Service Mesh (Beta)
This topic describes service mesh for Cloud Foundry.
To deploy service mesh, see Deploying Service Mesh (Beta).
Overview
Cloud Foundry includes an optional, beta routing plane that uses a service mesh. A service mesh provides traffic management, security, and observability for microservices. For more information, see What is a service mesh? in the Istio documentation.
Service mesh in Cloud Foundry uses Istio Pilot and Envoy. The Cloud Foundry istio-release packages these components into a BOSH release. For more information, see the following:
- The Pilot section in Istio documentation.
- The What is Envoy topic in the Envoy documentation.
- The istio-release repository in GitHub.
Service mesh deploys an additional router and runs as a parallel routing plane as illustrated in the following diagram:
Features
Service mesh currently supports configuring routing weights for app. For more information, see Using Weighted Routing (Beta).
Limitations
Consider the following when deploying service mesh:
- It does not have feature parity with the existing routing plane in Cloud Foundry.
- It is for deployments with fewer than 20,000 routes. At greater scale, it may impact core platform functions.
- The control plane is not HA and registration of new routes may be delayed during upgrade.
- The domain for routes is
*.mesh.YOUR-APPS-DOMAINand is not configurable.
Component VMs
The following table describes each component VM deployed as part of service mesh in Cloud Foundry, along with their function.
| VM | Processes | Function |
|---|---|---|
| istio-router | envoy | A reverse proxy to forward HTTP/HTTPS requests external to the platform to applications on the platform. |
| istio-control | copilot, pilot-discovery | Propagates Cloud Foundry external routes to all service mesh routers. |
| route-syncer | cc-route-syncer | Syncs routes created through the Cloud Controller API to the service mesh control plane. |