Kmesh is a high-performance service mesh data plane software based on programmable kernel. Provides high-performance service communication infrastructure in service mesh scenarios.
The service mesh software represented by Istio has gradually become popular and has become an important component of cloud infrastructure. However, the current service mesh still face some challenges:
- Extra latency overhead at the proxy layer: Single hop service access increases by 2~3ms, which cannot meet the SLA requirements of latency-sensitive applications. Although the community has come up with a variety of data plane solutions to this problem, the overhead introduced by agents cannot be completely reduced.
- High resources occupation: The agent occupies extra CPU/MEM overhead, and the deployment density of service container decreases.
Kmesh innovatively proposes to move traffic governance to the OS, and build a transparent sidecarless service mesh without passing through the proxy layer on the data path.
Smooth Compatibility
- Application-transparent Traffic Management
- Automatically interconnecting with Istiod
High Performance
- Forwarding delay 60%↓
- Service startup performance 40%↑
Low Overhead
- ServiceMesh data plane overhead 70%↓
Safety Isolation
- eBPF Virtual machine security
- Cgroup level orchestration isolation
Full Stack Visualization
- E2E observation*
- Integration with Mainstream Observability Platforms*
Open Ecology
- Supports XDS protocol standards
Note: * Planning
Please refer to quick start.
Based on Fortio, the data plane execution performance of Kmesh and Envoy was compared and tested. The test results are as follows:
For a complete performance test, please refer to Kmesh Performance Test.
The main components of Kmesh include:
- Kmesh-daemon: The management program responsible for Kmesh lifecycle management, XDS protocol integration, observability, and other functions.
- Ebpf orchestration: The traffic orchestration implemented based on eBPF, including routing, canary deployments, load balancing, and more.
- Waypoint: Based on istio proxy to adapt to Kmesh protocol, responsible for L7 traffic governance.
-
Command List
-
Demo
| Feature Field | Feature | 2023.H1 | 2023.H2 | 2024.H1 | 2024.H2 |
|---|---|---|---|---|---|
| Traffic management | sidecarless mesh data plane | √ | |||
| sockmap accelerate | √ | ||||
| Programmable governance based on ebpf | √ | ||||
| http1.1 protocol | √ | ||||
| http2 protocol | √ | ||||
| grpc protocol | √ | ||||
| quic protocol | √ | ||||
| tcp protocol | √ | ||||
| Retry | √ | ||||
| Routing | √ | ||||
| load balance | √ | ||||
| Fault injection | √ | ||||
| Gray release | √ | ||||
| Circuit Breaker | √ | ||||
| Rate Limits | √ | ||||
| Service security | mTLS | √ | |||
| L7 authorization | √ | ||||
| Cgroup-level isolation | √ | ||||
| Traffic monitoring | Governance indicator monitoring | √ | |||
| End-to-End observability | √ | ||||
| Programmable | Plug-in expansion capability | √ | |||
| Ecosystem collaboration | Data plane collaboration (Envoy etc.) | √ | |||
| Operating environment support | container | √ |
If you have questions, feel free to reach out to us in the following ways:
If you're interested in being a contributor and want to get involved in developing the Kmesh code, please see CONTRIBUTING for details on submitting patches and the contribution workflow.
Kmesh is under the Apache 2.0 license. See the LICENSE file for details.
Kmesh documentation is under the CC-BY-4.0 license.
This project was initially incubated in the openEuler community, thanks openEuler Community for the help on promoting this project in early days.