Blog
November 21, 2019

Maesh 1.0

Simpler Service Mesh, Now Production Ready

Three months ago (in September 2019) we were proud to unleash Maesh, the simpler service mesh. With so many tools already available on the market, we couldn’t wait to see how the community would react to our vision of the concept.

The answer is — incredibly well. In less than a month, Maesh had gathered a community of people that adopted it right from the start on their development cluster. These brave early adopters provided us with invaluable insights about various cluster configurations and shed light on possible improvements. We listened the best we could, helped them contribute to the project, fixed what had to be fixed, and we’re now contemplating the result of this common effort — Maesh 1.0

What is Maesh?

Maesh allows for visibility and management of the traffic that flows inside your Kubernetes cluster, which is just as important as the ingress and egress traffic. Maesh is designed from the ground up to be straightforward, easy to install, and easy to use.

Built on top of Traefik, Maesh is a simple, yet full-featured service mesh. It fits as your de-facto service mesh in your Kubernetes cluster and supports the latest Service Mesh Interface specification (SMI) that facilitates integration with pre-existing solutions. Maesh is opt-in by default, which means that your existing services are unaffected until you decide to add them to the mesh.

Maesh does not use any sidecar container but handles routing through proxy endpoints running on each node. Not using sidecars means that Maesh does not modify your Kubernetes objects, and does not modify your traffic without your knowledge. Using the Maesh endpoints is all that is required.

What’s New since the Alpha?

Performance Improvements

Based on feedback, we started to rework the inner architecture of Maesh to improve performance and stability. In particular, we made the Maesh controller stateless (again) and refactored the internal architecture used to refresh the configuration. As a result Maesh reacts faster and is more resilient to changes. To make it easier to customize, plenty of options are now configurable (namespaces, the cluster domain, …).

GKE Support

Many of our early adopters tried to install Maesh (alpha) on GKE with no success. The reason was that Maesh relied on CoreDNS to opt-in into the usage of the internal mesh and that GKE doesn’t embed it.

As a result and to support GKE and distributions that do not ship with CoreDNS, we’ve added support for kube-dns.

For Maesh 1.0, we’ve tested many distributions but couldn’t test every one of them. If your favorite appears to be unsupported, please raise your voice and help us fixing that!

Support for the SMI TCPRoute

Maesh supported the SMI HTTP part from the beginning, and now supports the TCP portion as well. (Bellow is an example of an SMI TCPRoute.)

kind: TrafficTarget
apiVersion: access.smi-spec.io/v1alpha1
metadata:
  name: api-service-target
  namespace: default
destination:
  kind: ServiceAccount
  name: api-service
  namespace: default
specs:
- kind: TCPRoute
  name: my-tcp-route
sources:
- kind: ServiceAccount
  name: my-other-service
  namespace: default
---
apiVersion: specs.smi-spec.io/v1alpha1
kind: TCPRoute
metadata:
  name: my-tcp-route
kind: TrafficTarget
apiVersion: access.smi-spec.io/v1alpha1
metadata:
  name: api-service-target
  namespace: default
destination:
  kind: ServiceAccount
  name: api-service
  namespace: default
specs:
- kind: TCPRoute
  name: my-tcp-route
sources:
- kind: ServiceAccount
  name: my-other-service
  namespace: default
---
apiVersion: specs.smi-spec.io/v1alpha1
kind: TCPRoute
metadata:
  name: my-tcp-route

What’s Next

Once again, we are thankful for the multitude of contributors that went straight ahead and added Maesh to their development clusters. You provided us with invaluable and early feedback and made this release possible.

But it’s just the beginning! Keep telling us what you like, giving us thoughts and ideas, and keep (or start) contributing! Pull requests and Issues are the best way to support the product and make it your own.

About the Author

Latest from Traefik Labs

How to Keep Your Services Secure With Traefik’s Rate Limiting
Blog

How to Keep Your Services Secure With Traefik’s Rate Limiting

Read more
Taming The Wild West of LLMs with Traefik AI Gateway
Blog

Taming The Wild West of LLMs with Traefik AI Gateway

Read more
GitOps-Driven Runtime API Governance: The Secret Sauce for Scale
Webinar

GitOps-Driven Runtime API Governance: The Secret Sauce for Scale

Watch now

Traefik Labs uses cookies to improve your experience. By continuing to browse the site you are agreeing to our use of cookies. Find out more in the Cookie Policy.