patpitchaya - Fotolia


The advantages of service mesh for containers, microservices

Find out about the challenges and opportunities around creating a new application development stack for containers with the help of service meshes.

The container is rapidly going through a transition from providing a basic application packaging tool to becoming a component of a full-scale enterprise infrastructure, using a service mesh to provide traditional middleware functionality. At the JavaOne conference, enterprise architects cover techniques and best practices enterprises can adopt in taking advantage of this evolution.

Mike Lehmann, VP of product management for Oracle Cloud Platform Development, said: "The first thing people did with Docker was build new apps. It is becoming apparent that you can run existing apps, like databases, app servers and existing enterprise apps, on Docker. People are using that to have a common substrate across existing apps, like databases and middleware."

The emergence of a service mesh and a common serverless environment gives enterprises a huge advantage for building new microservices and serverless apps. These provide a well-defined programming model that allows enterprises to tie new apps into existing workloads that have been modernized onto that common platform.

"Rather than treating legacy software as running on traditional servers, they are starting to move those workloads onto this platform so they have them closer and more integrable with cloud-native workloads they can build out from," Lehman said.

Building up the new stack

The initial use case of Docker by major software vendors has been as a way of packaging enterprise software. Docker coupled with Kubernetes provides a common substrate across cloud providers or internal enterprise data centers capable of running any workload.

As part of this trend, Oracle has been focusing on creating a new stack that leverages Docker, Kubernetes and the microservices ecosystem. It has recently joined the Cloud Native Computing Foundation (CNCF) to provide interoperability in the underlying container ecosystem. Lehmann said: "We see the Docker container community as the foundation of the new application development platform."

This new stack includes Docker for packaging, Kubernetes for the new app server and other components filling out the application and management stack. Lehmann said: "While this is a great foundation, it is not the full application development model. It provides the packaging and deployment model but leaves the application development open."

Rethink container management

Enterprises are also struggling with the big challenge around rethinking the management infrastructure for containers. Mark Little, VP of software engineering at Red Hat, said: "What used to be separate management capabilities offered by middleware is being refactored to leverage the capabilities of container platforms. Concepts like application lifecycle management, log management and role-based access control are being delegated to container platforms because they can be leveraged across all services."

Vendors are joining together around Linux containers, Kubernetes, Prometheus and a variety of other technologies under the banner of the CNCF to make sure there is a common standard for projects, scalable growth and platform-agnostic options.

Little said: "If vendors choose not to join the CNCF, then collaborating in other open source areas or standards will be important because the biggest risk here will be moving back to vendor lock-in, which goes against the idea that containers operate best with no vendor-specific standards or lock-in."

Adopt a service mesh as a new middleware framework

A big component of this new stack will be the development of a service mesh layer above the package and infrastructure layer. "Kubernetes lets you deliver services over many containers, but it leaves out details on how one service talks to another. There is an opportunity for service mesh specifications to help build out a cloud-neutral platform that can run on any cloud. Cloud providers will then be able to differentiate on performance, reliability or cost," Oracle's Lehmann said.

The service mesh layer manages the security of app communication and enables the smooth provisioning of new services using an A/B testing model. Both Istio and Linkerd have been emerging as strong contenders for this service mesh layer. The jury is still out on Istio vs. Linkerd. Both have been proposed at the CNCF. Each takes a different view on things like security and configuration. Linkerd has been under consideration for a while. Istio is a relative newcomer submitted by Lyft as the core of its Envoy platform.

Other new standards around tooling, managing and operating this higher-level stack are also required. Prometheus is one such promising approach for monitoring container infrastructure that will be covered at JavaOne.

Bring consistency to the stack

In a perfect world, enterprises could just adopt a stack that works for their apps, muck like traditional middleware. But the different components and their configuration settings are works in progress. Even if an enterprise is happy with a particular stack, it may have to update for security reasons. "Each works well on its own, but they have different kinds of tie-in points with the others," Lehmann said.

It can be tough to configure one piece, like Kubernetes, to work in a highly available and secure manner. The problem grows more challenging for enterprises when the different versions are upgraded or more reliable configuration settings are required.

To address this challenge, vendors like Oracle are open sourcing stable versions for some of the pieces of this emerging container stack. For example, Oracle recently open sourced a Kubernetes installer for Oracle Cloud Infrastructure that helps enterprises get started in a straightforward fashion. But this only solves part of the challenge. Lehmann said enterprises need to think about how to manage Kubernetes when a new release comes up and they need to patch it.

Going forward, Oracle is building a managed service for this kind of automated updating process. Lehmann said the goal is to provide an easy stack of components for container infrastructure. This will include a collection of specific versions and configurations of containers, Kubernetes, service mesh, operations tooling and continuous integration and deployment tooling that work well together.

This is no easy task. Lehmann observed: "Each has a lifecycle and different integration points with one another. There is clearly a stack emerging, but it is not clear what an integrated stack will look like. This is one of the big pain points developers are facing in this new world."

Next Steps

Threats lurking in your secure stack

Full-stack developers at Coding Dojo

On Java development tooling at JavaOne

Dig Deeper on Application development and management