Service Mesh (Beta)

Page last updated:

This topic describes service mesh for Cloud Foundry Application Runtime (CFAR).

To deploy service mesh, see Deploying Service Mesh (Beta).

Overview

CFAR includes an optional, beta routing plane that uses a service mesh. A service mesh provides traffic management, security, and observability for microservices. For more information, see What is a service mesh? in the Istio documentation.

Service mesh in CFAR uses Istio Pilot and Envoy. The Cloud Foundry istio-release packages these components into a BOSH release. For more information, see Pilot in Istio documentation, What is Envoy in the Envoy documentation, and the istio-release repository in GitHub.

Service mesh deploys an additional router and runs as a parallel routing plane as illustrated in the following diagram:

Features

Service mesh currently supports configuring routing weights for apps. For more information, see Using Weighted Routing (Beta).

Limitations

When deploying service mesh, consider:

• It does not have feature parity with the existing routing plane in CFAR.
• It is for deployments with fewer than 20,000 routes. At greater scale, it may impact core platform functions.
• The control plane is not HA and registration of new routes may be delayed during upgrade.
• The domain for routes is *.mesh.YOUR-APPS-DOMAIN and is not configurable.

Component VMs

The following table describes each component VM deployed as part of service mesh in CFAR, along with their function.

| VM | Processes | Function | | – | ——— | ——– | | istio-router | envoy | A reverse proxy to forward HTTP/HTTPS requests external to the platform to apps on the platform. | | istio-control | copilot, pilot-discovery | Propagates CFAR external routes to all service mesh routers. | | route-syncer | cc-route-syncer | syncs routes created through the Cloud Controller API to the service mesh control plane. |