Red Hat Creates Service Mesh for OpenShift
Red Hat is unveiling its own service mesh for OpenShift version 4, its hybrid cloud enterprise Kubernetes platform.
A service mesh typically runs as a sidecar as a communication layer between services for microservices-based application architectures. It handles traffic management, policy enforcement and service identity and security.
“We have taken the upstream Istio and written an Operator that handles the deployment and management of Istio itself. With the upstream version, you have to run all the sidecar containers with an escalated level of privilege — the Kubernetes equivalent of running things as a root user,” explained Brian “Redbeard” Harrington, principal product manager at Red Hat.
“OpenShift Service Mesh, through having the Operator there and a CNI (container networking interface) plugin we wrote, you can run Istio and bring up those sidecar components without providing additional privileges to the application components of Istio itself,” he added.
Its features include:
- Tracing and measurement: using Jaeger, developers can track a request between services from start to finish.
- Visualization and observability: Kiali enables users to view the topology of the service mesh and to observe how services interact.
- Integrated API Gateway: when deployed with Red Hat 3Scale to simplify North-South traffic flow between application endpoints and the service backend.
- “One-click” Service Mesh installation and configuration via the Service Mesh Operator and an Operator Lifecycle Management framework.
The company created its own version primarily around making deployment easier, but it also provides a little more opinionated (i.e. makes more assumptions about typical configuration settings) than the upstream components do, Harrington said.
“We found in early testing that for users that were going to be installing Istio, that as soon as they started deploying applications to Istio, because of the sidecars and because the application components could be deployed on dozens of different nodes, users that were used to using a traditional Java stack and the built-in debugging tools that were able to look into that single application server have the same visibility when it was run atop Kubernetes or service mesh,” he said.
“So that’s why we made the opinionated choice of integrating Jaeger in with Istio so that a user didn’t have to learn two weeks into deploying a service mesh that they were going to need more components, then have to rip it out and redo it,” he said.
Because it’s coordinating the installation of all those components together, it can set them all up together at the same time and know that they’ll be configured correctly, he said.
“We want to make sure that users are ready to go as soon as they install the software and don’t have the same barriers to entry of having to understand all the nuances of every open source project just to get started,” he said.
Red Hat has been working on Service Mesh for the past year. Its work with the Operator includes the ability to push updates down to all the components automatically as a service.
“We wanted to make sure that, because OpenShift can run on any cloud platform, that when you deploy Service Mesh, that it was portable across compute environments so you could decide you wanted to run it on-premise, or you could decide you wanted to run it on AWS,” he said.
He finds Kiali one of the more interesting components.
“Especially for users just starting out who don’t know what they don’t know, giving them a graphical user interface, they can visualize all the applications that they’re running in Service Mesh, see connections between those applications, know which pieces are attempting to talk to each other, so they can better control the communication between those applications,” he said, adding that Kiali has driven a lot of the decisions around the design.
Responding to criticism that OpenShift brings everything and the kitchen sink, the work on OpenShift version 4 has included decomposing it a little bit, enabling users to pull in only the components they want. Providing more flexibility is the direction OpenShift is going, he said.
Red Hat is a sponsor of The New Stack.
Feature image via Pixabay.