Alauda Service Mesh

Description of Mesh Components

This document provides a brief overview of the various components of the service mesh and their roles within the platform.

TOC

Involved Open Source Solutions

  • Istio: An open-source service mesh solution providing traffic management, security, and observability features.
  • OpenTelemetry: An open-source observability solution that supports code-level instrumentation with broad applicability.
  • Jaeger: An open-source distributed tracing solution.
  • Flagger: An open-source progressive delivery tool that supports various deployment strategies, including Canary, A/B Testing, and Blue/Green.

Component Description

Control Plane Components

Component NameDescription
Istio
istiodThe control plane component of Istio, with its name distinguishing different major versions of Istio.
istio-cniIstio CNI node agent used for configuring traffic redirection for Pods within the mesh. This component is not deployed by default unless using OpenShift clusters.
tier2-gatewayThe Tier2 gateway, in conjunction with the Tier1 gateway, provides advanced traffic management features like gray releases and service routing for ingress traffic in the mesh.
istio-eastwestgatewayThe east-west gateway in Istio for multi-cluster service mesh communication. Its primary function is to ensure that services in different clusters can communicate with each other. This component is deployed only in multi-network and multi-cluster service meshes.
asm-coreComponent providing global rate limiting for Istio. It is deployed by default but only functions when the service mesh is integrated with Redis.
OpenTelemetry
asm-otel-collectorComponent of the OpenTelemetry solution for receiving, processing, and exporting observability data. Supports open-source data formats like Jaeger and Prometheus. Trace data is sent to Jaeger, while Metrics data is sent to Prometheus or VictoriaMetrics.
asm-otel-collector-lbProvides load balancing for the asm-otel-collector component. Observability data collected by the OTel Java Agent is forwarded to the asm-otel-collector through this component.
Jaeger
jaeger-prod-collectorThe collector component of Jaeger, collecting distributed tracing data from sidecars and asm-otel-collector, and interfacing with Elasticsearch to store trace data.
jaeger-prod-queryThe data query component of Jaeger, querying trace data from Elasticsearch.
Flagger
flaggerProvides gray release functionality and integrates with Istio to implement progressive delivery strategies for services.
Others
asm-controllerManages and coordinates various resources within the service mesh.

Data Plane Components

Component NameDescription
Ingress GatewayAn independent Envoy proxy running at the edge of the mesh. It allows configuration of public ports and protocols to specify which traffic is allowed into the mesh.
Egress GatewayAn independent Envoy proxy running at the edge of the mesh. It allows monitoring, logging, and enforcement of security policies for traffic leaving the mesh.
SidecarTypically deployed in the same Pod as the application container. It handles network requests from the application, including traffic management, security policy enforcement, load balancing, and service discovery.
OpenTelemetry Java AgentAn automated tool for collecting distributed tracing and metrics data within Java applications. By injecting the OpenTelemetry Java Agent, distributed tracing of request paths and collection of performance metrics can be done without modifying the application code.

CPU and Memory Allocation

This section outlines the minimum recommended computing resources for service mesh components in the cluster.

CPU and memory allocation for each component are configurable.

Before creating a service mesh, ensure that the cluster nodes have sufficient CPU and memory to run all service mesh components.

Important Note:

  • In production environments, it is recommended not to set limits for istiod, meaning CPU and memory are unrestricted.
  • For large deployments, it is strongly recommended to use node selectors to place infrastructure on dedicated nodes in the cluster for each Istio component.

The table below summarizes the recommended minimum resource requests and limits for CPU and memory for each service mesh component.

In Kubernetes, resource requests indicate that a workload will not be deployed on a node unless that node has at least the specified amount of available memory and CPU. If the workload exceeds CPU or memory limits, it may be terminated or evicted from the node. For more information on managing container resource limits, see the Kubernetes documentation.

ComponentCPU - RequestMemory - RequestCPU - LimitMemory - Limit
Istio
istiod500m512Mi2000m2048Mi
ingress gateway250m128Mi2000m1024Mi
egress gateway250m128Mi2000m1024Mi
sidecar100m128Mi500m512Mi
tier2-gateway250m128Mi2000m1024Mi
istio-eastwestgateway250m128Mi2000m1024Mi
asm-core250m128Mi1000m512Mi
OpenTelemetry
asm-otel-collector250m512Mi2000m1Gi
asm-otel-collector-lb250m512Mi1000m1Gi
Jaeger
jaeger-prod-collector250m512Mi3000m512Mi
jaeger-prod-query250m512Mi1000m512Mi
Flagger
flagger250m128Mi1000m512Mi
Others
asm-controller250m512Mi1000m512Mi