Service Mesh (Beta)
Page last updated:
This topic describes service mesh for Cloud Foundry Application Runtime (CFAR).
To deploy service mesh, see Deploying Service Mesh (Beta).
CFAR includes an optional beta routing plane that uses a service mesh. A service mesh provides traffic management, security, and observability for microservices. For more information, see What is a service mesh? in the Istio documentation.
Service mesh in CFAR uses Istio Pilot and Envoy. The Cloud Foundry
istio-release packages these components into a BOSH release. For more information, see Pilot in Istio documentation, What is Envoy in the Envoy documentation, and the istio-release repository in GitHub.
Service mesh deploys an additional router and runs as a parallel routing plane as illustrated in the following diagram:
Service mesh currently supports configuring routing weights for apps. For more information, see Using Weighted Routing (Beta).
When deploying service mesh, consider:
- It does not have feature parity with the existing routing plane in CFAR.
- It is for deployments with fewer than 20,000 routes. At greater scale, it can impact core platform functions.
- The control plane is not highly available and registration of new routes can be delayed during an upgrade.
- The domain for routes is
*.mesh.YOUR-APPS-DOMAINand is not configurable.
The following table describes each component VM deployed as part of service mesh in CFAR, along with their function.
|istio-router||envoy||A reverse proxy to forward HTTP/HTTPS requests external to the platform to apps on the platform.|
|istio-control||copilot, pilot-discovery||Propagates CFAR external routes to all service mesh routers.|
|route-syncer||cc-route-syncer||Syncs routes created through the Cloud Foundry API (CAPI) to the service mesh control plane.|