Service Mesh 개요

서비스메시는 무엇이고 왜 필요한가?

마이크로서비스에서 애플리케이션간의 네트워크를 의미.

서비스메시는 규모와 복잡성이 커지면 이해하고 관리하기가 더 어려워집니다.

또한 디스커버리, 로드밸런싱, 장애복구, 메트릭 및 모니터링이 필요합니다. A/B 테스팅, 카나리배포, 속도 제한, 엑세스 제어 및 종단간 인증과 같은 복잡한 운영 요구사항도 있습니다.

Istio는 서비스메시 전반의 통찰력과 운영 제어를 제공하여 마이크로서비스 애플리케이션의 다양한 요구 사항을 충족하는 완벽한 솔루션을 제공합니다. 서비스 네크워크 전반에 아래와 같은 주요 기능을 제공합니다.

• 트래픽 관리(Traffic Management) : 서비스 간 트래픽 및 Control the flow of traffic and API calls between services, make calls more reliable, and make the network more robust in the face of adverse conditions.
• 관찰가시성(Observability). Gain understanding of the dependencies between services and the nature and flow of traffic between them, providing the ability to quickly identify issues.
• Policy Enforcement. Apply organizational policy to the interaction between services, ensure access policies are enforced and resources are fairly distributed among consumers. Policy changes are made by configuring the mesh, not by changing application code.
• Service Identity and Security. Provide services in the mesh with a verifiable identity and provide the ability to protect service traffic as it flows over networks of varying degrees of trustability.

In addition to these behaviors, Istio is designed for extensibility to meet diverse deployment needs:

• Platform Support. Istio is designed to run in a variety of environments including ones that span Cloud, on-premise, Kubernetes, Mesos etc. We’re initially focused on Kubernetes but are working to support other environments soon.
• Integration and Customization. The policy enforcement component can be extended and customized to integrate with existing solutions for ACLs, logging, monitoring, quotas, auditing and more.

These capabilities greatly decrease the coupling between application code, the underlying platform, and policy. This decreased coupling not only makes services easier to implement, but also makes it simpler for operators to move application deployments between environments or to new policy schemes. Applications become inherently more portable as a result.

 

 

What is Traffic?

Using Istio’s traffic management model essentially decouples traffic flow and infrastructure scaling, letting operators specify via Pilot what rules they want traffic to follow rather than which specific pods/VMs should receive traffic - Pilot and intelligent Envoy proxies look after the rest. So, for example, you can specify via Pilot that you want 5% of traffic for a particular service to go to a canary version irrespective of the size of the canary deployment, or send traffic to a particular version depending on the content of the request.

 

원문: https://learn.openshift.com/servicemesh/1-introduction