How Service Mesh Enables a DevOps Revolution
Emily Freeman, the highly respected author of “DevOps for Dummies” and head of DevOps product marketing at AWS, recently introduced a revolutionary model for DevOps to replace the traditional software development lifecycle (SDLC). Her argument is that, in the era of cloud-native applications, there is additional chaos introduced across the software lifecycle, and therefore the SDLC, and DevOps as we know it, are no longer relevant.
A revolutionary model for software development
Figure 1. Revolutionary Model for Software Development
As shown in Figure 1, rather than a linear or circular model of the SDLC, Emily’s new model consists of 5 concentric rings that represent roles in software development. There are also 6 spokes that represent considerations for putting software into production.
How Emily’s model translates to DevOps tools, processes, and best practices remains an open question. How it translates to the SDLC, in general, is also an important but open question. Yet, if you look at new cloud-native application technologies, the service mesh stands out as the best technology to support this model.
How a service mesh supports architecting:
- Security: A prescriptive architecture for securing applications running on one or more Kubernetes clusters
- Reliability: A resilient architecture that enhances reliability through improved observability and scalability
- Observability: A simpler but powerful observability architecture that removes many observability concerns from the application itself
- Scalability: An architecture that can scale horizontally across multiple microservices and multiple Kubernetes clusters and leverage the architecture for reliability and observability
- Testability: An architecture that enables blue/green and canary deployment models of testing software enabled by the architectures for security, reliability, and scalability
- Flexibility: A flexible architecture that can span multiple microservices and be deployed across multiple Kubernetes clusters which is enabled by all facets of the overall system architecture
How a service mesh supports developing:
- Security: Developing applications that export concerns for reliability to the service mesh sidecar container for features such as TLS (SSL encryption), authorization, and authentication
- Reliability: Developing applications that export concerns for reliability to the service mesh sidecar container for features such as retries, timeouts, and circuit breakers
- Observability: Developing applications that export concerns for observability to the service mesh sidecar container for features such as exporting of distributed traces and performance metrics
- Scalability: Ability to develop scalable applications by reducing the complexity of code and libraries and therefore improving raw performance and efficiency of the core application
- Testability: Developing applications that can be more easily tested across multiple environments such as dev, pre-production, and production without adding significant complexity and risk in conducting the testing
- Flexibility: Flexibility to develop applications using frameworks and libraries that are best suited to the requirements, rather than limiting choice to frameworks that replicate many features a service mesh provides
How a service mesh supports automating:
- Security: The service mesh has DevSecOps built-in with features such as certificate rotation, and the ability to automate deploying service mesh access policies and configurations for authentication
- Reliability: With automation of test tools such as chaos testing, testing the end-to-end reliability of application also becomes more easily automated and potentially part of the CI/CD pipeline
- Observability: By having a common platform of Kubernetes and a service mesh, Kubernetes-native observability tools can be leveraged in an automated fashion. Deploying configurations for collecting distributed traces, applications metrics, dashboards, and network performance can be completely automated
- Scalability: Ability to scale automation tooling across clusters in a repeatable manner due to the common platform of Kubernetes and the service mesh
- Testability: By having a common platform of Kubernetes and the service mesh testing tools such as chaos testing and integration testing can be more easily automated. These automated tests can also leverage increased observability offered by the service mesh
- Flexibility: Flexibility to automate deployments within the service mesh with fewer dependencies on the application frameworks that have been removed or simplified in the applications themselves
How a service mesh supports deploying:
- Security: Deploying the application and the configuration for securing the application become separate concerns
- Reliability: Deploying the application and the configuration for making the application more reliable become separate concerns. By deploying applications across multiple Kubernetes clusters, failover schemes can be easily implemented with a service mesh
- Observability: Deploying the application and the configuration for making the application observable become separate concerns
- Scalability: Applications can be scaled more easily across Kubernetes clusters within a common service mesh
- Testability: Deployments can be more easily tested in a service mesh with blue/green, canary, and dark launches of applications
- Flexibility: How, where, and when applications are deployed becomes much more flexible
How a service mesh supports operating:
- Security: Applications security can be more easily monitored with a service mesh and tools like Kiali that gives visibility into how the application services are secured
- Reliability: By using a service mesh to collect metrics around retries, timeouts, circuit breakers, latency, and other performance metrics, problems can be identified and fixed before services degrade or go offline
- Observability: Collecting real-time metrics, traces, are easily enabled with a service mesh in a production environment running on Kubernetes.
- Scalability: Manual scaling and auto-scaling of applications becomes easier and more efficient due to improved metrics collected through the service mesh
- Testability: Testing changes in production becomes easier and less risky due to canary deployments that can easily be implemented with a service mesh
- Flexibility: Where applications run within your environment becomes less important when they run inside a common, multi-cluster service mesh
How a service mesh supports a DevOps revolution
Without a service mesh, more complex alternatives are necessary to achieve a DevOps revolution. The core tenets of a service mesh of security, reliability, and observability enable flexibility, scalability, and testability across all roles played in architecting, developing, automating, deploying, and operating software in the cloud.
Figure 2. How a service mesh supports all considerations of modern software development
Figure 2 shows how the core tenets of a service mesh support a modern software development lifecycle and a DevOps revolution.
Because a service mesh provides a solid foundation for dealing with the chaos of modern software development, any team building and deploying applications for Kubernetes should seriously consider implementing a service mesh.
You might also be interested in reading Configuration as Data, GitOps, and Controllers: it’s not simple for multi-cluster.