Networking / Service Mesh

Containous Builds a Service Mesh on Its Traefik Proxy

4 Sep 2019 9:36am, by

Containous, the company behind the open source reverse proxy Traefik and Traefik Enterprise Edition, has entered the service mesh arena with the release of Maesh, a new open source service mesh, one designed to be easy to use by developers. Maesh is built using Traefik to provide proxy functionality, which Containous CEO Emile Vauge pointed to as a key distinction in an interview with The New Stack.

“If you take some traditional reverse proxy, like HAproxy or NGNIX, you are not supposed to change the configuration dynamically. If you want to add some routing or to change the configuration dynamically, you are supposed to shut down the proxy and restart it,” said Vauge. “Traefik is able to support dynamic changes in its configuration. And on top of that, it’s fully integrated with every cloud native orchestrator and tool. It’s able to connect to every cloud native tracing system, every metrics application, and every orchestrator — Kubernetes, Docker Swarm, Rancher, AWS and so on. So basically it’s a cloud native reverse proxy.”

Maesh provides a number of features based on Traefik’s feature set, including observability using OpenTracing, multiprotocol support for the HTTP and TCP layers, traffic management such as load balancing, retries and fail-overs, circuit breakers and rate limits, and security and safety with access controls, according to the company. Beyond these features, Vauge says that Maesh differs from other service meshes in its ease of implementation and use.

“We wanted to do something different from other service meshes. We wanted to do something simple and light, like Traefik. To do this, we decided to use a different architecture. With Istio, you have one Envoy instance with each application, which is a bit complex to manage when you want to deploy, for example, thousands of applications, because you’ll have thousands of reverse proxies,” said Vauge. “Instead, we wanted to use lightweight architecture with only one reverse proxy per Kubernetes node. It’s a lot easier to scale and it uses a lot less resources than Istio.”

Vauge also compares Maesh to Linkerd, noting that while Linkerd is also lightweight, the sidecar proxy it uses is less featured in comparison to the full-featured Traefik. Another point of comparison, said Vauge, is the installation — a common pain point among those trying to implement a service mesh.

“If you want to install Istio, it’s really huge to install — you have to download Istio, which is super heavy, and then it will install something like more than 10 components on your Kubernetes cluster and take a lot of resources,” said Vauge. “When you want to install Maesh, it only downloads Traefik, which is super light, and the Maesh controller, that’s it. You write just one line of code to install it, and that’s all. So it’s really super simple.”

Finally, Maesh also comes out of the gate with full support for version 2 of Traefik, which Vauge says will be out very soon, as well as full Service Mesh Interface (SMI) compliance.

“This is really important because this standard means that everybody knows already how we work. And it’s provider agnostic, so if you want to change your service mesh, it can be done easily,” said Vauge. “This means that we are able to provide some observability features, some traffic management features like canary deployments, and some safety features like access control, which is super important. All of this is done thanks to the compliance to the SMI standard.”

Feature image by xresch from Pixabay.

The New Stack is a wholly owned subsidiary of Insight Partners, an investor in the following companies mentioned in this article: Docker.