github.com/cilium/cilium@v1.16.2/Documentation/network/servicemesh/index.rst

github.com/cilium/cilium@v1.16.2/Documentation/network/servicemesh/index.rst (about)

     1  .. only:: not (epub or latex or html)
     2  
     3      WARNING: You are looking at unreleased Cilium documentation.
     4      Please use the official rendered version released here:
     5      https://docs.cilium.io
     6  
     7  .. _servicemesh_root:
     8  
     9  ************
    10  Service Mesh
    11  ************
    12  
    13  What is Service Mesh?
    14  #####################
    15  
    16  With the introduction of distributed applications, additional visibility,
    17  connectivity, and security requirements have surfaced. Application components
    18  communicate over untrusted networks across cloud and premises boundaries,
    19  load-balancing is required to understand application protocols, resiliency is
    20  becoming crucial, and security must evolve to a model where sender and receiver
    21  can authenticate each other’s identity. In the early days of distributed
    22  applications, these requirements were resolved by directly embedding the
    23  required logic into the applications. A service mesh extracts these features out
    24  of the application and offers them as part of the infrastructure for all
    25  applications to use and thus no longer requires to change each application.
    26  
    27  Looking at the feature set of a service mesh today, it can be summarized as follows:
    28  
    29  - **Resilient Connectivity**: Service to service communication must be possible across
    30    boundaries such as clouds, clusters, and premises. Communication must be
    31    resilient and fault tolerant.
    32  - **L7 Traffic Management**: Load balancing, rate limiting, and resiliency must be
    33    L7-aware (HTTP, REST, gRPC, WebSocket, …).
    34  - **Identity-based Security**: Relying on network identifiers to achieve security is
    35    no longer sufficient, both the sending and receiving services must be able to
    36    authenticate each other based on identities instead of a network identifier.
    37  - **Observability & Tracing**: Observability in the form of tracing and metrics is
    38    critical to understanding, monitoring, and troubleshooting application stability,
    39    performance, and availability.
    40  - **Transparency**: The functionality must be available to applications in a
    41    transparent manner, i.e. without requiring to change application code.
    42  
    43  .. admonition:: Video
    44    :class: attention
    45  
    46    If you'd like a video explanation of Cilium's Service Mesh implementation, check out `eCHO episode 27: eBPF-enabled Service Mesh <https://www.youtube.com/watch?v=nJT0ASbGLvs>`__ and `eCHO episode 100: Next-gen mutual authentication in Cilium <https://www.youtube.com/watch?v=BWjDlynXhzg>`__.
    47  
    48  Why Cilium Service Mesh?
    49  ########################
    50  
    51  Since its early days, Cilium has been well aligned with the service mesh concept
    52  by operating at both the networking and the application protocol layer to provide
    53  connectivity, load-balancing, security, and observability. For all network
    54  processing including protocols such as IP, TCP, and UDP, Cilium uses eBPF as the
    55  highly efficient in-kernel datapath. Protocols at the application layer such as
    56  HTTP, Kafka, gRPC, and DNS are parsed using a proxy such as Envoy. 
    57  
    58  .. toctree::
    59     :maxdepth: 3
    60     :glob:
    61  
    62     ingress
    63     gateway-api/gateway-api
    64     gateway-api/gamma
    65     ingress-to-gateway/ingress-to-gateway
    66     istio
    67     mutual-authentication/mutual-authentication
    68     l7-traffic-management