Three Myths about Service Mesh: Service Mesh Day Remarks from Tetrate CEO Varun Talwar
Tetrate CEO Varun Talwar kicked off Service Mesh Day, the first ever industry conference on service mesh, with a few words about what had brought the standing-room-only crowd, from a variety of organizations and industries, together.
From the 10,000-foot view, compute density is growing. Users need more compute, network and storage capacity. The shift to microservices and containers has enabled organizations to keep growing with necessary speed, but has opened the door to the networking problems encapsulated by the well-known eight fallacies of distributed computing.
Enter service mesh.
“The way we think of service mesh is an application-aware networking layer,” said Talwar. “And when I say applications, I mean everything. I don’t just mean containers. I mean, brownfield, greenfield applications on containers, virtual machines, bare metal and serverless functions.”
Talwar welcomed an amazing lineup of conference speakers. They included service mesh stalwarts like Envoy creator Matt Klein, Eric Brewer, the VP of infrastructure at Google Cloud, Larry Peterson, CTO of the Open Networking Foundation, who would talk about how modern networking is moving to the application layer, as well as end users from organizations like Yelp, Square, Salesforce, ING and more who are deploying Envoy and thinking about app security rather than perimeter security and services, rather than servers. Cloud providers like Nick Coult (AWS) and Prajakta Joshi (Google Cloud) would describe how they’re putting in policy-based mesh into public cloud environments to control traffic. Check out the full playlist.
But before the kicking off the agenda, Talwar sought to set straight a few myths about service mesh:
Myth #1: You do service mesh after Kubernetes.
Users can use mesh to containerize and go from VM to containers, as Tetrate engineer Dhi Aurrahman, with Prajakta Joshi, would later describe.
Myth #2: Service mesh only works in containers.
Service mesh can work equally well on VM and containers. This would be the topic of a session on Istio and Envoy for VM and Kubernetes Workloads presented by Tetrate’s Shriram Rajagopalan.
Myth #3: Service mesh is hard to adopt.
Adopters tend to begin using service mesh in a three-step journey. Most people are starting from ingress, because it’s less complex than taking it all the way into individual services. Second, users will take requests from ingress all the way to an actual sidecar, or running workload, in what’s often called east-west traffic management. And in step three, they introduce security from ingress to the running workload.
Tetrate’s offerings tame the complexities of service mesh adoption. GetEnvoy provides organizations with certified, compliant builds of Envoy. Without peace of mind and confidence about security compliance and the ability to upgrade, companies won’t get close to putting Envoy into production. Apache SkyWalking, founded by Tetrate engineer Sheng Wu, an APM and observability tool that’s widely adopted in China, integrates with service mesh and answers the need for operators to have a unified and meaningful map of their entire network’s performance. And the newly announced Tetrate Q adopts Next Generation Access Control (NGAC) for the multi-cloud world, to be described in an NGAC session with David Farraiolo of NIST and Tetrate Engineer Ignasi Barrera.
Service Mesh Day was organized by Tetrate and sponsored by Google Cloud, Juniper Networks, Capital One, Cloud Foundry, AWS, the Cloud Native Computing Foundation, the Open Networking Foundation (ONF) and the OpenStack Foundation.