Glossary of Terms
AWS App Mesh
AWS App Mesh is a service mesh available in AWS Cloud that provides application-level networking to make it easy for your services to communicate with each other across multiple types of compute infrastructure. App Mesh standardizes how your services communicate, giving you end-to-end visibility and ensuring high-availability for your applications. App Mesh works with AWS Fargate, Amazon EC2, Amazon ECS, Amazon EKS, and Kubernetes running on AWS, and integrates with AWS Outposts for on-premises applications. App Mesh uses the open source Envoy proxy, making it compatible with a wide range of AWS partner and open source tools.
This direction of traffic is defined as the service to service communication that occurs within the cluster and does not leave your network. In microservices architecture, this is how the different services are networked in order to form a complete application. Technologies like service mesh are being developed to help solve the challenges in enabling, securing and controlling intra cluster communication.
Envoy is an open source edge and service proxy designed for cloud-native applications. Originally developed at Lyft and later open sourced to the Cloud Native Computing Foundation, Envoy is a high performance C++ distributed proxy designed for single services and applications, as well as a communication bus and “universal data plane” designed for large microservice “service mesh” architectures. Envoy Proxy is used as the base for technologies like Gloo and Istio.
HashiCorp Consul Connect
Hashicorp is a company that solves development, operations, and security challenges to revolutionize datacenter management with products like Consul, Nomad, Packer, Terraform, Vagrant, and Vault. HashiCorp Consul is a multi-cloud service networking platform to connect and secure services across any runtime platform and public or private cloud. Consul provides two solutions; Consul service discovery and Consul Connect service mesh. Watch the demo here.
Ingress (Traffic and Controller)
Ingress is a concept for handling incoming traffic to a cluster running your application services. When used in context with Kubernetes environments, an object named Ingress Controller exists to specifically fulfill this function. Kubernetes Ingress is useful and handles traffic only incoming to a specific Kubernetes cluster. Ingress is an example of North-South Traffic.
Istio is an open source and platform-independent service mesh that provides traffic management, policy enforcement and telemetry collection. Developed by Google using Envoy Proxy as its sidecar proxy, Istio supports Kubernetes-based deployments today and is being adapted by the community to other environments. Watch the Istio overview.
Kubernetes (K8s) is an open-source system for automating deployment, scaling, and management of containerized applications. It groups containers that make up an application into logical units for easy management and discovery. Kubernetes builds upon 15 years of experience of running production workloads at Google, combined with best-of-breed ideas and practices from the community.
Created and maintained by Buoyant, Linkerd is a lightweight service mesh for handling service to service communications in Kubernetes-based environments for observability, reliability and security. Watch the overview demo here.
This direction of traffic is defined as the client to server traffic, between the clients or end users outside of the datacenter to the network inside the datacenter. Ingress and Egress traffic falls within the North-South traffic definition. Incoming traffic is also often referred to as ingress but that is confined to a specific cluster. Network traffic leaving a cluster to an external service is referred to as Egress.
Service Mesh is a cloud-native application networking pattern created to solve the new challenges created as applications evolve from static monolithic workloads to distributed microservices. In microservices, an application is made of potentially hundreds of loosely coupled services networked together, thus making the service to service communication critical to a properly functioning application. In a service mesh, the application network is abstracted out of the business logic and handled through a set of proxies that are paired one to each service. Learn more about service mesh.