ABCDEFGHIJKNOPQRSTUVWXYZAAABACADAEAFAG
1
2
ProductIstioLinkerd2KumaConsul connectAWS App MeshNGINX Service MeshOpen Service MeshTraefik MeshNetwork Service Mesh
3
1. General information
4
Linkhttps://istio.io/https://linkerd.io/2/overview/https://kuma.io/install/latest/https://www.consul.io/mesh.htmlhttps://aws.amazon.com/app-mesh/
https://nginx.com/products/nginx-service-mesh
https://openservicemesh.io/https://traefik.io/traefik-mesh/
5
Written inGoGo / RustGoGoGo / CGoGo
6
Developed byGoogle, IBM, LyftBuoyantKongHashicorpAmazonNGINXMicrosoftTraefik Labs
7
LicenseApache License 2.0Apache License 2.0Apache License 2.0Mozilla LicenseClosed sourceClosed source / Apache License 2.0Apache License 2.0Apache License 2.0
8
PlatformComparison of service meshesKubernetesKubernetesAgnosticAgnosticECS, Fargate, EKS, EC2KubernetesKubernetes, Azure AKSAKS, EKS, K3S, GKE
9
CNCF MaturityN/AGraduatedSandboxN/AN/ASandboxN/A
10
11
2. Data plane
12
Service proxyEnvoyLinkerd proxyEnvoyBuilt-in, EnvoyEnvoyNGINX PlusEnvoyMaesh
13
Automatic sidecar injection✔️✔️✔️✔️✔️✔️✔️✖︎
14
Traffic mirroring✔️✖︎✖︎✖︎✖︎✖︎✖︎
15
Default load balancing mechanismround-robinEWMA (Exponentially Weighted Moving Average)Round RobinWeightedRound RobinWeightedWeighted
16
Load balancing optionsround-robin, weighted, random, least requests✖︎Round Robin, Least Request, Ring Hash, Random, Maglev✔️Default✖︎✖︎
17
Lcality load balancing✔️✖︎✔️✖︎✖︎✖︎✖︎
18
gRPC load balancing✔️✔️✔️✖︎✔️✖︎✖︎
19
HTTP load balancing✔️✔️✔️✔️✔️✔️✔️
20
TCP load balancing✔️✔️✔️✔️✔️✖︎✖︎
21
HTTP request matching rules✔️✔️✔️✔️✔️✔️✔️
22
L4 traffic matching rules✔️✖︎✔️✔️✖︎✔️✔️
23
Rate limiting✔️✖︎✔️✔️✖︎✖︎✖︎
24
Egress gateway✔️✖︎✔️✔️✖︎✔️✖︎
25
Ingress gateway✔️✔️✔️✔️✔️✔️✖︎
26
Multi-cluster communication✔️✔️✔️✔️✔️In Dev✖︎
27
DNS Proxying✔️✖︎✔️✖︎✖︎✖︎✖︎
28
Notes
29
NotesNotesNotesNotesNotesNotesNotesNotes
30
How to contribute:
31
3. Supported protocolsLeave a comment or drop us a line at research@learnk8s.io
32
TCP✔️✔️✔️✔️✔️✔️✔️✔️
33
UDPLicense:✖︎✖︎✖︎✖︎✖︎✖︎✖︎✔️
34
HTTP/1.1Apache 2.0✔️✔️✔️✔️✔️✔️✔️✔️
35
HTTP/2Last updated:✔️✔️✔️✔️✔️✔️✖︎✖︎
36
gRPCMay 25, 2022✔️✔️✔️✔️✔️✔️✔️✖︎
37
gRPC-web✔️Treated as TCPTreated as TCPTreated as TCPTreated as TCPTreated as HTTP✖︎
38
Mongo✔️Treated as TCPTreated as TCPTreated as TCPTreated as TCPTreated as HTTPTreated as HTTP
39
Redis✔️Treated as TCPTreated as TCPTreated as TCPTreated as TCPTreated as HTTPTreated as HTTP
