Service Mesh (Beta)
Page last updated:
This topic describes service mesh for Cloud Foundry Application Runtime (CFAR).
To deploy service mesh, see Deploying Service Mesh (Beta).
Overview
CFAR includes an optional beta routing plane that uses a service mesh. A service mesh provides traffic management, security, and observability for microservices. For more information, see What is a service mesh? in the Istio documentation.
Service mesh in CFAR uses Istio Pilot and Envoy. The Cloud Foundry istio-release packages these components into a BOSH release. For more information, see Pilot in Istio documentation, What is Envoy in the Envoy documentation, and the istio-release repository in GitHub.
Service mesh deploys an additional router and runs as a parallel routing plane as illustrated in the following diagram:
Features
Service mesh currently supports configuring routing weights for apps. For more information, see Using Weighted Routing (Beta).
Limitations
When deploying service mesh, consider:
- It does not have feature parity with the existing routing plane in CFAR.
- It is for deployments with fewer than 20,000 routes. At greater scale, it can impact core platform functions.
- The control plane is not highly available and registration of new routes can be delayed during an upgrade.
- The domain for routes is
*.mesh.YOUR-APPS-DOMAINand is not configurable.
Component VMs
The following table describes each component VM deployed as part of service mesh in CFAR, along with their function.
| VM | Processes | Function |
|---|---|---|
| istio-router | envoy | A reverse proxy to forward HTTP/HTTPS requests external to the platform to apps on the platform. |
| istio-control | copilot, pilot-discovery | Propagates CFAR external routes to all service mesh routers. |
| route-syncer | cc-route-syncer | Syncs routes created through the Cloud Foundry API (CAPI) to the service mesh control plane. |