Announcing Aspen Mesh 1.4 Service Mesh

Announcing Aspen Mesh 1.4

We’re excited to announce the release of Aspen Mesh 1.4 which is based on Istio’s latest LTS release 1.4 (specific tag 1.4.3). The Aspen Mesh 1.4.3 release builds upon our latest 1.3 release along with our new Secure Ingress API, that we will be writing about in detail in a blog soon to follow, alongside the new capabilities of Istio 1.4.

Our Open Source Commitment

Aspen Mesh has been heavily involved with the Istio community for this release. A core value of Aspen Mesh is to help drive adoption of Istio. Our Istio Vet tool was the the first tool created to help analyze configuration issues and it is great to have this capability within the core open source project by using istioctl analyze. Aspen Mesh is committed to helping our customers and the larger Istio community as we will continue to add analyzers in the future based on issues that arise.

For 1.4, we are also pleased that we could help the community create istio-client-go, allowing the open source community to programmatically use and extend the Istio APIs in their software. We have deprecated the widely adopted Aspen Mesh version of our istio-client-go in favor of the the community’s version.

Automatic mTLS

Automatic mTLS is a feature that Aspen Mesh is eager about enabling in the future, but for now is disabled in upstream Istio as it is in our supported release. We are strong advocates of using mTLS for service-to-service communication, but users adopting Istio will sometimes encounter issues and will need to debug mTLS in their service mesh.

Mixer-less Telemetry

Mixer-less telemetry moves from an experimental feature into alpha in Istio 1.4. Aspen Mesh is working with the open source community to ensure feature parity with Mixer during this state of transition, however, we continue to support Istio Mixer at this time. Please see our announcement of Aspen Mesh 1.3 to see the importance of this feature.

Istio Authorization Policies

With policy being a key reason why our customers are adopting Istio, the new Authorization Policy is a step towards simplifying Policy. Istio continues to improve their APIs to better achieve a simplified model of service mesh configuration. Stay tuned for future blogs as Aspen Mesh is a strong proponent of this model.

istioctl

Along with the new analysis capabilities referenced above, istioctl also has the capability to help users with installation and upgrade along with a new experimental capability to wait for configuration to be passed to all proxies within your service mesh. At this time, we believe Helm provides the enterprise with the best way to manage deploying Istio into production, but we are always exploring and evaluating new approaches to managing your Istio deployment.

Analyzers included in Istio 1.4 help ensure that Gateways are configured properly, features that are being deprecated in Istio that are being used are given a warning message, and that all pods containing sidecars have the same, expected version of Envoy running. These are only some of the analyzers included and more information can be found here. Some of the work from Aspen Mesh’s Istio Vet was able to be ported to istioctl with the community’s help. We intend to continue porting any capabilities found in istio-vet into istioctl.

The Aspen Mesh 1.4 binaries are available for download here


Top 3 Service Mesh Developments in 2020

In 2019, we saw service mesh move beyond an experimental technology and into a solution that organizations are beginning to learn is an elemental building block for any successful Kubernetes deployment. Adoption of service mesh at scale, across companies large and small, began to gain steam. As the second wave of adopters watched the cutting edge adopters trial and succeed with service mesh technology, they too began to evaluate service mesh to address the challenges Kubernetes leaves on the table. 

In tandem with growing adoption of service mesh, 2019 offered a burgeoning service mesh market. Istio and Linkerd keep chugging along, and the tooling and vendor ecosystem around Istio almost tripled throughout the year. But there were also many new players that entered the market providing alternative approaches to solving layer 7 networking challenges. Meshes, such as those Kuma and Maesh offer, have emerged to provide different approaches to service mesh in order to address various edge use cases. We also saw the introduction of tools like SMI Spec and Meshery attempt to engage an early market that is flourishing due to immense opportunity, but has yet to contract while key players are waiting for the market to choose the winners first. Adjacent projects like Network Service Mesh bring service mesh principles to lower layers of the stack.

While there is still much to be settled in the service mesh space, the value of service mesh as a technology pattern is clear, as evidenced by the recently released “Voice of the Enterprise: DevOps,” 1H2019 survey conducted by 451 Research

While still a nascent market, the interest in and plan to adopt service mesh as a critical piece of infrastructure is quickly catching up to that of Kubernetes and containers. 

Service Mesh in 2020: The Top-3 Developments 

1. A quickly growing need for service mesh

Kubernetes is exploding. It has become the preferred choice for container orchestration in the enterprise and in greenfield deployments. There are real challenges that are causing brownfield to lag behind, but those are being explored and solved. Yes, Kubernetes is a nascent technology. And yes, much of the world is years away from adopting it. But it’s clear that Kubernetes has become--and will continue to be--a dominant force in the world of software. 

If Kubernetes has won and the scale and complexity of Kubernetes-based applications will increase, there is a tipping point where service mesh becomes all but required to effectively manage those applications. 

2. Istio Will Be Hard to Beat

There’s likely room for a few other contenders in the market, but we will see the market consolidation begin in 2020. In the long term, it’s probable that we’ll see a Kubernetes-like situation where a winner emerges and companies begin to standardize around that winner. It’s conceivable that service mesh may not be the technology pattern that is picked to solve layer 7 networking issues. But if that does happen, it seems likely that Istio becomes the de facto service mesh. There are many arguments for and against this, but the most telling factor is the ecosystem developing around Istio. Almost every major software vendor has an Istio solution or integration, and the Istio open source community far surpasses any others in terms of activity and contributions

3. Use Cases, Use Cases, Use Cases

2019 was the year where problems apt for service mesh to solve were identified. Early adopters chose the top-two or -three capabilities they wanted from service mesh and dove in. In the past year, the three most commonly requested solutions have been: 

  • mTLS
  • Observability 
  • Traffic management 

2020 will be the year that core service mesh use cases emerge and are used as models for the next wave of adopters to implement service mesh solutions. 

The top three uses cases that our customers ask for are:

  • Observability to better understand cluster status, quickly debug and more deeply understand systems to architect more resilient and stable systems moving forward
  • Leveraging service mesh policy to drive intended application behaviors
  • Enforcing and proving a secure and compliant environment
  • Technologies like WASM making it possible to distribute existing functionality to dataplane sidecars, as well as build new intelligence and programmability

If you are already using a service mesh, you understand the value it brings. If you’re considering a service mesh, pay close attention to this space and the number of uses cases will make the real-world value proposition clearer in the year ahead. At Aspen Mesh, we’re always happy to talk about service mesh, the best path to implementation and how our customers are solving problems. Feel free to reach out!