy services represented as sidecar containers in each Kubernetes Pod, using an extended Envoy proxy server.
![what is kubernetes service mesh what is kubernetes service mesh](https://www.stackovercloud.com/wp-content/uploads/2020/03/KIC-gRPC.png)
So, Istio as a service mesh consists of two main parts – the Data plane and Control plane: They are used for new applications discovery, encryption keys management, metrics collection and aggregation, and so on.Ī service mesh can be displayed as such a scheme:Īmong many Service mesh solutions I’d mention the followings: Together those sidecar containers are known as a Data Plane.įor their configuration and management, there is another process group called Control Plane. Service mesh performs a new applications/services discovery, load-balancing, authentication, and traffic encryption.įor the traffic control in a service mesh for each application or in the case of Kubernetes for each pod, a proxy service called sidecar is started alongside the application. As a proxy service there can be systems like NGINX, HAProxy, or Envoy, working on the Network OSI Layer 7, that allows for dynamic traffic control and applications communication configuration. Essentially, it’s a proxy-services manager.