kubernetes

Federated Service Mesh on VMware PKS and VMware Cloud PKS 

Editor’s note: On February 26th, 2019, VMware renamed VMware PKS to VMware Enterprise PKS. To learn more about the change, read here.

Today at KubeCon North America, Seattle, VMware announced NSX Service Mesh.  NSX Service Mesh will be a SaaS-based offering that provides a single pane of glass to manage service mesh across multiple Kubernetes clusters deployed across multiple clouds and/or datacenters. It will work in conjunction with container networking, such as NSX-T which provides pod-level networking and security for VMware PKS.  

Businesses are adopting containers to drive application velocity in order to achieve competitive edge. However, containers alone without an orchestration platform cannot adequately address the evolving needs of the business. Containers, along with an orchestration platform that supports distributed service-based architecture, provide businesses with agility. As a result, microservice-based architectures on a container orchestration platform like Kubernetes are growing increasingly popular. The premise to a microservice-based architecture is to decompose monolithic applications into smaller modules that run on containers accessible by front-end service APIs. The modules communicate with each other via the service API.

 When the application is deployed in microservices, each service can be deployed and updated independently. Microservice-based architectures make it easy to deploy software, update versions, effectively scale applications, control traffic, etc. However, a distributed service-based architecture also brings its own set of challenges- for example, how do you control which services talk to each other? How do you secure communications between services?  How do you ensure Service Level Objectives (SLO) for each service? This is where service mesh can help. A service mesh can inspect, monitor, and secure traffic flow between microservices with the help of sidecar proxies that sit next to each application container. 

An open source project called Istio provides a service mesh capability on a Kubernetes cluster to manage distributed microservices-based applications. NSX Service Mesh, based on Istio, will extend the existing Istio capabilities and bring visibility, control and security to users, data and services. NSX Service Mesh will enable a local service mesh per Kubernetes cluster as well as a federated service mesh that spans cross-cluster and cross-cloud.  

The NSX Service Mesh Beta will initially support VMware Cloud PKS in early 2019. Support for VMware PKS, a federated mesh, and additional platform support will come in the near future. 

For customers operating Kubernetes clusters on vSphere and on public clouds via VMware PKS or consuming Kubernetes clusters via VMware Cloud PKS, NSX Service Mesh will help build a federated service mesh that will collectively aggregate traffic flow across clouds and datacenters. Customers can implement policies and provide better compliance and security across multi-cloud, multi-datacenter Kubernetes deployments.

In particular, for VMware Cloud PKS, NSX Service Mesh will be available as a single click option during the creation of a Smart Cluster. This will deliver a fully managed Istio service mesh that provides service discovery, security, federation, progressive rollouts, and visibility. NSX Service Mesh will enable customers to drill down into their applications and performance characteristics, enabling VMware Cloud PKS customers to better understand the behaviors of their applications and troubleshoot problems more quickly. NSX Service Mesh running on Smart Clusters in VMware Cloud PKS will enable a federated, aggregated view and management of services across clusters. Once customers have visibility into their application, they may apply policies, route traffic, and define SLOs.

With NSX Service Mesh bringing the management of federated service mesh, and VMware PKS plus VMware Cloud PKS providing Kubernetes clusters across multiple clouds, users will get a uniform view and control of application traffic that spans multiple-clouds.