updated all sub-headers to sentence case
This commit is contained in:
Karl Cardenas
parent
3665e95f99
commit
fa3ac98bf7
|
|
@ -11,7 +11,7 @@ description: >-
|
||||||
A _service mesh_ is a dedicated network layer that provides secure service-to-service communication within and across infrastructure, including on-premises and cloud environments.
|
A _service mesh_ is a dedicated network layer that provides secure service-to-service communication within and across infrastructure, including on-premises and cloud environments.
|
||||||
Service meshes are often used with a microservice architectural pattern, but can provide value in any scenario where complex networking is involved.
|
Service meshes are often used with a microservice architectural pattern, but can provide value in any scenario where complex networking is involved.
|
||||||
|
|
||||||
## Benefits of a Service Mesh
|
## Benefits of a service mesh
|
||||||
|
|
||||||
A service mesh provides benefits for all organizations, ranging from security to improved application resiliency.
|
A service mesh provides benefits for all organizations, ranging from security to improved application resiliency.
|
||||||
Some of the benefits of a service mesh include;
|
Some of the benefits of a service mesh include;
|
||||||
|
|
@ -34,7 +34,7 @@ In cloud environments, the surface area for network access is much wider than th
|
||||||
In addition, traditional security practices overlook the fact that many bad actors can originate from within the network walls.
|
In addition, traditional security practices overlook the fact that many bad actors can originate from within the network walls.
|
||||||
A zero trust model addresses these concerns while allowing organizations to scale as needed.
|
A zero trust model addresses these concerns while allowing organizations to scale as needed.
|
||||||
|
|
||||||
## How does a Service Mesh work?
|
## How does a service mesh work?
|
||||||
|
|
||||||
A service mesh typically consist of a control plane and a data plane. The control plane maintains a central registry that keeps track of all services and their respective IP addresses. This activity is called [service discovery](https://www.hashicorp.com/products/consul/service-discovery-and-health-checking).
|
A service mesh typically consist of a control plane and a data plane. The control plane maintains a central registry that keeps track of all services and their respective IP addresses. This activity is called [service discovery](https://www.hashicorp.com/products/consul/service-discovery-and-health-checking).
|
||||||
As long as the application is registered with the control plane, the control plane will be able to share with other members of the mesh how to communicate with the application and enforce rules for who can communicate with each other.
|
As long as the application is registered with the control plane, the control plane will be able to share with other members of the mesh how to communicate with the application and enforce rules for who can communicate with each other.
|
||||||
|
|
@ -46,7 +46,7 @@ Many service mesh solutions employ a sidecar proxy to handle data plane communic
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
## API Gateway vs Service Mesh
|
## API gateway vs service mesh
|
||||||
|
|
||||||
An API gateway is a centralized access point for handling incoming client requests and delivering them to services.
|
An API gateway is a centralized access point for handling incoming client requests and delivering them to services.
|
||||||
The API gateway acts as a control plane that allows operators and developers to manage incoming client requests and apply different handling logic depending on the request.
|
The API gateway acts as a control plane that allows operators and developers to manage incoming client requests and apply different handling logic depending on the request.
|
||||||
|
|
@ -64,7 +64,7 @@ API gateways can be used with a service mesh to bridge external networks (non-me
|
||||||
A service mesh is primarily used for handling east-west traffic. East-west traffic traditionally remains inside a data center or a VPC.
|
A service mesh is primarily used for handling east-west traffic. East-west traffic traditionally remains inside a data center or a VPC.
|
||||||
A service mesh can be connected to another service mesh in another data center or VPC to form a federated mesh.
|
A service mesh can be connected to another service mesh in another data center or VPC to form a federated mesh.
|
||||||
|
|
||||||
## What Problems Does a Service Mesh Solve?
|
## What problems does a service mesh solve?
|
||||||
|
|
||||||
Modern infrastructure is transitioning from being primarily static to dynamic in nature (ephemeral).
|
Modern infrastructure is transitioning from being primarily static to dynamic in nature (ephemeral).
|
||||||
This dynamic infrastructure has a short life cycle, meaning virtual machines (VM) and containers are frequently recycled.
|
This dynamic infrastructure has a short life cycle, meaning virtual machines (VM) and containers are frequently recycled.
|
||||||
|
|
@ -87,13 +87,13 @@ As a result, network administrators have to open up network ranges to permit net
|
||||||
An operator defines a policy that only allows _service A_ to communicate with _service B_. Otherwise, the default action is to deny the traffic.
|
An operator defines a policy that only allows _service A_ to communicate with _service B_. Otherwise, the default action is to deny the traffic.
|
||||||
This shift from an IP address-based security model to a service-focused model reduces the overhead of securing network traffic and allows an organization to take advantage of multi-cloud environments without sacrificing security due to complexity.
|
This shift from an IP address-based security model to a service-focused model reduces the overhead of securing network traffic and allows an organization to take advantage of multi-cloud environments without sacrificing security due to complexity.
|
||||||
|
|
||||||
## How Do You Implement a Service Mesh?
|
## How do you implement a service mesh?
|
||||||
|
|
||||||
Service meshes are commonly installed in Kubernetes clusters. There are also platform-agnostic service meshes available for non-Kubernetes-based workloads.
|
Service meshes are commonly installed in Kubernetes clusters. There are also platform-agnostic service meshes available for non-Kubernetes-based workloads.
|
||||||
For Kubernetes, most service meshes can be installed by operators through a [Helm chart](https://helm.sh/). Additionally, the service mesh may offer a CLI tool that supports the installation and maintenance of the service mesh.
|
For Kubernetes, most service meshes can be installed by operators through a [Helm chart](https://helm.sh/). Additionally, the service mesh may offer a CLI tool that supports the installation and maintenance of the service mesh.
|
||||||
Non-Kubernetes based service meshes can be installed through infrastructure as code (IaC) products such as [Terraform](https://www.terraform.io/), CloudFormation, ARM Templates, Puppet, Chef, etc.
|
Non-Kubernetes based service meshes can be installed through infrastructure as code (IaC) products such as [Terraform](https://www.terraform.io/), CloudFormation, ARM Templates, Puppet, Chef, etc.
|
||||||
|
|
||||||
## What is a Multi Platform Service Mesh?
|
## What is a multi platform service mesh?
|
||||||
|
|
||||||
A multi-platform service mesh is capable of supporting various infrastructure environments.
|
A multi-platform service mesh is capable of supporting various infrastructure environments.
|
||||||
This can range from having the service mesh support Kubernetes and non-Kubernetes workloads, to having a service mesh span across various cloud environments (multi-cloud and hybrid cloud).
|
This can range from having the service mesh support Kubernetes and non-Kubernetes workloads, to having a service mesh span across various cloud environments (multi-cloud and hybrid cloud).
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue