Service Mesh Overview
Oracle Cloud Infrastructure Service Mesh allows you to add a set of capabilities that enables microservices within a cloud native application to communicate with each other in a centrally managed and secure manner. Adding a service mesh is done by deploying a proxy alongside each microservice, which receives configuration information from a managed control plane. Service Mesh includes standardized patterns around observability, security, and traffic management for communication between microservices.
Companies continue to build net-new applications in a cloud native architecture or modernize their applications using containerization techniques using microservice-based approaches. Service Mesh makes it easier for you to develop and operate their cloud native applications.
Why Service Mesh?
With a service mesh, you can automatically add features to your cloud native microservice application. Manage security, control traffic, and add observability features without changing your application's source code.
With Service Mesh you can:
- Secure: Access Policies are the major tool for injecting security components into the application while having no effect on the underlying programming logic. With access policies, a service mesh assists you in eliminating network partitioning at transport layer boundaries. You can use identities and encryption for all communication between mutually authenticated services by the service mesh. Adding permission checks imposed by policies you set, adopts a zero-trust security architecture, automatically and declaratively.
- Connect: Traffic Management features allow you to do canary deployment. When you publish a new version of your code to production, you only allow a portion of traffic to reach it. The feature enables you to deploy quicker and causes the least amount of disturbance to your application. You define routing rules that govern all inter-service communication inside the mesh. You might route a portion of the traffic to a certain version of the service.
- Observe: The Service Mesh default observability features collect telemetry data throughout the service mesh. Installing Prometheus and Grafana is all that is required to get started with crucial metrics like latency, failures, and requests. In addition, you might activate OCI Logging after your application is mesh enabled. Service Mesh proxies provide two types of logs: error logs and traffic logs. These logs might be used to generate log-based statistics or to debug 404 and 503 issues.
Ways to Access Service Mesh
You can access Service Mesh by using the console (a browser-based interface), OCI
CLI, or REST APIs, Kubernetes CLI tool kubectl, and Helm.
This guide includes instructions for using these methods.
- The OCI Console is an easy-to-use, browser-based interface. To access the Console, you must use a supported browser.
- The REST APIs provide the most functionality, but require programming expertise. API reference and endpoints provide endpoint details and links to the available API reference documents including the Service Mesh APIs.
- OCI provides SDKs that interact with Service Mesh.
- The CLI provides both quick access and full functionality without the need for programming.
- To use the OCI CLI or REST APIs, you can either set up your
environment, or use Oracle Cloud Infrastructure Cloud Shell.
- To use the CLI or REST APIs in Cloud Shell, sign in to the Console. See Using Cloud Shell and the CLI Command Reference.
- To install the OCI CLI in your environment, follow the steps in the Install CLI Quickstart.
- When using REST APIs, refer to REST API documentation and API Reference and Endpoints.
- To use
kubectlwith Service Mesh, see Managing Service Mesh Resources with kubectl.Important
When usingkubectlwith Service Mesh, read Managing Service Mesh with OCI APIs vs kubectl to understand howkubectlinteracts with the OCI CLI and OCI console. - To use Helm with Service Mesh, see Managing Service Mesh with Helm.
Resource Identifiers
Service Mesh resources, like most types of resources in Oracle Cloud Infrastructure, have a unique, Oracle-assigned identifier called an Oracle Cloud ID (OCID).
Service Mesh components with OCIDs are:
- service mesh
- virtual service
- virtual service route table
- virtual deployment
- ingress gateway
- ingress gateway route table
- access policy
- work request
For information about the OCID format and other ways to identify your resources, see Resource Identifiers.
Regions and Availability Domains
All Oracle Cloud Infrastructure services are hosted in Regions and Availability Domains. A region is a localized geographic area, and an availability domain is one or more data centers in that region.
After general availability, regions with Service Mesh are listed and updated here:
Cloud Regions for Infrastructure and Platform Services
For region names and their identifiers, refer to the table on the Regions and Availability Domains page.
Authentication and Authorization
Each service in Oracle Cloud Infrastructure integrates with IAM for authentication and authorization, for all interfaces (the Console, SDK or CLI, and REST API).
An administrator in your organization needs to set up groups, compartments , and policies that control which users can access which services, and which resources, and the type of access they have. For example, policies control who can create users, groups, and compartments, or who can create and manage virtual deployments.
- If you're a new administrator, see Getting Started with Policies.
- For details about writing policies for this service, see Service Mesh IAM Policies.
- For details about writing policies for resources in other services, see Policy Reference.
Service Limits
See Service Limits for a list of applicable limits and instructions for requesting a limit increase. To set compartment-specific limits on a resource or resource family, administrators can use compartment quotas.
Pricing
There are no charges for using OCI Service Mesh. Customers only pay for the infrastructure required to run the proxy component that runs alongside the application.
For more information on Oracle Cloud Infrastructure pricing, see the Cloud Price List.
Terraform Support
Service Mesh supports Terraform for managing your infrastructure. For more information on using Terraform with Service Mesh, see the following: