Istio service mesh vies for lead in microservices market
Istio's integration into Google Cloud will give it momentum, but service mesh competition remains fierce, as HashiCorp Consul makes strong inroads with early adopters.
Istio service mesh will capture attention as it integrates with Google Cloud Platform in 2019, but it hasn't reached industry-standard status similar to its sister project, Kubernetes, just yet.
Istio, the service mesh technology created by IBM, Google and Lyft, reached version 1.0 this year. Istio service mesh integration with Google Cloud Platform will enter public beta tests in December 2018, according to Google, and become the default service mesh deployment option for GCP in the first quarter of 2019. Users will need to only check a box to include Istio deployment alongside Kubernetes clusters in GCP. In mid-2019, such checkbox deployment will come to the on-premises Google Kubernetes Engine product, and future versions of Istio integration with GCP will offer automated upgrades, similar to the ones GKE already makes available for Kubernetes clusters.
Istio service mesh is often associated with Kubernetes container orchestration, which also originated at Google, as container-based microservices have raised the profile of service mesh networking technology. Istio's emergence alongside Kubernetes reflects maturity for enterprise container deployments.
"There's more talk about cloud-native architectures, and less about Kubernetes container orchestration specifically," said Jay Lyman, analyst with 451 Research. "It's early days for service mesh, but the need for it and the appeal of it will grow as container use grows."
Service mesh is a network architecture with two main components: a data plane comprised of sidecar containers deployed on each container cluster host or Kubernetes pod, and a control plane that orchestrates the sidecar containers to manage traffic between microservices. The service mesh approach offers deeper and finer-grained performance and security monitoring insights into applications than network-or host-based monitoring software. Service mesh can also be used in polyglot application environments without the need to refactor network management tools for each application language.
Service mesh predates Istio; the term was first coined by Buoyant, makers of Linkerd, in mid-2016, to distinguish Linkerd's approach from previous microservices network architectures that were deployed as libraries within specific applications. But Istio service mesh has gained momentum in 2018 because of its blue-chip backers and association with Kubernetes, and its rise to prominence will accelerate with the upcoming GCP integration.
"You certainly can't declare Istio the winner in the market the way Kubernetes is, but it's totally fair to call it the leader," Lyman said.
HashiCorp Consul emerges as Istio service mesh frenemy
Istio service mesh faces serious contenders for dominance in the market for microservices networking technology, most notably HashiCorp Consul distributed service discovery and key/value store.
Consul's rivalry with Istio as a microservices control plane is similar to other slippery relationships of coopetition in the market for open source cloud-native management tools -- the two need not be mutually exclusive. For example, Istio requires a third-party service catalog from Kubernetes, Consul, Netflix Eureka or another source. Istio is Kubernetes-focused so far, though Google officials hinted that Istio service mesh support for VMs is on the project's roadmap for 2019. For now, users can deploy Consul alongside Istio to manage noncontainer workloads. Consul encompasses multiple networking utilities, including domain name system, which can discover and connect to Kubernetes services even if the service mesh control plane is managed with Istio.
However, some early adopters of microservices prefer Consul as the overall control plane for service mesh. They also prefer the service discovery engine for Kubernetes over the default etcd key-value store.
Rangan Prabhakaransenior financial software developer, Bloomberg LP
"We find Consul more distributed than etcd -- individual Consul agents are the authority for health checks, rather than having to have a central authority," said Rangan Prabhakaran, senior financial software developer at Bloomberg LP, the global finance, media and tech company based in New York. "That means we can perform more frequent health checks on tens of thousands of services with very high network traffic."
Bloomberg plans to use Consul to manage service discovery on an infrastructure that consists of 20,000 nodes, some of which will be containers orchestrated with Kubernetes, while others will be bare-metal servers or VMs. It also plans to keep Consul as a centralized management interface for service mesh with the Envoy sidecar container, rather than Istio.
"Istio has good integration inside Kubernetes and claims it can manage workloads outside of Kubernetes, but there are a lot of 'ifs' and 'buts,'" Prabhakaran said. "Istio also uses Consul for its service catalog, and we're already familiar with Consul."
HashiCorp increased its direct competition with Istio when it introduced Consul Connect in August. Consul Connect handles service discovery, authentication and authorization via transport layer security (TLS), and traffic management between multiple data centers for bare metal, VM and container-based workloads. The forthcoming GCP Istio service mesh integration will also include automated issuance of TLS certificates for Kubernetes clusters; multi-cloud network management is available for Kubernetes, managed via Istio, but it won't be part of the Google Cloud integration initially.
The addition of Consul Connect makes Consul a one-stop shop to enterprises for multi-cloud microservices networking that replaces etcd for Kubernetes service discovery, Istio service mesh, and separate inter-data-center ingress and egress service mesh projects such as Kong, VMware Heptio's Gimbal and others.
Consul Connect will be a compelling product to watch as service mesh matures, HashiCorp customers said.
"Linkerd, which we've used so far, has a lot of moving parts, such as namerd and some glue code we wrote ourselves," said Zack Angelo, director of platform engineering at BigCommerce, an e-commerce company based in Austin, Texas. "With Consul Connect, we could collapse all of that into one simplified set of tools."
Connect could solve distributed state management, which is one of the most difficult problems in service mesh, Angelo said.
"Consul has mastered making that reliable within data centers," he said. "We'll keep a close eye on Consul Connect over the next six or seven months to see if it can do that between multiple data centers."