Service Mesh Overview

Oracle Cloud Infrastructure Service Mesh allows you to add a set of capabilities that enables microservices within a cloud native application to communicate with each other in a centrally managed and secure manner. Adding a service mesh is done by deploying a proxy alongside each microservice, which receives configuration information from a managed control plane. Service Mesh includes standardized patterns around observability, security, and traffic management for communication between microservices.

Companies continue to build net-new applications in a cloud native architecture or modernize their applications using containerization techniques using microservice-based approaches. Service Mesh makes it easier for you to develop and operate their cloud native applications.

Why Service Mesh?

With a service mesh, you can automatically add features to your cloud native microservice application. Manage security, control traffic, and add observability features without changing your application's source code.

With Service Mesh you can:

Secure: Access Policies are the major tool for injecting security components into the application while having no effect on the underlying programming logic. With access policies, a service mesh assists you in eliminating network partitioning at transport layer boundaries. You can use identities and encryption for all communication between mutually authenticated services by the service mesh. Adding permission checks imposed by policies you set, adopts a zero-trust security architecture, automatically and declaratively.
Connect: Traffic Management features allow you to do canary deployment. When you publish a new version of your code to production, you only allow a portion of traffic to reach it. The feature enables you to deploy quicker and causes the least amount of disturbance to your application. You define routing rules that govern all inter-service communication inside the mesh. You might route a portion of the traffic to a certain version of the service.
Observe: The Service Mesh default observability features collect telemetry data throughout the service mesh. Installing Prometheus and Grafana is all that is required to get started with crucial metrics like latency, failures, and requests. In addition, you might activate OCI Logging after your application is mesh enabled. Service Mesh proxies provide two types of logs: error logs and traffic logs. These logs might be used to generate log-based statistics or to debug 404 and 503 issues.

Ways to Access Service Mesh

You can access Service Mesh by using the console (a browser-based interface), OCI CLI, or REST APIs, Kubernetes CLI tool kubectl, and Helm.

This guide includes instructions for using these methods.

The OCI Console is an easy-to-use, browser-based interface. To access the Console, you must use a supported browser.
The REST APIs provide the most functionality, but require programming expertise. API reference and endpoints provide endpoint details and links to the available API reference documents including the Service Mesh APIs.
OCI provides SDKs that interact with Service Mesh.
The CLI provides both quick access and full functionality without the need for programming.
To use the OCI CLI or REST APIs, you can either set up your environment, or use Oracle Cloud Infrastructure Cloud Shell.
- To use the CLI or REST APIs in Cloud Shell, sign in to the Console. See Using Cloud Shell and the OCI CLI Reference.
- To install the OCI CLI in your environment, follow the steps in the Install CLI Quickstart.
- When using REST APIs, refer to REST API documentation and API Reference and Endpoints.
To use kubectl with Service Mesh, see Managing Service Mesh Resources with kubectl.
Important

When using kubectl with Service Mesh, read Managing Service Mesh with OCI APIs vs kubectl to understand how kubectl interacts with the OCI CLI and OCI console.
To use Helm with Service Mesh, see Managing Service Mesh with Helm.

Resource Identifiers

Service Mesh resources, like most types of resources in Oracle Cloud Infrastructure, have a unique, Oracle-assigned identifier called an Oracle Cloud ID (OCID).

Service Mesh components with OCIDs are:

service mesh
virtual service
virtual service route table
virtual deployment
ingress gateway
ingress gateway route table
access policy
work request

For information about the OCID format and other ways to identify your resources, see Resource Identifiers.

Regions and Availability Domains

All Oracle Cloud Infrastructure services are hosted in Regions and Availability Domains. A region is a localized geographic area, and an availability domain is one or more data centers in that region.

After general availability, regions with Service Mesh are listed and updated here:

Cloud Regions for Infrastructure and Platform Services

For region names and their identifiers, refer to the table on the Regions and Availability Domains page.

Authentication and Authorization

Each service in Oracle Cloud Infrastructure integrates with IAM for authentication and authorization, for all interfaces (the Console, SDK or CLI, and REST API).

An administrator in your organization needs to set up groups, compartments , and policies that control which users can access which services, and which resources, and the type of access they have. For example, policies control who can create users, groups, and compartments, or who can create and manage virtual deployments.

If you're a new administrator, see Getting Started with Policies.
For details about writing policies for this service, see Service Mesh IAM Policies.
For details about writing policies for resources in other services, see Policy Reference.

Service Limits

See Service Limits for a list of applicable limits and instructions for requesting a limit increase. To set compartment-specific limits on a resource or resource family, administrators can use compartment quotas.

Pricing

There are no charges for using OCI Service Mesh. Customers only pay for the infrastructure required to run the proxy component that runs alongside the application.

For more information on Oracle Cloud Infrastructure pricing, see the Cloud Price List.

Terraform Support

Service Mesh supports Terraform for managing your infrastructure. For more information on using Terraform with Service Mesh, see the following:

Oracle Cloud Infrastructure Documentation