In this blog, I will cover a quick introduction of TSM and a couple of use cases and real challenges which can be solved using this :
What is Tanzu Service Mesh (TSM)?
Radically simplify the process of connecting, protecting, and monitoring your microservices across any runtime and any cloud with VMware Tanzu Service Mesh. Provide a common policy and infrastructure for your modern distributed applications and unify operations for Application Owners, DevOps/SREs and SecOps without disrupting developer workflows.https://www.vmware.com/in/products/tanzu-service-mesh.html
Tanzu Service Mesh is K8s operator side microservice orchestration tool to manage service discovery, traffic, mTLS secure payload, rate limiting, telemetry, observability of VM, microservices and circuit breaker across multi-clouds. Open-source service mesh technologies like Istio exist to help overcome some of the challenges around building microservices such as service discovery, mutualTLS (mTLS), resiliency, and visibility. However, maintaining and managing a service mesh like Istio is challenging, especially at scale.
It provides unified management, global policies, and seamless connectivity across complex, multi-cluster mesh topologies managed by disparate teams. It provides app-level observability across services deployed to different clusters, complementing/integrating into modern observability tools you use or are considering.
TSM Global NameSpace Architecture
As of now, only this enterprise product has this powerful feature to provide a global namespace for multi K8s clusters across multi-clouds . Istio open source doesn’t provide this feature.
TSM use Cases
- Service discovery for multi Kubernetes clusters in different namespaces or multi-cloud using GNS
- Distributed Microservice Discovery on multi-cloud
- Traffic Monitoring and API communication tracing
- Logging and K8s Infra Monitoring with admin dashboard visualization
- Rate Limiting with the help of Redis
- Business Continuity (BI)
- Developer is responsible to provide all service- related configuration thru boiler-plate code
- Secure Payload
- Netflix OSS APIs (Eureka service discovery, Zuul API gateway, Ribbon- Load balancing, caching etc) , Hystrix (Circuit breaker) are legacy and no enterprise support, also its tightly coupled with application development source code
- Open source Istio has no enterprise support as of now
- Visibility for DevOps and DevSecOps
- Doc – https://docs.pivotal.io/pks/1-7/nsxt-service-mesh.html
- Public doc- https://tanzu.vmware.com/service-mesh