Applications are changing from monoliths into collections of small, independent, and loosely coupled services often referred to as cloud-native applications. These services are organized in a microservices architecture.
Managing the communication between these services, and maintaining security, can be challenging. This can be made easier by using a service mesh to route requests from one service to the next and optimize how all the services work together.
Red Hat® OpenShift® Service Mesh gives you a uniform way to connect, manage, and observe microservices-based applications. It does this by providing behavioral insight into—and control of—the networked microservices in your service mesh. OpenShift Service Mesh achieves this through the use of a sidecar proxy that intercepts network communication between microservices. OpenShift Service Mesh is based on the open source project Istio and is available (at no cost) for Red Hat OpenShift.
Istio integrates and manages traffic flow across services. It works alongside a Kubernetes container platform, like Red Hat OpenShift. Centralized components, sidecar proxies, and node agents work together so you can connect, secure, and monitor microservices in your OpenShift Container Platform environment.
OpenShift Service Mesh uses Jaeger, an open source, distributed tracing system. Tracing allows you to track a single request as it makes its way between different services—or even inside a service—providing insight into the entire request process from start to finish.
OpenShift Service Mesh uses Kiali, an open source project, to view configuration, monitor traffic, and analyze traces. Visualization helps users see communication pathways between services, how they’re being managed, and how traffic is flowing in near-real time for easier management and troubleshooting.
Red Hat OpenShift Service Mesh differs from Istio in ways that help resolve issues, provide additional features, and ease deployment on OpenShift Container Platform. An installation of Red Hat OpenShift Service Mesh differs from upstream Istio community installations in multiple ways:
OpenShift Service Mesh installs a multi-tenant control plane by default
OpenShift Service Mesh extends Role Based Access Control (RBAC) features
OpenShift Service Mesh replaces BoringSSL with OpenSSL
Kiali and Jaeger are enabled by default in OpenShift Service Mesh
Red Hat helps you get started faster because OpenShift Service Mesh is engineered to be ready for production. With OpenShift Service Mesh developers can increase productivity by integrating communications policies without changing application code or integrating language-specific libraries. OpenShift Service Mesh can also make things easier for operations because it installs easily on Red Hat OpenShift, has been tested with other Red Hat products, and comes with access to award-winning support.