Announcing Maesh 1.2 - Now with support for UDP, custom proxy nodes and a more efficient installation!

Now with support for UDP, custom proxy nodes and a more efficient installation!

In early March, we proudly announced the general availability of Maesh 1.1. Now, less than 3 months later we’re proud to introduce Maesh 1.2, the latest release of our simpler service mesh. This release brings new additions such as UDP support and enhancing our internal architecture to provide more flexibility and performance in large deployments.

UDP Support

As you probably know, Maesh is built on top of Traefik, our popular Cloud Native Edge Router. Traefik introduced UDP support with the release of version 2.2 in early March, and as a result, Maesh is now able to handle UDP connections as well.

The only thing you need to do is modify your "maesh.containo.us/traffic-type" annotation and set it to `udp`.

---
apiVersion: v1
kind: Service
metadata: 
  annotations: 
    maesh.containo.us/traffic-type: udp
  labels: 
    app: my-udp-service
  name: udp-service
  namespace: test
spec: 
  ports: 
    - port: 8080
      protocol: UDP
  selector: 
    app: my-udp-service

That’s it! Maesh will now proxy the UDP protocol to that service.

Custom Proxy Nodes

Prior to version 1.2, the underlying Maesh proxy nodes were “vanilla” Traefik 2.1 pods running in your cluster. In order to create more possibilities, and make the deployment and management even easier, we decided to improve that.

Maesh now uses a new command `maesh proxy` which will start a custom Maesh proxy node, rather than a standard Traefik node. These custom nodes are smaller, start faster, and will pave the way for many highly-requested features in the future.

Of course, these custom nodes are built on top of Traefik’s technology, as it’s the library we use and it has been hardened through the years of usage.

Pull over Push Configuration

As a result of the architectural change mentioned above, we were able to improve the way our proxy nodes ingest configuration.

Prior to this release, the Maesh Controller pushed the current dynamic configuration to the proxy nodes. Of course, this solution was not optimal as it eventually resulted in longer deployment times and became a bottleneck in large clusters.

We’ve changed the configuration to a pull based system, so instead of waiting for a push, the custom nodes will pull the configuration from the controller.This change improves both performance along with stability, and makes the deployment of configuration not only more efficient but much easier.

ACL as a feature

Maesh was designed from the ground up to be SMI compliant. Therefore, we initially had a CLI flag to configure Maesh called `--smi`. This would set Maesh into the SMI Mode which made it possible to make use of TrafficSplits or ACL.

As a side-effect you were unable to use the retry annotation together with SMI because internally the two modes were incompatible.

To change that, we have reworked how Maesh discovers services. Maesh will now build an internal topology of every deployed service, including *nested TrafficSplits* through the SMI specification.

Additionally, if you want to use ACL (TrafficTarget in SMI) you may now activate the ACL flag `--acl` similar to how you could activate the SMI flag before. Doing so, will activate the ACL feature on Maesh without impacting the SMI mode.

Multiple Middlewares per service

Last but not least, we also enhanced the handling of the annotations on your services. It is now possible to combine middlewares, for example the retry-attempts with the rate-limiter to better control your services.

---
apiVersion: v1
kind: Service
metadata: 
  annotations:
    maesh.containo.us/retry-attempts: 2
    maesh.containo.us/ratelimit-burst: 200
  labels: 
    app: my-udp-service
  name: udp-service
  namespace: test
spec: 
  ports: 
    - port: 8080
      protocol: UDP
  selector: 
    app: my-udp-service

This configuration activates the retry feature and Maesh will simultaneously try to proxy the request twice in case of a network error and activate the rate limiting for that service.

New Helm Major Version

As a result of all the architecture changes mentioned above, we needed to enhance the Major Version of our chart as we had some helm breaking changes. For assistance while upgrading your installation, please see here.

What’s Next

We’re just getting started. Work is underway to implement some of the most requested features into Maesh, including End to End encryption. Of course, this is only made possible by you, an awesome community, which provides us such valuable feedback that we’re able to define an exciting roadmap for a product you’ve helped us build.

Please don’t stop contributing, either in PR’s or just raising issues. For us it matters a lot.

Thank you!

Useful links


This is a companion discussion topic for the original entry at https://containo.us/blog/announcing-maesh-1-2/