As businesses strive to rapidly build and release new applications and functionalities to market, microservices are becoming a key part of the enterprise application roadmap. Containerization technologies such as Docker and Kubernetes have made microservices architectures easier to use and thus more popular and widely accepted.
Adopting a microservices architecture offers many business benefits, including scalability, resiliency, flexibility and modularity. However, as the services begin to scale, the architecture grows more complex and difficult to manage.
While microservices can scale up and down with demand, the service dependencies make it challenging to find performance issues within the environment. When one service is overloaded, it might take hours to identify the problem. Service discovery becomes even more complex in cloud environments, where the services are spread across multiple availability zones and are deployed on containers, accompanied by automated application deployment.
Although there’s a high level of autonomy for building applications and releasing software, service discovery becomes challenging when the new services are deployed and when auto-scaling is triggered, as the infrastructure is immutable.
As the applications are decoupled into smaller services, it increases the risk of attack to the application, data, platform and network. This makes it more challenging to authenticate and secure the communication among these services.
Addressing Microservices Challenges with Service Mesh
An increasingly popular way to address these challenges is with a service mesh, a dedicated infrastructure layer that abstracts the application from the network and helps provide transparency of network communication between the services. The service mesh acts as a sort of proxy that lives along with the microservices and helps with discovery, load balancing, security and in-depth telemetry across the microservices.
As represented in the diagram, the two components in the service mesh topology are the control plane and the data plane. The data plane manages the communication between the services through a proxy or a sidecar, and this proxy runs along with each service. The proxy takes care of service discovery, load balancing, circuit breaking, tracing etc. Deployment and configuring of the data plane is done through the control plane.
Simplifying Microservices Complexities
We helped a leading retail chain in the U.S. successfully implement a service mesh for its microservices environment. The retailer had multiple microservices deployed across multiple Kubernetes clusters. With the implementation of service mesh, the business achieved greater control over traffic between services, which helped it perform dynamic request routing for canary releases.
Additionally, when a new service is released, 5% of the traffic is released to production initially, and after monitoring the service, the remaining traffic is incrementally released. This helped the business reduce the rate of production errors.
Istio, Linkerd, Consul and SuperGloo are some of the most popular service mesh implementations used in production systems, especially in Kubernetes deployments. These tools offer in-depth visibility and telemetry to the golden signals for web services, as well as security, by giving each service a strong identity-based role and enabling encryption. They also ensure proper decoupling between development and operations, allowing operations teams to change the behavior of the system without actually changing the source code. Ops teams can also change the circuit-breaking policies, redirect traffic, run canary deployments and more.
As the volume of microservices grows, the complexity of the environment also increases, making manageability a key challenge. In such instances, service mesh is the best choice for making microservices manageable.
Sriram Malireddy, Senior Infrastructure Architect at Cognizant, contributed to this blog. He can be reached at Sriram.Malireddy@cognizant.com.
Subscribe to our newsletter and get expert insights straight to your inbox.×
SUBSCRIBE TO OUR NEWSLETTER✖
Thanks for your interest in Digitally Cognizant.
To complete the subscription process, please click the link in the email we just sent you.