The capabilities service meshes offer are straightforward of Kubernetes clusters and microservices. However, service meshes’ underlying mechanics and how they work, and more importantly, how and when they can benefit DevOps, are less apparent.
In this episode of The New Stack Makers podcasts, we spoke with IBM’s Lin Sun, whose official title is a senior technical staff member and “master inventor,” for a comprehensive overview on what service meshes are, for those who may not be completely familiar with the topic, may have some familiarity and want to know more or want to learn about emerging use cases.
Sun’s expertise in service meshes largely draws upon her role as an Istio project maintainer and is also on the Istio Steering Committee and Technical Oversight Committee.
Sun’s IBM title as “master inventor” may sound unusual, or especially, “really cool,” as Sun describes it. But at IBM, the status as “master inventor” represents specific merits those who hold the title must first attain.
“‘Master inventor’ is a title for someone who demonstrates the mastery of the IBM inventor process and is able to mentor other people to be successful in the invention process, and to be able to be productive yourself,” Sun said. Among the other requirements, a “master inventor” must also first file about a dozen patents and to have at least one issued patent, Sun said. You must also have worked with a “review board to review incoming patent disclosures on behalf of IBM,” Sun said.
All told, Sun holds more than 150 patents issued with USPTO. So, in other words, Sun is well-positioned to describe technologies and is particularly well-suited as a thought leader to discuss what service meshes are and how they work.
Istio is “fundamentally is a service mesh,” Sun said. It provides three key capabilities, including allowing the user to secure their microservices, to connect their microservices and thirdly, to “observe what’s really going on within their microservices,” Sun said.
Sun thinks of Istio as providing users with a “storage box for their “microservices as a room.” “The microservices are more kind of like a room in a hotel or in your house. Istio provides a storage box to allow users to abstract the key functions that needs to secure communication of microservices, to be able to connect microservices and to be able to observe microservices and delegate that function to be done by the storage box that sits next to your room,” Sun said. “So, Istio really helps the user to really trust that storage box to do the right thing and to delegate these key functions to the storage box. And so, every single microservice running with that storage box, — which is commonly called a ‘sidecar proxy’ — still also exposes APIs the user to allow the user to easily program that storage box for each of the microservices in a mesh.”
Service meshes must also continue to improve, of course, if they are to live up to their promise. Following the release of Istio 1.5 in March, for example, multiple control plane components were consolidated into a single binary. A new proxy server extension model was also added, with improvements in overall functionality, security, telemetry and traffic control, the Istio authors said in a statement.
A number of components, such as a sidecar injector, have been thus folded into a single control plane component in Istio 1.5, Sun said. “This provides multiple interesting aspects,” Sun said.
Feature image via Pixabay.