The Cloud Native Management Plane
Meshery Maintainers
Service Mesh Interface (SMI)
Core Infrastructure Initiative
Google �Season of Docs
Community-first�Sustainable open governance, not just open source
Stats�
300+ contributors�15 maintainers across different organizations:��Layer5, Red Hat, Rackspace, Intel, Quantex, Lumina Networks, VMware, Citrix, Octarine, HashiCorp, Independent, Microsoft, Google
Newcomer Onboarding Program
#1 Most Popular Project in Linux Foundation Mentorship Program
Layer5 communities:
Service Mesh Landscape
A Multi-Mesh World
Diverse microservices patterns and technologies, together with the requirements of given microservice applications, provide myriad opportunities for service mesh differentiation and specialization — including meshes native to specific cloud platforms. This will lead to a world where many enterprises use multiple service mesh products, whether separately or together.
Source: With Microservices, A Service Mesh Helps Developers Focus On The Business, Forrester, Oct. 2019
”
“
“...infrastructure diversity is
reality for many enterprises.”
It’s meshy out there�Infrastructure diversity is reality for enterprises
These factors drive service mesh diversity:
Its a multi-mesh world with a landscape of 20+ service meshes.
layer5.io/landscape
Service mesh standards to the rescue�Meshery is compatible with all three
A standard interface for service meshes on Kubernetes.
A set of API standards for enabling service mesh federation.
Service Mesh Interface (SMI)
Multi-Vendor Service Mesh Interoperation (Hamlet)
Microsoft
VMware
A format for describing and capturing service mesh performance.
Service Mesh Performance (SMP)
Layer5
Meshery�the SMI Conformance Tool
Meshery�an implementation of SMP
Landscape
GetNighthawk
GetNighthawk
Service Mesh Performance
Service Mesh Interface
Define and Enforce
Service Mesh Standards
Filter Hub
GetNighthawk
Advanced Analysis and Service Mesh Intelligence
The Only Openly Governed
Service Mesh Manager
Meshery
Service Mesh Patterns
Defining Service
Mesh Best Practices
SMI Conformance
and ecosystem projects
The service mesh management plane�Service meshes will be ubiquitous. Different service meshes will be deployed.
Control
Plane
Data
Plane
A service mesh
...and enhances in-network intelligence
Management Plane
Meshery enables operators, developers, and service owners to realize the full potential of a service mesh...
The service mesh management plane
Multi-Mesh Management
✔︎ Lifecycle
✔︎ Workload
✔︎ Performance
✔︎ Configuration
✔︎ Patterns and Practices
✔︎ Chaos and Filters
Supports:
Working with each service mesh project to incorporate Meshery into their release process as the measure of their adherence to service mesh standards.
Supports:
Adapters in yellow built by the service mesh vendor/project maintainers.
Supports:
Meshery Deployment
Meshery adapters
Meshery adapters
gRPC
A
P
I
DB
Meshery
Adapter
SMI
Kubernetes
Meshery Operator
MeshSync
Docker or Kubernetes
Service Mesh
Grafana
Kube API
HTTP
Request Load
Prometheus
HTTP
HTTP
Service A
Gateway / Ingress
Gateway / Egress
Service B
Service C
Service E
Service D
Service E
HTTP/ TCP
gRPC
Meshery
Meshery Deployment
Providers
Meshery adapters
Meshery adapters
gRPC
A
P
I
DB
Meshery
Adapter
SMI
Kubernetes
Meshery Operator
MeshSync
Docker or Kubernetes
Service Mesh
Grafana
Kube API
HTTP
Request Load
Prometheus
HTTP
HTTP
Service A
Gateway / Ingress
Gateway / Egress
Service B
Service C
Service E
Service D
Service E
HTTP/ TCP
gRPC
Persistence Layer
Persistence Layer
Persistence Layer
Persistence Layer
Meshery
University of Engineering Jaipur
University of Texas at Austin
SMI Conformance
Remote Provider
None
Local Provider
Meshery
Meshery Deployment
Clients
Clients
Meshery adapters
Meshery adapters
gRPC
A
P
I
DB
Meshery
Adapter
SMI
Kubernetes
Meshery Operator
MeshSync
Docker or Kubernetes
Service Mesh
Grafana
Kube API
HTTP
Request Load
Prometheus
HTTP
HTTP
Service A
Gateway / Ingress
Gateway / Egress
Service B
Service C
Service E
Service D
Service E
HTTP/ TCP
gRPC
Meshery
GitHub Actions
User Data and Preferences
extension point
Infrastructure
accounts
users
groups
roles
permissions
Identity
test schedule
test results
test profiles
extension point
board config
validators
perf test
System Preferences
static board
environments
System Deployment
Meshery
Server
Environment
docker-compose
analytics
adapters
K8s manifests
Helm charts
The extensible mesh manager
Legend
K8s config
Prometheus
Grafana
N:1
1:1
1:1
N:N
Cluster
Provider
1:N
1:1
Adapter
Cluster
Local Provider
temporary storage�default functionality
Adapter
Meshery owns this Object
Meshery is aware of this Object
Meshery Extension Point
Service Mesh
Prometheus
Grafana
Meshery Preferences
Remote Provider
permanent storage�additional functionality
N:N
Load Generator
Load Generator
kubeconfig
context
mesheryctl config
Control Plane
Defaults
System-wide Settings
SMI
UI
Extension�Point
DB
Extension�Point
Extension�Point
Performance
Meshery owns this Sub-object
Data Plane
Filter
Extension�Point
Meshery Operator
Prometheus
Application
GraphQL Server
Extension�Point
Pattern
Pattern
Extension�Point
Extension�Point
Extensions
N:1
Jaeger
Configuration Best Practices�Operate with confidence
Assess your service mesh configuration against deployment and operational best practices with Meshery's configuration analyzer.
Service Mesh Interface Conformance�Meshery, the service mesh compliance tool
Meshery Functionality
✔︎ Defines compliant behavior.
✔︎ Produces compatibility matrix.
✔︎ Ensures provenance of results.
✔︎ Runs a set of conformance tests.
✔︎ Securely ensures integrity of results.
✔︎ Manages all SMI compatible service meshes.
✔︎ Built into participating service mesh’s release pipeline.
✔︎ Common sample application for validating test assertions.
Operate and upgrade with confirmation of SMI compatibility.
Expect more from your infrastructure
Harnessing data plane intelligence
Manage data plane intelligence with WebAssembly filters
Dynamically load and manage your own WebAssembly filters in Envoy-based service meshes.
Landscape
GetNighthawk
GetNighthawk
Service Mesh Performance
Service Mesh Interface
Define and Enforce
Service Mesh Standards
Filter Hub
GetNighthawk
Advanced Analysis and Service Mesh Intelligence
The Only Openly Governed
Service Mesh Manager
Meshery
Service Mesh Patterns
SMI Conformance
Defining Service
Mesh Best Practices
and ecosystem projects
- confidential -
Service Mesh Patterns�Enabling use of repeatable architectural patterns
name: IstioSM
version: 1.0.1
services:
istio:
type: IstioMesh
namespace: istio-system
settings:
version: 1.8.2
traits:
mTLS:
policy: mutual
namespaces:
- istio-test
automaticSidecarInjection:
namespaces:
- default
- istio-test
grafana:
type: GrafanaIstioAddon
namespace: istio-system
dependsOn:
- istio
- prometheus
prometheus:
type: PrometheusIstioAddon
namespace: istio-system
dependsOn:
- istio
Service Mesh Patterns enable the business function in simple language.
Service Mesh Patterns are service mesh agnostic.
Service Mesh Patterns are reusable.
