Announcing Maesh, a Lightweight and Simpler Service Mesh Made by the Traefik Team

September 4, 2019

We are proud to introduce Maesh, Containous’ new service mesh designed from the ground up to be straightforward, easy to install and easy to use. Maesh allows for visibility and management of the traffic that flows inside your Kubernetes cluster, which is just as important as the ingress and egress traffic.

Built on top of Traefik, Maesh is a simple, yet full-featured service mesh. It is container-native and fits as your de-facto service mesh in your Kubernetes cluster. It supports the latest Service Mesh Interface specification (SMI) that facilitates integration with pre-existing solutions. Moreover, Maesh is opt-in by default, which means that your existing services are unaffected until you decide to add them to the mesh.

Non-Invasive Service Mesh

Maesh does not use any sidecar container but handles routing through proxy endpoints running on each node. The mesh controller runs in a dedicated pod and handles all the configuration parsing and deployment to the proxy nodes. Maesh supports multiple configuration options: annotations on user service objects, and SMI objects. Not using sidecars means that Maesh does not modify your Kubernetes objects, and does not modify your traffic without your knowledge. Using the Maesh endpoints is all that is required.

Maesh Architecture

Relies on Kubernetes DNS

Maesh leverages the CoreDNS platform installed by default in Kubernetes. It allows users to use the Maesh endpoints (instead of the standard Kubernetes service endpoints) to benefit from its feature set — no sidecars! Maesh endpoints run side-by-side with user services: you choose whether you use them or not (opt-in). This gives more confidence, since users know that they are able to test, and revert back to the user services: they should be happy with the result.

Also, the updates to CoreDNS made during the installation of Maesh is minimal and non-invasive, and is easily removable.

Multiple Network Layers

Maesh can run in both TCP and HTTP mode

  • In HTTP mode, Maesh leverages Traefik’s feature set to enable rich routing on virtual-host, path, headers, cookies.
  • Using TCP mode allows a seamless and easy integration with SNI routing support.

Use both modes at the same time within the same cluster, and is configurable via annotations on services.

Built on Top of Traefik

Maesh builds on top of Traefik, the leading reverse proxy for routing, and provides every feature users would expect: OpenTracing, load balancing for HTTP, gRPC, WebSocket, TCP, rich routing rules, retries and fail-overs, not to mention access controls, rate limits, and circuit breakers.

Easy to Install; Easy to Use

Installing Maesh to your cluster is easy: install the Helm chart, as there are no helper applications, no CRDs to install, and no new vocabulary for users to learn. If users understand how pods and services work, then Maesh will be easy to understand and use.

Let’s get started by installing Maesh using the following commands:

helm repo add maesh
helm repo update
helm install --name=maesh --namespace=maesh maesh/maesh

Maesh is now ready to use in your cluster, and you’re one annotation away from using it on any running application:

kubectl annotate service \

Is your application using a TCP communication protocol (which is not HTTP)? It is also supported:

kubectl annotate service mongo-database \

That’s how easy it is to install and use Maesh!

What’s Next

Because Maesh is open source, we would love the community’s input as to which features are important to you, so that we can prioritise the top requests.

We welcome community contributions and love when they are faster than us to provide additional features! Pull requests are the best way to support the product and make it your own.

Related Posts
From Zero to Hero: Getting Started with k0s and Traefik

From Zero to Hero: Getting Started with k0s and Traefik

Kevin Crawley
How To
December, 2020

K0s is a new Kubernetes distribution from Mirantis. It's similar to Rancher Labs' K3s, yet it ships only the bare minimum of extensions. K0s is a new Kubernetes distribution from Mirantis. This post covers how to configure k0s to include Traefik and begin routing your applications with CRDs.

Traefik Hackaethon 2020: Middleware Plugins Brain Dump

Traefik Hackaethon 2020: Middleware Plugins Brain Dump

Kevin Crawley
October, 2020

The team at Traefik Labs will be hosting a Hackathon next week, and plugins are a significant theme. Awards, bounties, and prizes are available for those who participate.

Traefik Labs: Incubating the Future of Cloud Native Networking

Traefik Labs: Incubating the Future of Cloud Native Networking

Emile Vauge
September, 2020

Today is a big day for Containous and the entire Traefik community! As Traefik crosses yet another major download milestone, we continue on our mission of simplifying cloud-native networking by launching our first cloud offering. 

Traefik Labs uses cookies to improve your experience. By continuing to browse the site you are agreeing to our use of cookies. Find out more in the Cookie Policy.