Service Mesh (Beta)
Page last updated:
This topic describes service mesh for Pivotal Application Service (PAS).
To deploy service mesh, see Deploying Service Mesh (Beta).
PAS includes an optional beta routing plane that uses a service mesh. A service mesh provides traffic management, security, and observability for microservices. For more information, see What is a service mesh? in the Istio documentation.
Service mesh in PAS uses Istio Pilot and Envoy. The Cloud Foundry
istio-release packages these components into a BOSH release. For more information, see Pilot in Istio documentation, What is Envoy in the Envoy documentation, and the istio-release repository in GitHub.
Service mesh deploys an additional router and runs as a parallel routing plane as illustrated in the following diagram:
Service mesh currently supports configuring routing weights for apps. For more information, see Using Weighted Routing (Beta).
When deploying service mesh, consider:
- It does not have feature parity with the existing routing plane in PAS.
- It is for deployments with fewer than 20,000 routes. At greater scale, it can impact core platform functions.
- The control plane is not highly available and registration of new routes can be delayed during an upgrade.
- The domain for routes is
*.mesh.YOUR-APPS-DOMAINand is not configurable.
The following table describes each component VM deployed as part of service mesh in PAS, along with their function.
|istio-router||envoy||A reverse proxy to forward HTTP/HTTPS requests external to the platform to apps on the platform.|
|istio-control||copilot, pilot-discovery||Propagates PAS external routes to all service mesh routers.|
|route-syncer||cc-route-syncer||Syncs routes created through the Cloud Foundry API (CAPI) to the service mesh control plane.|
For information about the communication ports and protocols used by these components, see the Service Mesh (Optional) in the Routing Network Communications topic.