Meshery delivers� Service Mesh Patterns
Defining Service Mesh Patterns
CNCF Service Mesh Working Group
SMP087: Circuit breaker pattern
layer5.io/books/service-mesh-patterns
- Meet on 1st and 3rd Thursday of every month at 11am Pacific.
- Connect: Slack Channel (#tag-network).
- Join: Service Mesh WG mailing lists at lists.cncf.io
Landscape
GetNighthawk
GetNighthawk
Service Mesh Performance
Service Mesh Interface
Define and Enforce
Service Mesh Standards
Filter Hub
GetNighthawk
Advanced Analysis and Service Mesh Intelligence
The Only Openly Governed
Service Mesh Manager
Meshery
Service Mesh Patterns
Defining Service
Mesh Best Practices
SMI Conformance
and ecosystem projects
- confidential -
Meshery implements� Service Mesh Performance (SMP)
A universal performance index to gauge your mesh’s efficiency:
Facilitates apples-to-apples performance comparisons of service mesh deployments.
smp-spec.io
Facilitates:
�- a universal performance index to gauge a service mesh’s efficiency against deployments in other organizations’ environments.
- benchmarking of service mesh performance�
- exchange of performance information from system-to-system / mesh-to-mesh�
- apples-to-apples performance comparisons of service mesh deployments.
A vendor neutral specification for capturing details of infrastructure capacity, service mesh configuration, and workload metadata.
Directly enables:
Performance Management�Understand value vs Overhead
Project Alignment
SMP, SMI, and Meshery
MESHERY
SMP
SMI
Meshery runs conformance for
Meshery implements
Meshery implements
SMP goes deeper and broader
WASM
Filters
Workloads
Traffic Metrics
Git integrations
Workflow
Traffic only
Scheduling
Orchestration
Policy
Benchmarks
Users
-more-
Visual Topology
Load Generators
Load Profile
Patterns
Configuration Analysis
Traffic Specs
Traffic Split
Meshery goes deeper, incorporating strategies
Access
Retries
Canaries
Rate Limiting
Configuration Designer
MULTI-
MESH
Dry-run
Adaptive optimization
GitHub Actions
Landscape
GetNighthawk
GetNighthawk
Service Mesh Performance
Service Mesh Interface
Define and Enforce
Service Mesh Standards
Filter Hub
GetNighthawk
Advanced Analysis and Service Mesh Intelligence
The Only Openly Governed
Service Mesh Manager
Meshery
Service Mesh Patterns
Defining Service
Mesh Best Practices
SMI Conformance
and ecosystem projects
Meshery integrates GetNighthawk
Distributed systems require distributed analysis
getnighthawk.dev
Nighthawk
Meshery
+
=
Try Meshery. �
Engage in the service mesh community → https://meshery.io
Architecture
Adapter Library
Meshery Adapter Library
config
Adapter (e.g. Consul)
consul
<<interface>>
Handler
<<struct>>
Viper
<<interface>>
MeshServiceServer
<<struct>>
Service
meshes
api/grpc
config/provider
adapter
<<interface>>
Handler
<<struct>>
Adapter
<<struct>>
Handler
main
instantiate config
instantiate adapter handler
...
instantiate service
start/run service
<<implement>>
<<implement>>
<<implement>>
<<extend>>
<<instantiate>>
<<instantiate>>
<<instantiate>>
<<func>>
Start
<<execute>>
<<use>>
<<use>>
Data Persistence
Statefulness in Meshery’s Components
((see docs)
Data Persistence
Physical View
Location | Component | Media Type | Data |
Meshery Server | env var | - environment variables defined in dockerfile (or as overwritten by docker-compose, helm, manifests) and accessed via viper | - Adapter URLs�- Remote Providers |
- JSON-based data persisted in a file | - Conformance results - User profile preferences | ||
go map | - in-memory struct acts as the adapters’ capabilities database | - list of adapter operations - capabilities registry | |
Meshery Server | - SQL based data persisted in a file - Controlled by ORM library | - MeshSync Data - GraphQL Resolvers - Pattern files - Performance Profiles - Performance results | |
Remote Provider | Any | - Any | Long term persistence for everything, but MeshSync data |
System Deployment
Meshery
Server
docker-compose
K8s manifests
helm charts
Provider
Adapter
Adapters
Load Generator
Load Generators
context
mesheryctl config
UI
bitcask
mesheryctl
Meshery Operator
sqlite
Future: Bitcask goes away. SQLite becomes the only database.
