This article is shared from Huawei Cloud Community "Kmesh Enters CNCF Cloud Native Panorama" , author: Cloud Container Big Future.
Recently, Kmesh has officially entered the CNCF cloud native panorama, located under the Service Mesh category.
Kmesh: the industry’s first kernel-level sidecarless traffic management engine
eBPF and Sidecarless are the future of service meshes
In recent years, service grids have become increasingly popular, but the sidecar architecture still has challenges in terms of resource overhead, upgrade deployment, and latency. How to reduce proxy overhead and build a sidecarless service grid has become an industry consensus.
From the beginning of the project, Kmesh has targeted grid pain points and innovatively proposed the industry's first kernel-level sidecarless traffic management engine. It uses eBPF + programmable kernel technology to bring L4~L7 management to the OS. The management process does not require proxy components. Realize multiple hops to one hop of the service communication path in the service grid, completely eliminate agency overhead, and truly realize sidecarless grid governance.
Kmesh architecture diagram
Advantages of Kmesh
-
high performance
The kernel natively supports L4~L7 traffic management functions, reducing the forwarding delay of microservices in the grid by 60%, and improving microservice startup performance by 40%;
-
low overhead
There is no need to deploy sidecars in microservices, and the service grid data plane overhead is reduced by 70%;
-
High availability
Kernel traffic management will not cut off connections, and component upgrades and restarts will not affect existing business connections at all;
-
zero trust network
Support the construction of zero-trust network based on kernel mTLS;
-
safe isolation
Virtual machine security based on eBPF, with cgroup-level governance isolation;
-
Flexible governance model
In addition to the full-kernel governance form, Kmesh also supports a four- and seven-layer governance separation architecture. The kernel eBPF and waypoint components handle L4 and L7 traffic respectively, allowing users to gradually adopt Kmesh, thereby achieving a transition from no grid -> secure L4 governance -> L7 governance. smooth transition;
-
Smoothly compatible
Seamlessly integrates with Istio and supports xDS protocol standard. Currently, it supports both Istio API and Gateway API, and can work together with existing sidecars.
Why choose Kmesh
Kmesh is first of all a Sidecarless grid architecture model. Currently, the Sidecarless model is very popular. Both the Istio community and the Cilium community are adopting this architectural model, and the majority of users recognize Sidecarless very much. Compared with Sidecar, Sidecarless has no resource occupation overhead, decouples the life cycles of applications and agents, and breaks the one-to-one binding relationship, making deployment and maintenance simpler.
Kmesh innovatively uses eBPF technology to manage traffic in the kernel state, allowing traffic management to proceed with the flow. The advantage is that business connections will not be cut off, which greatly reduces the number of connections on the traffic path, thereby reducing application access latency.
A major disadvantage of traffic management in user mode is that component upgrades will cause damage to business traffic. Kmesh completely avoids this through programmable kernel technology. At present, Kmesh has an overwhelming advantage in the industry in this regard. We fully see the infinite possibilities of eBPF, and more network innovations can be carried out based on eBPF in the future.
Kmesh also provides another advanced mode, which provides rich L7 governance functions through four- and seven-layer separation. The four- and seven-layer separation can provide more fine-grained physical isolation. Different tenants, different namespaces or different services can be divided and have exclusive seven-layer proxy waypoints. Waypoint can also dynamically expand and contract capacity based on business traffic to facilitate full hosting. We see that waypoint is different from traditional centralized gateways in that there is no single point of failure.
Therefore, we firmly believe that the ideal architecture for the future Sidecarless model must be a combination of eBPF technology and waypoint, which should not only reduce resource consumption but also reduce latency. L4 and simple L7 traffic management is performed on the node through eBPF, and advanced and complex seven-layer protocols are forwarded to waypoint management .
Join the community and contribute
Kmesh was initiated by Huawei and incubated by the openEuler community. It is currently hosted on GitHub as an independent project, providing users with ultimate performance traffic management technology solutions.
Huawei is the first manufacturer in China to participate in the service grid. As early as 2018, Huawei began to invest in the Istio community. It has consistently ranked first in Asia in terms of contribution to the Istio community, and has continued to hold community Steering Committee seats since its inception.
Huawei’s exploration process in the service grid field
Kmesh community address: https://github.com/kmesh-net/kmesh
CNCF Cloud Native Panorama
Cloud Native Computing Foundation, Cloud Native Computing Foundation (hereinafter referred to as CNCF) is an open source software foundation that is committed to the popularization and sustainable development of cloud native (Cloud Native) technology. Cloud native technology helps enterprises and organizations build and run agile, scalable applications in modern dynamic environments such as public cloud, private cloud and hybrid cloud through a series of software, specifications and standards.
CNCF released the Cloud Native Panorama (CNCF Landscape), which aims to help enterprises and developers quickly understand the full picture of the cloud native system and help users choose appropriate software and tools for cloud native practice. Therefore, it is favored by the majority of developers and users. Attention and attention.
Reference link
[1]CNCF Landscape:https://landscape.cncf.io/
[2]Ambient Mesh introduction: https://istio.io/latest/blog/2022/introducing-ambient-mesh/
[3]Huawei Cloud ASM: https://support.huaweicloud.com/asm/index.html
[4] Get started quickly with Kmesh: https://kmesh.net/en/docs/setup/quickstart/
Click to follow and learn about Huawei Cloud’s new technologies as soon as possible~
The pirated resources of "Qing Yu Nian 2" were uploaded to npm, causing npmmirror to have to suspend the unpkg service. Zhou Hongyi: There is not much time left for Google. I suggest that all products be open source. Please tell me, time.sleep(6) here plays a role. What does it do? Linus is the most active in "eating dog food"! The new iPad Pro uses 12GB of memory chips, but claims to have 8GB of memory. People’s Daily Online reviews office software’s matryoshka-style charging: Only by actively solving the “set” can we have a future. Flutter 3.22 and Dart 3.4 release a new development paradigm for Vue3, without the need for `ref/reactive `, no need for `ref.value` MySQL 8.4 LTS Chinese manual released: Help you master the new realm of database management Tongyi Qianwen GPT-4 level main model price reduced by 97%, 1 yuan and 2 million tokens