That's great news !!! Congrats to the Containous team !!!
Using Traefik for more than a year now, working like a charm.
I wonder if SO_KEEPALIVE is implemented ? I ask this because we have funny devs that don't know how to implement SO_KEEPALIVE on springboot projects correctly. That can be annoying for an Operation Team....
This looks interesting, but it's not clear to me if this supports TLS traffic to the daemon-set nodes running on each individual node. A key thing that I am looking at meshes for are last mile TLS encryption, with a appropriate sidecar.
We think that it is interesting to have an alternative with a simpler design bringing almost all features. So yes, mTLS between pods is not supported. But it's a decent tradeoff for many users. Finally, mTLS could be supported in the future between nodes :)
This is one of the several reasons Linkerd moved from per-host to sidecars.
For mTLS, the moment you want to have identity per service (as opposed to one cert across everything in the mesh), you need the security boundary to be at the pod level.
Is it like running Istio-ingressgateway only, without mesh expansion and sidecar injection? It looks simpler than Istio, but I'm on mobile and will try Maesh on a test cluster later.
Thanks! We deeply believe that the best infrastructure products are open and free from vendor lock-in.
Being compliant to SMI will make both Maesh and the specifications stronger.
I'd love to see a comparison between Maesh and Linkerd v1 -- sidecar-based meshes like Istio (AKA coordinated envoy) and API gateways like Kong are not direct competitors with Maesh, Linkerd v1 is.
Is Maesh a newer imagining of what Linkerd v1 sought to do? Is it a better k8s-integrated solution?
At first glance the difference is proxy on the node and not per pod. It is also K8s centric where L5d is easier compatible and has way more more powerful configuration options and runs on vms as well.
I would say that L5d 2.0 would be the direct competitor. They are both: small, simple, opt-in, K8s centric, and support SMI.
I think you compared it to linkerd v2 (formerly known as Conduit) -- Linkerd v1 was used primarily per-node though it was also capable of per-pod...
l5d v1 is the direct competitor, but is just theoretically lacking k8s integration, though it actually is usable with k8s, I've written about it on my tiny tiny k8s cluster.
Basically what I'm wondering is how much better the integration is for Maesh
This looks like an interesting off the shelf alternative to Envoy, which currently requires you to implement your own control plane. Moving forward, is this going to be open-core with a paid EE edition type of thing like Traefik?
So API gateways are becoming Services Meshes and Service Meshes are becoming API gateways. Have we reached critical mass on number of solutions? Will they start to consolidate?
From the description, and given who developed it, is this basically a way to run a Traefik instance per node and have the instance dynamically configure itself using the Kubernetes API? Or is there more to it?
Using Traefik for more than a year now, working like a charm.
I wonder if SO_KEEPALIVE is implemented ? I ask this because we have funny devs that don't know how to implement SO_KEEPALIVE on springboot projects correctly. That can be annoying for an Operation Team....