map
MeshSync
Filters
System-wide Settings
Individual User Preferences and data
Settings, Preferences and their relationships�Logical View
Performance Test Profiles
Performance Test Schedules
Conformance Tests
Configuration Practices
Patterns
Applications
Provider Extensions
bitcask
overwritable
Provider-
specific
RBAC
Global defaults overridden by Individual User Preferences
immutable
visibility
bitcask
sqlite
System Flows
Sequence Diagrams
Meshery Adapter
Operation Registration Sequence Diagram
1. User opens the Meshery UI and clicks on initialize discovery
2. Meshmap UI sends request to the Meshery Operator to start MeshSync discovery
3. Meshery Operator signals the Meshsync controller to start the cluster discovery pipeline.
4. The discovery data is streamed to the NATS subjects as and when the discovery occurs.
5. Data consumed by the meshery server to be persisted.
6. Cluster discovery data persisted with timestamp
NATS
/api/discovery/cluster
State of the mesh cache
7. Websocket connection for the rest of the operations
Client
Meshery Adapter
MeshSync
Meshery Server
Meshery Operator
Dataflow Sequence Diagram
1. User opens the Meshery UI and clicks on initialize discovery
2. Meshmap UI sends request to the Meshery Operator to start MeshSync discovery
3. Meshery Operator signals the Meshsync controller to start the cluster discovery pipeline.
4. The discovery data is streamed to the NATS subjects as and when the discovery occurs.
5. Data consumed by the meshery server to be persisted.
6. Cluster discovery data persisted with timestamp
NATS
/api/discovery/cluster
State of the mesh cache
7. Websocket connection for the rest of the operations
Client
Meshery Operator
MeshSync
Meshery Server
Meshery Operator
Deployment Sequence Diagram
2. Deploy Meshery Operator to Kubernetes (by installing CRDs and create a MeshSync Custom Resource and Broker Custom Resource)
1. User opens the Meshery UI and clicks on initialize discovery
3. Meshery Operator signals the Meshsync controller to start the cluster discovery pipeline.
4. The discovery data is streamed to the NATS subjects as and when the discovery occurs.
5. Data consumed by the meshery server to be persisted.
6. Cluster discovery data persisted with timestamp
NATS
/graphql/endpoint�(Graphql Schema)
State of the mesh cache
7. GraphQL Subscriptions
Client
Meshery Operator
MeshSync
Meshery Server
MeshSync
1. Contains Generic Kubernetes “Fingerprints”.
2. Is given service mesh “fingerprints” by each service mesh adapter.
Initialization Flow: Meshery Server
1. Meshery auto-connects to the user’s current-context (which includes which cluster).
2.a. User verification of which Kubernetes context to use (in order to deploy Meshery Operator).
- or -
2.b. Or Meshery auto-deploys Meshery Operator to the cluster, but needs to ensure that it removes a Meshery Operator deployment when a user disconnects Kubernetes cluster
3. Will deploy the Meshery Operator on connect of a Kubernetes cluster and create the first CR of MeshSync�
4. Database - caches MeshSync data in relational database.
Controller initializes the NATS server
1. Kube API call to the Meshery Operator Register Fingerprints
Meshery Adapter
Location of Meshery Operator (NATS server)
