A service mesh is an architectural pattern for microservices deployments. Its primary goal is to make service-to-service communications secure, fast, and reliable and is typically used within containerized environments, such as Kubernetes clusters.
They are typically implemented using the sidecar proxy pattern. A sidecar proxy is attached to each application which handles all service to service communication. It takes care of the discovery, routing, security, and monitoring of the east-west traffic. Each instance of the proxy is connected to a control plane which provides a method to manage the mesh.
The security and communication rules behind your inter-service interactions are directed through a control plane. Now, we can apply policies at the control plane level for authentication and authorization at the control plane level, which will direct sidecars to act accordingly during any inter-service network call.
Anypoint Service Mesh 101
Anypoint Service Mesh is a MuleSoft solution that provides discoverability, management, and security for any non-MuleSoft service deployed to Kubernetes into Anypoint Platform. To provide this benefit, MuleSoft works with the customers instance of Istio, a leading open-source service mesh technology, deployed on their Kubernetes cluster.
By extending Anypoint Platform to any microservice, Anypoint Service Mesh allows customers to expand their application network to any service. Mule and non-Mule customers can now:
- Discover and leverage any service in any architecture:
- Visualize microservice dependencies using the application network graph
- Maximize adoption and reuse by adding microservices to Anypoint Exchange
- Centrally manage and scale:
- Bring the power of API management to any external-facing service
- Measure and optimize performance across all microservices with API analytics
- Enable security by default:
- Ensure zero-trust with Istio and Envoy authentication and authorization policies
- Add additional layers of security for consumer facing services
Example use case:
An enterprise has several apps running on Anypoint Platform and have non-Mule microservices built by one of their API team in a line of business on Kubernetes cluster and need to govern these services.
Anypoint Service Mesh provisioned a Mule adapter, which allowed for the discovery of these non-Mule applications in Anypoint Platform. With this step, the application network extended to all services — Mule and non-Mule.
Anypoint Service Mesh helps organizations achieve consistent management, governance, and security across all services — all within Anypoint Platform
How to start using Anypoint Service Mesh
Below I will walk you through the steps to get started with Anypoint Service Mesh — including prerequisites, licensing information, and setup.
#1 Infrastructure requirements:
- One of the following environments on which to run Kubernetes:
- Google Kubernetes Engine (GKE)
- Amazon EKS
- Azure Kubernetes Service (AKS)
- Red Hat OpenShift
- Kubernetes (versions 1.12 through 1.20) or Red Hat OpenShift (version 4.x)
- Istio (currently supported versions include 1.7.x, 1.8.x, and 1.9.x)
- Your Anypoint Service Mesh installation requires the following hardware configuration at a minimum:
- CPU: 4 cores
- Memory: 8 GBs
#2 Licensing:
You require an Anypoint Service Mesh license to perform the installation in your production environment. The license that you obtain must contain the following entitlements:
- API Gateway: api-gateway
- Cluster: clustering
#3 Service mesh setup:
Anypoint Service Mesh can be configured using the command-line interface (CLI) or using the Kubernetes custom resource definition (CRD) based on your preference.
To configure Anypoint Service Mesh, you’ll need to provision the adapter, create an API, and bind the adapter to that API. Each adapter is bound to a specific namespace. Therefore, a namespace can be associated with only one adapter at any given time.
In Kubernetes, services are an abstraction on top of the applications running on a set of pods as a network service.
You configure Anypoint Service Mesh using the following three steps:
- Provision Anypoint Service Mesh Adapter.
- Create an API.
- Bind your service.
#4 Managing all APIs in Anypoint Platform:
After you configure Anypoint Service Mesh, you can manage both Mule and non-Mule applications from Anypoint API Manager, including applying policies to secure your microservices and viewing analytics about your API use.
Learn how a service mesh fits into your microservices strategy by watching our webinar.