Blog
September 4, 2019

Announcing Maesh, a Lightweight and Simpler Service Mesh Made by the Traefik Team

We are proud to introduce Maesh, Containous’ new service mesh designed from the ground up to be straightforward, easy to install and easy to use. Maesh allows for visibility and management of the traffic that flows inside your Kubernetes cluster, which is just as important as the ingress and egress traffic.

Built on top of Traefik, Maesh is a simple, yet full-featured service mesh. It is container-native and fits as your de-facto service mesh in your Kubernetes cluster. It supports the latest Service Mesh Interface specification (SMI) that facilitates integration with pre-existing solutions. Moreover, Maesh is opt-in by default, which means that your existing services are unaffected until you decide to add them to the mesh.

Non-Invasive Service Mesh

Maesh does not use any sidecar container but handles routing through proxy endpoints running on each node. The mesh controller runs in a dedicated pod and handles all the configuration parsing and deployment to the proxy nodes. Maesh supports multiple configuration options: annotations on user service objects, and SMI objects. Not using sidecars means that Maesh does not modify your Kubernetes objects, and does not modify your traffic without your knowledge. Using the Maesh endpoints is all that is required.

Maesh Architecture

Relies on Kubernetes DNS

Maesh leverages the CoreDNS platform installed by default in Kubernetes. It allows users to use the Maesh endpoints (instead of the standard Kubernetes service endpoints) to benefit from its feature set — no sidecars! Maesh endpoints run side-by-side with user services: you choose whether you use them or not (opt-in). This gives more confidence, since users know that they are able to test, and revert back to the user services: they should be happy with the result.

Also, the updates to CoreDNS made during the installation of Maesh is minimal and non-invasive, and is easily removable.

Multiple Network Layers

Maesh can run in both TCP and HTTP mode

  • In HTTP mode, Maesh leverages Traefik’s feature set to enable rich routing on virtual-host, path, headers, cookies.
  • Using TCP mode allows a seamless and easy integration with SNI routing support.

Use both modes at the same time within the same cluster, and is configurable via annotations on services.

Built on Top of Traefik

Maesh builds on top of Traefik, the leading reverse proxy for routing, and provides every feature users would expect: OpenTracing, load balancing for HTTP, gRPC, WebSocket, TCP, rich routing rules, retries and fail-overs, not to mention access controls, rate limits, and circuit breakers.

Easy to Install; Easy to Use

Installing Maesh to your cluster is easy: install the Helm chart, as there are no helper applications, no CRDs to install, and no new vocabulary for users to learn. If users understand how pods and services work, then Maesh will be easy to understand and use.

Let’s get started by installing Maesh using the following commands:

helm repo add maesh https://containous.github.io/maesh/charts
helm repo update
helm install --name=maesh --namespace=maesh maesh/maesh

Maesh is now ready to use in your cluster, and you’re one annotation away from using it on any running application:

kubectl annotate service \
    web-application maesh.containo.us/traffic-type=http

Is your application using a TCP communication protocol (which is not HTTP)? It is also supported:

kubectl annotate service mongo-database \
    maesh.containo.us/traffic-type=tcp

That’s how easy it is to install and use Maesh!

What’s Next

Because Maesh is open source, we would love the community’s input as to which features are important to you, so that we can prioritise the top requests.

We welcome community contributions and love when they are faster than us to provide additional features! Pull requests are the best way to support the product and make it your own.

About the Author

Latest from Traefik Labs

How to Keep Your Services Secure With Traefik’s Rate Limiting
Blog

How to Keep Your Services Secure With Traefik’s Rate Limiting

Read more
Taming The Wild West of LLMs with Traefik AI Gateway
Blog

Taming The Wild West of LLMs with Traefik AI Gateway

Read more
GitOps-Driven Runtime API Governance: The Secret Sauce for Scale
Webinar

GitOps-Driven Runtime API Governance: The Secret Sauce for Scale

Watch now

Traefik Labs uses cookies to improve your experience. By continuing to browse the site you are agreeing to our use of cookies. Find out more in the Cookie Policy.