On September 4th, 2019, Containous, a cloud infrastructure software provider, released Maesh, an open-source service mesh written in Golang and built on top of the cloud native edge router Traefik. Maesh promises to provide a lightweight service mesh solution that is easy to get started with and to roll out across a microservice application.
Similar to the existing service mesh tools such as Istio, Linkerd, Consul, and Kuma, Maesh offers centralized solutions for networking, monitoring, and securing microservice applications. Unlike many existing service mesh products, Maesh does not use a sidecar container but rather handles routing through Maesh proxy endpoints running on each node. The mesh controller runs in a dedicated pod that handles deploying configuration to the proxy nodes.
Maesh integrates natively with Kubernetes and can be installed with Helm. Maesh requires Kubernetes version 1.11 or greater since it leverages CoreDNS to run Maesh endpoints, instead of the standard Kubernetes service endpoints. Maesh endpoints run side-by-side with services and are opt-in by default. Existing services are unaffected until they are added to the mesh, thus enabling a gradual integration of Maesh into an application.
Built on top of Traefik, a Golang open source reverse proxy and load balancer, the Maesh feature set includes the core components of Traefik. Network observability is implemented with OpenTracing, a vendor-neutral API specification and instrumentation framework for distributed tracing. Traffic management controls such as load balancing, retries, circuit breakers, and rate limits can be defined as annotations on the Kubernetes service. Kubernetes annotations are non-identifying metadata for objects that can be retrieved by client tool sand libraries. For example, retries can be enabled and customized with the following service annotation:
maesh.containo.us/retry-attempts: "2"
Maesh also supports configuration with SMI, the standard interface for service mesh technologies. When Maesh is configured in SMI mode, access and routes are explicitly enabled. By default, all routes and access is denied. Enabling SMI is part of the Maesh static configuration that is defined when the service mesh is installed.
Maesh supports both TCP and HTTP. In HTTP mode, Maesh relies on Traefik to enable routing on virtual-host, path, headers, cookies. Using TCP mode allows integration with SNI routing support. Both modes can be used at the same time in a single cluster.
Maesh can be installed into a cluster without affecting running services. When installed with a Helm chart, Maesh will be ready for use immediately after installation completes. As the Helm chart is deployed, Maesh needs to be installed into its own namespace, separate from user namespaces. Installation generally involves the following steps:
$ helm repo add maesh https://containous.github.io/maesh/charts
$ helm repo update
$ helm install --name=maesh --namespace=maesh maesh/maesh
To use Maesh, instead of referencing services as <servicename>.<namespace>, services are referenced as <servicename>.<namespace>.maesh. These references will access and route requests through the Maesh service mesh. With this approach, some services can be run through the service mesh and others without.
Maesh is an open source project accepting feedback and contributions. To get started with using Maesh, review the installation guide.