The State of Service Mesh in 2022 – Techstrong.tv

William Morgan, CEO & Co-founder of Buoyant, talks about the state of service mesh in 2022 and the key trends that impact the cloud-native stack, including the lack of educational opportunities around Kubernetes. The video is below followed by a transcript of the conversation.

Alan Shimel: Hey, everyone, Alan Shimel here on another TechStrongTV. My guest is my friend William Morgan. William, of course, is the CEO of — it’s Buoyant; right? That’s how you pronounce it? 

William Morgan: Yep, yep.  

Shimel: And Buoyant, of course, the originators, maintainers, whatever you want, of the Linkerd mesh which is a Cloud Native Computing Foundation Project. Hey, William, welcome back to TechStrongTV. It’s good to see you, my friend. 

Morgan: Thanks for having me, Alan. It’s great to be back. 

Shimel: Yep. So, William, I gave a quick background but why don’t you jump into the Buoyant story if you don’t mind? 

Morgan: Yeah, absolutely. So, Buoyant, as you mentioned is the creator of a service mesh project called Linkerd which is now the only graduated tier service mesh project in the CNCF so I’m very happy about that. It’s our highest level of project maturity recognized and it’s used be organizations around the world to power their Kubernetes applications. 

Shimel: Absolutely. And, you know, William, look, I felt like during 2021, we would be hearing a lot about service mesh; right? Unfortunately, earlier 2021, 2020, there was a lot — let’s call it — controversy with service mesh with our friends at Google and all that stuff. But in my mind, service mesh was a catalyst for greater Kubernetes adoption, right? Because what happens is once you get to a certain level of complexity in your Kubernetes infrastructure, service mesh becomes not a nice-to-have but a must-have to keep everything happening. 

Morgan: That’s right. Yeah, that’s right. That’s certainly a big shift that we’ve seen. A few years ago, we were still making that argument. We were saying, “Hey look, if you’re going to run Kubernetes, it doesn’t give you a good way to have observability. It doesn’t give you any kind of reliability semantics. It doesn’t give you any encryption or any traffic security. You need a service mesh.” Now, fast forward a couple of years, everyone kind of believes that and we have a different sort of conversation, an easier conversation, usually. 

Shimel: Well, look, it’s always — as an serial entrepreneur in software services — it’s always an easier conversation if you have a must-have versus a nice-to-have. Right? It’s hard selling nice-to-haves. You want to have a must-have. But that being said, even though it’s a must-have, there’s still questions. There’s still — not doubts — but it’s at this place where sort of best practices are not codified, if you will. They’re emerging. 

Morgan: Yeah, I think that’s right. 

Shimel: So, I think 2022 is a big year for this where we’ll see some of this kind of shake out. 

Morgan: Well, one thing I’ve definitely noticed in the cloud native world is that there are hype cycles that are very strong. It seems like everyone’s talking about a technology. Those have to almost die down before the adoption catches up to them. So, there was a massive hype cycle around service mesh 2019, 2020. That hype is slowly moving on to other topics. What we’re seeing is adoption is actually going up in a really significant way. So, there’s the disconnect. There’s like a two-year disconnect between what everyone’s talking about and what everyone is actually doing. 

Shimel: You know, William, hype cycles are not just cloud native. The old Gardner hype cycle has been around for as long as I’ve been in tech and it’s an interesting thing that we see this. But I think especially in the cloud native space and around the service mesh Kubernetes area, we probably did suffer from a big part of that — you know, the overhype if you will. Then, into what they call the “trough of disillusionment” then coming back out to usability. I think we went through the overhype, I think we went through the trough in 2020 to 2021 early. Now, back out the other side into usability. 

Morgan: That’s certainly what it feels like from our perspective and I think the service mesh had it particularly bad because — you mentioned our friends at Google — I think there were a lot of promises made about the magic of this infrastructure as a silver bullet and the word got a little tainted. You know? It got associated with complexity. We’ve been doing our best to remove that association, making Linkerd as simple, lightweight, and human-friendly as possible. But it takes time to recover. 

Shimel: Well, it does. Also, it’s again, inherent in our tech world — I’m guilty, my friends are guilty — we tend to be like ADD with shiny trinket syndrome; right? Where, you know, everyone always wants to latch on to the next cool thing and the next cool thing is going to be that magic bullet or genie’s lamp that we’ve been looking for that’s going to solve the world’s problems. It doesn’t work like that; right? Things build on each other. They all have good stuff. Then, all of the sudden you find out, “Wow, that only does 70 percent of what I thought it was going to do.” It’s a failure. “This isn’t what I thought.” Again, that’s part of that hype cycle thing. But, you know, I think as I said, we’re moving past that, William. What does 2022 look like in the world of service mesh do you think? 