40
KafkaTreated as TCPTreated as TCP✔️Treated as TCPTreated as TCPTreated as HTTPTreated as HTTP
41
Automatic protocol detectionHTTP, HTTP/2HTTP, HTTP/2, gRPCHTTP, gRPC, Kafka, TCP✖︎✖︎✖︎✖︎
42
Client initiated HTTPHTTP, HTTP/2Treated as TCPHTTP, gRPC, Kafka, TCP✖︎✖︎Treated as HTTPTreated as HTTP
43
Notes
44
NotesNotesNotesNotesNotesNotesNotesNotes
45
Find more research at:
46
4. Monitoringhttps://learnk8s.io/research
47
Prometheus integration✔️✔️✔️✔️✔️✔️✔️✔️
48
Dedicated dashboard✔️✔️✔️✔️✔️✔️✔️✖︎
49
Grafana dashboards✔️✔️✔️✔️✔️✔️Grafana Support
50
Custom metrics✔️✖︎✖︎✖︎✖︎In Dev✖︎
51
Tracing backendsJaeger, Open Tracing, Zipkin, LightstepJaeger, OpenTracingJaeger, DataDog, zipkinJaeger, Open Tracing, Zipkin
Jaeger, OpenTracing, Zipkin, AWS X-Ray
Jaeger, Open Tracing, Zipkin, DatadogJaegerJaeger
52
LoggingEnvoy access logs✔️✔️✔️✔️Fluent Bit Log Forwarding✔️
53
Notes
54
NotesNotesNotesNotesNotesNotesNotesNotes
55
56
5. Resilience
57
Circuit breaking✔️✖︎✔️✔️✔️✔️✖︎✔️
58
Retries and timeout✔️✔️✔️✔️✔️✔️In Dev✔️
59
Retry budget✖︎✔️✖︎✖︎✖︎In Dev✖︎
60
Timeout per retry✔️✖︎✔️✖︎✖︎✖︎
61
Abort injection (Fault injection)✔️✔️✔️✖︎✖︎✖︎✔️✔️
62
Delay injection (Fault injection)✔️✖︎✔️✖︎✖︎✖︎✖︎✖︎
63
Response Bandwidth (Fault injection)✖︎✖︎✔️✖︎✖︎✖︎✖︎
64
Canary Releases✔️✔️✖︎✔️✖︎✔️✔️
65
Control plane HA✔️✖︎✔️✔️✔️✔️✖︎
66
Health Checks✔️✔️✔️✔️✔️✔️✖︎
67
Notes
68
NotesNotesNotesNotesNotesNotesNotesNotes
69
70
6.Security
71
mTLS✔️✔️✔️✔️✔️✔️✔️In Planning
72
mTLS permissive mode✔️✔️✔️✖︎✔️✖︎✖︎
73
Built-in CA✖︎✖︎✔️✔️✔️ (via ACM PCA)✔️In Planning
74
External CA certificate✔️✔️✔️✔️✔️✔️✔️In Planning
75
Authentication policies✔️✖︎✔️✔️✖︎✖︎✖︎
76
Peer authentication✔️✖︎✔️✖︎✔️✖︎✖︎
77
Request authentication✔️✖︎✔️✖︎✖︎✖︎✖︎
78
Workload to workload authorization✔️✔️✔️✔️✖︎✖︎✖︎
79
End-user to workload authorization✔️✖︎✔️✖︎✖︎✖︎✖︎
80
Multi-tenancy✔️✖︎✔️✖︎✔️✖︎✖︎
81
Notes
82
NotesNotesNotesNotesNotesNotesNotesNotes
83
84
7. Service Mesh Interface
85
Access control/Traffic Access✔️✖︎✖︎✔️✖︎✔️✔️✔️
86
Traffic split✔️✔️✔️✖︎✖︎✔️✔️✔️
87
Traffic specs✔️✖︎✖︎✖︎✖︎✔️✔️✔️
88
Metrics✔️✔️✔️✖︎✖︎✔️✔️✖︎
89
Diagnostic toolIstioctl✖︎✔️✖︎✖︎osm-health✖︎
90
Notes
91
NotesNotesNotesNotesNotesNotesNotesNotes
92
93
8. Extensibility
94
Multi-cluster federation✔️✔️✔️In-dev✖︎
95
Cross-cluster deployment✔️✔️✔️✔️✔️✔️✖︎✖︎
96
Proxy extensionWASM API✖︎✔️✖︎✖︎In-dev✖︎
97
Notes
98
NotesNotesNotesNotesNotesNotesNotes
99
100