VMware sponsored this podcast.
The advent of service meshes can be traced back to Linkerd, a Cloud Native Computing Foundation (CNCF) project. Now, as Linkerd’s adoption curve continues to accelerate, a number of other options have emerged that allow for the management and scaling of an often vast network of microservices and the applications within them. Istio, of course, is among the leading alternatives.
The state of Istio and services meshes was the main topic during a panel discussion for this podcast, hosted by Alex Williams, founder and editor-in-chief of The New Stack, at KubeCon + CloudNativeCon North America 2018.
The attendees, who were also treated to a pancake breakfast during the event, were able to ask questions about service meshes and Istio to the panel of subject matter experts consisting of:
- Jason McGee, IBM fellow, vice president, CTO, IBM Cloud Platform;
- Ken Owens, vice president, digital native architecture, Mastercard;
- Jennifer Lin, director of product management, Google Cloud;
- Simon Richard, analyst, Gartner;
- Pere Monclus, vice president and chief technology officer for network and security, VMware.
The main feature of service meshes is how they serve as a framework for the early stages of a project, such as moving from monolithic to multicloud layers on microservices and remain a critical component of microservices deployments as they continue to scale. From the outset, service meshes form the basis of giving identity to microservices and understanding what the interactions between them are and facilitate attaching policy, security and other controls to them, Monclus said.
“[Service meshes] are the natural evolution in terms of how the infrastructure evolves or provides whatever the application needs. And if you see it like that, it’s essentially a continuum — it’s how do you go from what we are trying to do with automation on traditional networks to how network virtualization kind of became the solution to do that,” Monclus said. ”But now, as we go deeper in the application, how do we solve that deeper in the application? And this is what service mesh helps with.”
Istio, which IBM, Google and Lyft developed, also helps to achieve the overall goal of helping teams of software developers that write distributed systems in software and to make sure that they remain productive, Lin said. The concerns of platform governance and security and automation of the platform itself are built into the platform. “The end result is that application teams can essentially just check in code many times a day and not worry about the fact that they have different client libraries where they have to write for a certain version of the kernel — or whatever,” Lin said.
In Google’s case, that means scaling to launch an incredible number of about four billion containers a week in its production environment, Lin said. “So, I think, for many enterprises in the IT organizations, a lot of the IT teams have felt that their job is essentially to make sure that they service human middleware as new things are checked into the environment,” Lin said. “And I think what we’re trying to do is basically put a lot of what is today manual processes into essentially the software system itself.”
For IBM Cloud Platform, service meshes fulfill a key layer in the design and management of container platforms, McGee said. “Many people are trying to get to microservices-based development and want to have small teams to be able to be independent and have their own lifecycle. You then instantly get into, ‘we’ll what about all the interactions between those teams and what about the communication between them and how do I roll out new things in a seamless way?’” McGee said. “And you quickly realize you need this kind of layer, not only visibility, but control over the collection of people that are working together in this new architecture.”
Security, of course, remains a critical factor. “Everyone wants to ignore security but can’t ignore security,” McGee said. “So, the question is, how do we make it as easy as possible for developers to build secure systems without having to be deep security experts?”