Blog
July 9, 2020

Announcing Maesh 1.3

The simpler service mesh, now even more reliable, flexible, and widely available.

Announcing Maesh 1.3

Maesh 1.3, the latest version of the simpler service mesh, is available today. This release introduces new configuration options and brings important enhancements to the project’s architecture.

Namespace watchlists

Previously, it was possible to configure a set of namespaces to be ignored by the Maesh Controller, via the ignoreNamespaces option. Operators of large clusters found themselves having to define a large number of exceptions if they were only interested in a small subset of namespaces.

Maesh 1.3 introduces an option that enables operators to specify which namespaces they want to be observed by the Maesh controller called watchNamespaces:

helm install maesh maesh/maesh --set controller.watchNamespaces={first,second}

For those who rely on ignoreNamespaces, it will still continue to work, we aren’t planning to remove that configuration option.

Support for named TargetPort in Service resources

A typical service definition in Kubernetes might look like this:

apiVersion: v1
kind: Service
metadata:
  name: my-service
spec:
  selector:
    app: MyApp
  ports:
    - port: 80
      targetPort: http
---
apiVersion: apps/v1
kind: Deployment
metadata:
  name: myapp-deployment
  labels:
    app: MyApp
spec:
  selector:
    matchLabels:
      app: MyApp
  template:
    metadata:
      labels:
        app: MyApp
    spec:
      containers:
        - name: nginx
          image: nginx:1.14.2
          ports:
            - containerPort: 80
              name: http

Kubernetes will look for the corresponding Pod matching the selector and for a port on the pod named http. Maesh now supports this and will do the reverse lookup of the targetPort as well, greatly enhancing flexibility.

Real-Time In-Memory Port Mapping

One of the architectural components of earlier versions of Maesh is a database referred to as StateTable, whose job included keeping track of port allocations and holding entries for port mappings. Before Maesh 1.3, port allocations and states were managed inside of a Kubernetes resource called a ConfigMap.

Maintaining that state externally seems reasonable, but there is always a catch. What if another process or user modifies the table? What if it becomes unavailable due to misconfigured permissions, or becomes so large as to introduce performance issues within the Kubernetes database back-end?

Because of this, starting in Maesh 1.3, ConfigMaps that store StateTable objects are gone. Instead, the Maesh Controller keeps in-memory state tables generated on every initialization and kept in sync with every service update.

A More Reliable Controller Loop

As a consequence of removing the state tables mentioned above, the mechanism with which a controller performs updates in the clusters required a redesign. Previously, it just watched for changes and updated the configuration as they happened. With the state now being stored in memory, that behavior was no longer sufficient, colliding events may impact Maesh's proxy nodes' performance.

To address that issue, Maesh 1.3 now leverages Kubernetes Work Queues to guarantee the correct processing of events that are responsible for updating the in-memory database. The queues help Maesh perform reliably in situations where it must process concurrent events.

Support for CoreDNS on AKS

As already mentioned in a previous release, Maesh relies heavily on CoreDNS for name resolution. Because of this dependency, Maesh is designed to patch CoreDNS through its initialization process. On AKS, there is a specific process to follow when customizing CoreDNS and we’ve updated Maesh to conform to that process. As a result of this update, Maesh is now supported on Azure Kubernetes Service.

Next Steps

The changes introduced in this release represent the next step in evolving the Maesh project into a solution the community has been requesting. Research is underway on how Maesh can implement simple, easy to use, end-to-end encryption. Developing and shipping this capability will be the next significant milestone to hit.

Your participation with the Maesh project is invaluable, and your suggestions are responsible for the improvements and direction this project undergoes. We welcome your continued feedback, PRs, and contributions because that is what keeps Maesh going in the right direction.

Thank you!

About the Author

Latest from Traefik Labs

How to Keep Your Services Secure With Traefik’s Rate Limiting
Blog

How to Keep Your Services Secure With Traefik’s Rate Limiting

Read more
Taming The Wild West of LLMs with Traefik AI Gateway
Blog

Taming The Wild West of LLMs with Traefik AI Gateway

Read more
GitOps-Driven Runtime API Governance: The Secret Sauce for Scale
Webinar

GitOps-Driven Runtime API Governance: The Secret Sauce for Scale

Watch now

Traefik Labs uses cookies to improve your experience. By continuing to browse the site you are agreeing to our use of cookies. Find out more in the Cookie Policy.