Meshery Adapters
1. Will create or patch a custom resource that should be pre-existing MeshSync CR.
Meshery Adapter
Capabilities Table
- List of operations
Mesh Fingerprint
- image name with “istio”
MeshSync Object List
- any CRD matching “istio”
Validators
- Best practice
- Security
-
GraphQL Resolvers
Gorm to SQLlite Persister
GraphQL Client
Upgrading Meshery
Component by component
Components | Sub-component | Consideration for Updating |
Meshery Adapters | - Istio Adapter - Linkerd Adapter - ... | Docker Deployment: Watchtower updates this component in accordance with the user’s release channel subscription. |
Meshery Server | - Meshery UI - Load Generators - Database | Docker Deployment: Watchtower updates this component in accordance with the user’s release channel subscription. Manages lifecycle of Meshery Operator; Adapters, UI, Load Generators, Database |
Meshery Operator | MeshSync | Meshery operator manages the lifecycle of this component and its sub-components. |
Meshery Broker | Meshery operator manages the lifecycle of this event bus component. | |
mesheryctl | | mesheryctl manages the lifecycle of Meshery Server.� - system start calls system update by default, which updates server and existing adapters, but doesn’t update meshery.yaml. - system reset retrieving docker-compose.yaml from GH (use git tag to reset to the right Meshery version) - system context manages config.yaml, which manages meshery.yaml mesheryctl should generally be checking for latest release and informing user. |
Remote Providers | Meshery Cloud | Process Extension: Integrators manage the lifecycle of their Remote Providers. Process is unique per provider. |
Meshery Extensions | Static Extension: Integrators manage the lifecycle of their Meshery Extensions. Process is unique per provider. |
System Deployment
Meshery
Server
docker-compose
K8s manifests
helm charts
Provider
Adapter
Adapters
Load Generator
Load Generators
context
mesheryctl config
UI
DB
Extension�Point
mesheryctl
These components do not share the same version number. They deploy as a unit.
Meshery Operator
Service Mesh Patterns
Meshery Patterns
Integration with Open Application Modal (OAM)
Specifications used by Meshery
SMP Spec
- Load profile
SMI Spec
- Service mesh config
OAM Spec
- Application details
Policy
- Patterns
- Best practices
Workflow Definition
- Schedule
- Trigger
- Steps
- Custom script
- Output of step
Kubernetes
- Infra config
Legend
Meshery owns this Object
Meshery is aware of this Object
Open Application Model
Meshery owns this Sub-object
Registering of OAM components, traits and scopes
The intention is to make Meshery act like Kubernetes API however unlike Kubernetes, Meshery Server will invoke RPCs on Meshery Adapters.
In response, Adapters will return Trait Definitions (along with their schemas), Component Definitions (along with their schemas), and Scope Definitions (along with their schemas). Meshery server will store/register them in memory. This information is then used by Meshery Server to figure out which meshery adapter is capable of handling which OAM resource.
Mesh-specific config
Traits CR
Fingerprints
Traits
Meshery Adapters
Meshery
mesheryctl
K8s Cluster
Pattern to OAM
Capabilities Registry
Pattern
OAM
$ mesheryctl pattern apply -f retries.yaml
Static definition of a service mesh capability
OAM to K8s
2
3
4
1
Sequence
0: [Meshery Adapter] connects to a Meshery Server.
Environment vars from Dockerfile are used: http://meshery:9081
Adapter’s capabilities are registered.
1: [User] invokes mesheryctl pattern apply -f <filename>
2: [mesheryctl] calls to Meshery ReST API.
3: [Meshery Server] converts from Pattern to OAM.
4: [Meshery Server] invokes the Adapter
5: [Meshery Adapter] interprets the OAM and process the request.
5
MeshSync
NATS
Meshery UI
MeshMap
OAM
Community Partners
RESEARCH PARTNERS
TECHNOLOGY PARTNERS
Service Mesh Interface (SMI)
Core Infrastructure Initiative
Google �Season of Docs
CNCF Webinar