Morgan: Yeah, so the hype has died down which is nice. Everybody’s off talking about other things now, talking about eBPF or Wasm or whatever the flavor of the day is. Certainly, what we’ve seen on the Buoyant side, because we track not just open source usage but we track enterprise usage. We track folks who are trying to build serious business functions on the service mesh. We’ve seen a massive uptick over the last six months. Just kind of astonishing. The difference has been folks who are coming in now care less about the details of the technology. They care less about — they’re not as enthusiastic about the way it works and the nuts and bolts. They recognize it’s a critical part of the infrastructure and they’re just trying to build on top of it. Right? 

They’re trying to get it in place so that they can go back to doing their real job which is powering the economic engine of their business. Usually, that doesn’t involve becoming a service mesh expert. So, that’s been great and I expect to see a lot more of that. And almost everything we’ve been doing has been in service of that over the past year or two. You know, in service of making it so that the service mesh can be an implementation detail. It’s like a spark plug or the controlling wires or whatever analogy you want to use. You’re driving the car; you’re going to assume that stuff works; right? Because you’re not a mechanic. You’re just trying to get from one destination — get to your destination. 

Shimel: Right. Well, in this world of digital transformation — this magical digital transformation world we live in — so many companies want to digitally transform their businesses but they don’t really want to be in the nuts and bolts, the weeds, of being the mechanic of digital transformation. They just want to leverage digital transformation. 

Morgan: That’s right. And I think another consequence of the hype cycle is that getting actual, strong technical content is difficult. It’s difficult to find that because there’s so much marketing involved. So, finally, earlier this year, we launched the Buoyant Service Mesh Academy. It’s all free. It’s all, you know, online and it’s all available to anyone who wants to join. But our goal was, let’s give you some really serious, technical content about the service mesh both from the operations — yes, there’s some under-the-hood stuff but also from the operational perspective from an implementer’s perspective, from the adopter’s perspective. Let’s just put that out there so that people have a place to go to where they can learn stuff without the marketing influence in there. That’s been wildly successful. We’ve only had a couple workshops but we’re attracting hundreds of attendees for each one and getting great feedback and great questions. So, it’s been encouraging to have all this working. 

Shimel: Absolutely. So, William, out of the many, many things that service mesh helps with Kubernetes at scale, what do you think are the — let’s say — the top three things that people are using service mesh for right now? 

Morgan: It’s funny because we’ve been in this game for a long time; you know? I think longer than anyone else which means we started in 2015 — [laughs] — back in the olden days. 

Shimel: All the way back. 

Morgan: Right. And, you know, our original guess was that people were really going to be concerned with the reliability features because that was kind of our background. You know, Oliver Gould and I — the two original creators of Linkerd — came out of Twitter and were very reliability-focused. There’s a “fail whale” and all that stuff. Actually, the number one driver of Linkerd adoption is not the reliability features; it’s actually the security features. And I think that’s for a couple of reasons but, you know, we did a survey recently of KubeCon attendees. So, kind of the leading-edge of service mesh adoption. Number one reason who anyone was adopting Linkerd was for mutual TLS. So, they could get encryption, identity, and authenticity for all their communication on the Kubernetes cluster. 

That’s actually been a message we’ve been hearing pretty consistently for the past couple years. So, I tell you, if I had to pick one instead of three, if I had to pick one, it’s definitely security. 

Shimel: I mean, look, security seems to be number one on everyone’s list this year not just in service mesh; right? We’re getting serious about security. Let’s talk about how does service mesh actually help with security, William? 

Morgan: Yeah, so there’s one — [laughs] — security is a broad topic and there’s a lot of stuff that the service mesh cannot do. Any good security strategy involves multiple layers of things. But the one thing that service mesh can do really, really well is it can give you traffic security between your applications that are running on the mesh. By traffic security, I mean confidentiality. So, anyone who sneaks into there and can listen on the network doesn’t get to hear anything that they’re not supposed to hear. Right? So that’s basically encryption. 

You get some other nice properties around things like message integrity and things like that. But, actually, the number one thing that you get is identity. So, you get the ability to know when A is talking to B. Both sides can validate that you are actually A and you are actually B and you can do that in a way that doesn’t have to trust the network, doesn’t have to trust the hosts, doesn’t have to trust really anything. So, for any modern organization that’s really serious about implementing security in a zero-trust way, Linkerd gives you this wonderful mechanism for doing that with very little effort on your part. We put a lot of time and energy into making it so that it’s actually on by default. From the moment you install Linkerd, all communication between your mesh pods is mutual TLS. We’re doing all the hard stuff around certificate rotation. 

There’s a lot of machinery under the hood but we make it really, really easy for you to have secure communication between your applications on Kubernetes in a totally zero-trust way. That’s what I think has been the foundation of modern network security in the cloud native world. 

Shimel: Sure. You know, William, I’ve been in the security world for 25 years; that’s my background. It’s funny, security is a big domain, no pun intended. But there’s many aspects of security. 2022, cloud, cloud native, identity and access control; right? That is, in a place where we don’t have the perimeter, the molten castle anymore, identity and access control become paramount. There’s AppStack and there’s — you know — other API securities is an important thing that’s part of service mesh, too. But certainly, identity and access control is — I mean, it makes the world go around. The cloud native world, anyway. Without that trust, without that security, it’s very hard to function. I think that’s part of that must-have versus nice-to-have; right? 

