Announcing Oracle Cloud Infrastructure Service Mesh general availability

April 27, 2022 | 5 minute read
Dusko Vukmanovic
Sr., Principal Product Manager on the Cloud Native Services team.
Text Size 100%:

To simplify the development and operations of your microservices at scale, we are announcing the new Oracle Cloud Infrastructure Service Mesh.

OCI Service Mesh is a free, managed service that provides security, observability, and network traffic management for your cloud native applications without requiring any changes to the applications. The fully managed service makes implementing these capabilities simple for any organization, regardless of size.

Cloud native applications are commonly comprised of several inter-connected microservices that, in tandem, deliver the application experience. Therefore, the reliability of each service is critical, and organizations must manage security, observability, and connections across all microservices.

OCI Service Mesh provides a highly resilient central management layer and a proxy component that enables communication between the microservices and the management layer. Its proxy is based on the widely used open-source proxy component, Envoy. When you add a mesh to your application, it automatically injects a proxy in front of each microservice to manage the traffic.

By decoupling the management from the application code, you achieve both developer productivity and operational benefits - all in a declarative, self-service manner. Developers and application teams can now configure the security of their services in an agile, self-service manner without relying on a networking team or having to code the security or connection logic into the application itself. They also benefit from automatic metrics and log collection, which simplifies end-to-end visibility and troubleshooting if problems arise in production. Operationally, engineers can define how the microservices interact without concern for the language or framework used to develop the microservices or placing a burden on a team to maintain and update the service mesh.

These capabilities provide businesses with the agility and speed they require, without the complexity associated with Kubernetes and microservice-driven architectures.

Currently, OCI Service Mesh supports any application running on the Oracle Container Engine for Kubernetes (OKE) and you'll get the following benefits:

  • Improved developer productivity - Service Mesh allows developers to focus on the application's functionality by offering ready-to-use application infrastructure requirements in a mesh layer without the need to modify the application.
  • Improved operational efficiency - Service Mesh provides a centrally managed layer that separates security, observability, and networking from application code. This means application teams can now secure microservices more quickly and easily without involving networking teams. The development and operations now benefit from automatic and centralized metric and log collection to help address potential production issues.
  • Secure the workload - With automated certificate and key rotation, Service Mesh encrypts traffic between services and achieves a zero-trust security architecture by default. You can specify which microservices can communicate with one another using access policies.
  • End-to-end visibility - Service Mesh automatically captures a variety of network and service metrics and logs. These metrics and logs include errors, latency, and traffic volume. They serve as a source for monitoring the application’s overall health and helping the analysis of issues.
  • Connecting microservices dynamically - Service Mesh captures all traffic between microservices and provides centralized application traffic control. It allows you to perform A/B testing, apply a different load balancing policy to traffic for a specific subset of microservice instances, and perform canary deployments to accelerate deployments with minimal microservice interruption.

Enabling Mesh in Your Applications

Users can create and manage OCI Service Mesh using OCI native interfaces or kubectl. They can use familiar OCI interfaces like the OCI APIs, CLI, SDK, Terraform, or the Console. Those who use kubectl to manage their Kubernetes clusters and prefer to use the same tool for mesh management can also use kubectl to create and manage their mesh.

Figure 1: OCI native experience: Users can create and manage any mesh resource directly from the OCI Console.

Figure 2: Kubectl experience: Users can create a YAML with the mesh resources to create and manage their mesh directly from kubectl.

The steps for enabling the mesh in an application are:

  • Add the OCI Service Operator for Kubernetes to your OKE cluster. This is an open-source Kubernetes add-on developed by OCI that allows you to manage your service mesh as a Kubernetes object. 
  • Set up a mesh and its associated resources, such as a virtual service and a virtual deployment. A virtual service looks like your application service, and a virtual deployment represents a version of this service.
  • Define an access policy to determine how the Service Mesh routes application traffic between virtual services. 
  • Finally, associate the pods that represent the microservice version with the virtual deployment. That allows OCI to inject the proxy by automatically recycling the pods. After we restart the pods, the mesh is enabled for your application. 

Figure 3 shows a mesh enabled application, with green boxes showing mesh resources created when you create a mesh, and blue boxes showing your Kubernetes application. This application has two virtual services, A and B, as well as two virtual deployments for service B, labeled as B1 and B2. B1 and B2 are two independent implementations of the service B. For example, B1 can be your current version, and B2 can be a new version that you want to deploy without disruption. OCI Service Mesh creates the resources for you to easily manage the application and all its versions. You may deploy the new version B2 by using a simple traffic switch from the B1 to the B2 version or gradually increasing the traffic to B2 as you gain confidence in its functionality.

Figure 3: Mesh enabled application displaying Kubernetes and Mesh resources.

Ready to enable mesh for your applications?

To begin, sign up for the Oracle Cloud Free Tier and test drive the new Service Mesh. More information is available in the documentation. Use our reference architecture along with "Getting Started" to easily add Service Mesh to your OKE application.

Dusko Vukmanovic

Sr., Principal Product Manager on the Cloud Native Services team.

Previous Post

VMware Tanzu support for Oracle Cloud VMware Solution

Eran Maor | 2 min read

Next Post

Announcing Service Connector Hub support for exporting metrics

Kay Singh | 4 min read