Service Mesh (Beta)
Page last updated:
This topic describes service mesh for Cloud Foundry Application Runtime (CFAR).
To deploy service mesh, see Deploying Service Mesh (Beta).
CFAR includes an optional, beta routing plane that uses a service mesh. A service mesh provides traffic management, security, and observability for microservices. For more information, see What is a service mesh? in the Istio documentation.
Service mesh in CFAR uses Istio Pilot and Envoy. The Cloud Foundry
istio-release packages these components into a BOSH release. For more information, see Pilot in Istio documentation, What is Envoy in the Envoy documentation, and the istio-release repository in GitHub.
Service mesh deploys an additional router and runs as a parallel routing plane as illustrated in the following diagram:
Service mesh currently supports configuring routing weights for apps. For more information, see Using Weighted Routing (Beta).
When deploying service mesh, consider:
- It does not have feature parity with the existing routing plane in CFAR.
- It is for deployments with fewer than 20,000 routes. At greater scale, it may impact core platform functions.
- The control plane is not HA and registration of new routes may be delayed during upgrade.
- The domain for routes is
*.mesh.YOUR-APPS-DOMAINand is not configurable.
The following table describes each component VM deployed as part of service mesh in CFAR, along with their function.
| VM | Processes | Function | | – | ——— | ——– | | istio-router | envoy | A reverse proxy to forward HTTP/HTTPS requests external to the platform to apps on the platform. | | istio-control | copilot, pilot-discovery | Propagates CFAR external routes to all service mesh routers. | | route-syncer | cc-route-syncer | syncs routes created through the Cloud Controller API to the service mesh control plane. |Create a pull request or raise an issue on the source for this page in GitHub