Morgan: Yeah. Yeah, absolutely. I think that the change that’s happening as people adopt — as they move more into the cloud, as they adopt — you know, once you start really embracing Kubernetes, you realize “I can’t really run one Kubernetes cluster” you have to run multiple clusters for HA reasons or whatever. And, you know, often you end up in either a high-risk situation or a multi-cloud situation if you’ve been doing this for long enough. All those situations — kind of the older approach to traffic security where you’re looking at IP addresses, you know, or you’re doing stuff at the host, or you’re doing stuff at the perimeter, starts breaking down really rapidly, really rapidly. So, you almost want this layer. It’s almost like an SDN; you know? It’s like a new layer — Linkerd as the cloud native SDN where you’re doing stuff at layer seven where you have to solve these problems because you have no real guarantees about anything under layer seven. Layer three, layer four, it’s like a complex, hierarchical network that’s 90 percent outside of your control in the first place. 

Shimel: Sure. I get it. You know, I mentioned API security. Of course, API is such an important part of service mesh. Let’s talk a little bit about API security, service mesh, Linkerd, and maybe what Buoyant is doing to help on that, William? 

Morgan: Yeah, absolutely. So, you know, there’s kind of two general classes of API, at least from my perspective. One of them is user-facing — or, one of them external-facing. Like, how do I get traffic into the cluster. The other is within a cluster. You know? How does the communication happen there? You kind of have the same tools for treating both but the implications are a little different because you have a little more confidence within a cluster. But, from the service mesh perspective, we basically treat them as the same. We say, “Hey, what zero-trust says is you’re not going to trust anything. You’re not going to trust a network. You’re not going to trust a host. And all of that enforcement is going to happen at the most granular level possible.” 

So, if you have a service that’s meshed with Linkerd, communication is coming into the sidecars and the sidecar — little Linkerd micro-proxy — it’s determining the TLS, it’s validating the identity, then it’s also checking “Is this request allowed to happen?” So, if you are A and you’re talking to B, once I know your identity and I can validate that identity using cryptographic primitives and all that fancy stuff, is that communication allowed to happen? Is this particular request allowed to happen? That can be parameterized however you want to parameterize it. Linkerd is kind of the enforcement point. So, whether that traffic is from within the cluster or outside the cluster, it kind of really doesn’t matter from Linkerd’s perspective. We want to give you a uniform layer of API and traffic security based on things like mutual TLS. 

Shimel: Very cool. Hey, man, we’re almost out of time here. Well, we probably are over time already. But let’s talk about Buoyant specifically, William. What’s new with the company, go to market, bring us up to speed. 

Morgan: Yeah, so, we’ve been investing heavily in making Linkerd even easier to operate. We have a SAS product called Buoyant Cloud that is the number-one best way to run Linkerd in production. So, it allows you to manage your Linkerd installation across many clusters to do things like policy analysis so you make sure that your micro-segmentation is set up the way it’s supposed to be to track your TLS usage, see if there’s any unexpected plain-text connections happening. Kind of, every operational aspect that you need if you’re really serious about Linkerd, it’s all included in Buoyant Cloud. We’ve had a great reception there. There’s a free tier so you can try it out yourself and we can scale all the way up to organizations with massive Linkerd deployments. So, primarily, the theme for Buoyant has always been making Linkerd even easier to operate. Making Linkerd even more of a thing that you don’t have to worry about as an operator. 

Shimel: Absolutely. Excellent. Hey, William, I want to thank you for being our guest on TechStrong, coming on back, we always love having you on. For people who want to get more information about Buoyant, can you give them the website? 

Morgan: Absolutely. Go to Buoyant.io. That’s B-U-O-Y-A-N-T.io. Read all about it. 

Shimel: All right. Hey, William, fingers crossed KubeCon Valencia in April? May. 

Morgan: May. I’m going to be there no matter what. 

Shimel: Hope to see you there. I’m hoping me too. We’ll see you then. Take care and continued success. Keep doing what you’re doing, man. 

Morgan: Thanks, Alan. 

Shimel: All right. William Morgan, Linkerd Buoyant CEO here on TechStrongTV. We’re going to take a break; we’ll be right back. 

Alan Shimel

As Editor-in-chief of DevOps.com and Container Journal, Alan Shimel is attuned to the world of technology. Alan has founded and helped several technology ventures, including StillSecure, where he guided the company in bringing innovative and effective networking and security solutions to the marketplace. Shimel is an often-cited personality in the security and technology community and is a sought-after speaker at industry and government conferences and events. In addition to his writing on DevOps.com and Network World, his commentary about the state of technology is followed closely by many industry insiders via his blog and podcast, "Ashimmy, After All These Years" (www.ashimmy.com). Alan has helped build several successful technology companies by combining a strong business background with a deep knowledge of technology. His legal background, long experience in the field, and New York street smarts combine to form a unique personality.

Alan Shimel has 47 posts and counting. See all posts by Alan Shimel