We are proud to introduce Maesh, Containous’ new service mesh designed from the ground up to be straightforward, easy to install and easy to use. Maesh allows for visibility and management of the traffic that flows inside your Kubernetes cluster, which is just as important as the ingress and egress traffic.
Built on top of Traefik, Maesh is a simple, yet full-featured service mesh. It is container-native and fits as your de-facto service mesh in your Kubernetes cluster. It supports the latest Service Mesh Interface specification (SMI) that facilitates integration with pre-existing solutions. Moreover, Maesh is opt-in by default, which means that your existing services are unaffected until you decide to add them to the mesh.
Non-Invasive Service Mesh
Maesh does not use any sidecar container but handles routing through proxy endpoints running on each node. The mesh controller runs in a dedicated pod and handles all the configuration parsing and deployment to the proxy nodes. Maesh supports multiple configuration options: annotations on user service objects, and SMI objects. Not using sidecars means that Maesh does not modify your Kubernetes objects, and does not modify your traffic without your knowledge. Using the Maesh endpoints is all that is required.
Relies on Kubernetes DNS
Maesh leverages the CoreDNS platform installed by default in Kubernetes. It allows users to use the Maesh endpoints (instead of the standard Kubernetes service endpoints) to benefit from its feature set — no sidecars! Maesh endpoints run side-by-side with user services: you choose whether you use them or not (opt-in). This gives more confidence, since users know that they are able to test, and revert back to the user services: they should be happy with the result.
Also, the updates to CoreDNS made during the installation of Maesh is minimal and non-invasive, and is easily removable.
Multiple Network Layers
Maesh can run in both TCP and HTTP mode
- In HTTP mode, Maesh leverages Traefik’s feature set to enable rich routing on virtual-host, path, headers, cookies.
- Using TCP mode allows a seamless and easy integration with SNI routing support.
Use both modes at the same time within the same cluster, and is configurable via annotations on services.
Built on Top of Traefik
Maesh builds on top of Traefik, the leading reverse proxy for routing, and provides every feature users would expect: OpenTracing, load balancing for HTTP, gRPC, WebSocket, TCP, rich routing rules, retries and fail-overs, not to mention access controls, rate limits, and circuit breakers.
Easy to Install; Easy to Use
Installing Maesh to your cluster is easy: install the Helm chart, as there are no helper applications, no CRDs to install, and no new vocabulary for users to learn. If users understand how pods and services work, then Maesh will be easy to understand and use.
Let’s get started by installing Maesh using the following commands:
helm repo add maesh https://containous.github.io/maesh/charts
helm repo update
helm install --name=maesh --namespace=maesh maesh/maesh
Maesh is now ready to use in your cluster, and you’re one annotation away from using it on any running application:
kubectl annotate service \
Is your application using a TCP communication protocol (which is not HTTP)? It is also supported:
kubectl annotate service mongo-database \
That’s how easy it is to install and use Maesh!
Because Maesh is open source, we would love the community’s input as to which features are important to you, so that we can prioritise the top requests.
We welcome community contributions and love when they are faster than us to provide additional features! Pull requests are the best way to support the product and make it your own.