Containers are lightweight, portable, easily scalable, and enable you to run multiple workloads on the same host efficiently, particularly when using an orchestration platform like Kubernetes or Amazon ECS. But containers also introduce monitoring challenges. Containerized environments may comprise vast webs of distributed endpoints and dependencies that rely on complex network communication.

A true service mesh should focus on how to manage and orchestrate connectivity globally. Connecting a new service mesh for each use case is a much simpler problem to solve, but doing so won’t help you scale. You’ll just be throwing a service mesh in each cluster and calling it a day.  The more appealing solution is to stitch together environments.

In the CNCF ecosystem, Envoy, an open source service proxy developed by Lyft, is a very common choice in service mesh networking. In a previous post we discussed that both Consul and Istio leverage Envoy. Were you aware that you can extend Envoy’s capabilities with WebAssembly? What is WebAssembly? WebAssembly, or Wasm as it is often abbreviated, is not so much of a programming language as it is a specification for a binary instruction format that can be run in sandboxed virtual machines.

Adoption of service meshes like Istio is increasing. As a result, Speedscale has developed a webassembly plugin. We extended Envoy using Rust, and no changes are required to your Istio configuration. This allows us to leverage the same sidecars that you have deployed throughout your environment to inspect API traffic. Once we are listening through Istio, the typical Speedscale magic can take place. We can use the data to build integration/performance test suites and autogenerate service mocks.

Over the past ten years, Clubhouse and other innovative startups built software quickly. They started from scratch and blew past their incumbents. But the fact of the matter is that speed is no longer a differentiator. Everyone can move quickly. We’ve seen it as Facebook and Twitter quickly duplicated Clubhouse’s “innovative” functionality. Today, it’s all about agility—taking the momentum that you’ve already built up.

A service mesh is a software infrastructure layer for controlling communication between services and usually tasked with handling all the network logic required to make microservice applications work seamlessly in a cloud-native environment. It’s the perfect solution to your communications problems.

MS3 specializes in enterprise integration software, cloud migration strategies and API enablement. I’ve worked at MS3 for about five years. For the last year, I’ve been the principal product manager for Tavros, an enterprise integration platform from MS3. This article will dive into how we’re leveraging Kong Gateway and Kuma service mesh in Tavros.

When setting up Kubernetes for the first time, one of the networking challenges you might face is how to safely grant outside clients access to your cluster. By default, pods within a cluster can communicate with all other pods and services. You should restrict access to anything outside of that group.