Virtualization Technology News and Information
RSS 2022 Predictions: Service Mesh Open Source, GraphQL and eBPF

vmblog predictions 2022 

Industry executives and experts share their predictions for 2022.  Read them in this 14th annual series exclusive.

Service Mesh Open Source, GraphQL and eBPF

By Lin Sun, director of open source and Nikki Rouda, product marketing at

Looking ahead to the new year, here are the 2022 technology predictions:

Istio's Rise to Prominence Will Continue

Open source Istio will continue to solidify its position as the dominant platform for service mesh in Kubernetes environments, and weaker alternatives will fade quickly. The CNCF indicates Istio is the top recommended service mesh to adopt and industry analysts show Istio as a preferred technology. While users are adopting Istio successfully within single clusters, multi-cluster service mesh across hybrid environments such as VM and bare metal remain to be challenging. These challenges will foster vendors who built solutions on top of Istio to rapidly innovate so that users can expand their Istio adoption smoothly as they build resiliency, observability, and security for their services running in multi-clusters and VMs.

We expect more choices will be offered to Istio users such asproxyless gRPC or other proxyless libraries in the near future. For users who only need mutual TLS among their services, Istio would provide a proxyless way to achieve this without sidecars or Kubernetes and could support distribution and rotation of "keys and certs" so users can leverage these directly in their applications. These innovations in Istio and Kubernetes will continue to solidify Istio's leader position in service mesh.

Security Remains a Must

Security will absolutely remain a top concern for enterprises (and hopefully everyone.) Microservices introduce more surface area for attacks and more complexity to protect sensitive data. One emerging trend is adoption of comprehensive "zero trust" security, where every application/microservices connection is verified (authenticated and authorized) complementing encryption (mTLS), web application firewall (WAF), data loss prevention (DLP), and other precautions. Service meshes built on Istio can offer a relatively easy way to achieve zero-trust security as they route all traffic connections between microservices.

GraphQL Will Go Mainstream

Developers (service consumers) love GraphQL because it is very simple and declarative. As API consumers become more distributed across different digital devices/platforms or networks, getting exactly what you asked for is becoming more critical than ever. On the other hand, GraphQL servers aren't easy to develop or operate. It could be a steep learning curve to learn how to write a resolver, how to stitch multiple schemas together and how to operate GraphQL servers in addition to their applications. These challenges open up opportunities for vendors to innovate in this space to bring GraphQL easily to service producers without needing to rewrite their applications so that service consumers can get exactly what they ask for.

When GraphQL is provided to existing services becomes as simple as connecting the services to an API gateway or attaching a sidecar to the services to run in the service mesh, developers can easily add GraphQL for their services without making code changes to their existing REST or gRPC services or operating standalone GraphQL servers for their services. We expect this will be a simple transition for users, especially for the users who are already leveraging Envoy as API gateway or sidecar proxies to bring GraphQL to their services.

eBPF/Linux Heats Up

eBPF (extensible Berkeley Packet Filter) has the potential to significantly enhance how service meshes operate. eBPF is rapidly emerging as a flexible, safe, and fast way to execute custom logic in Linux kernels, being developed in an open source project called Cilium. Cilium gives eBPF-based networking, observability, and security, which has some functional overlap with Istio service mesh. Some companies are now exploring solutions where simultaneously Envoy Proxies can use eBPF to teach kernel policies on how to route packets to Envoy worker threads at layer 4, while Istio can deliver complementary functionality at layer 7. This has the potential to streamline and optimize service mesh performance without compromising on full-featured capabilities.

GitOps Continues to Grow

One big benefit of using a declarative configuration approach is understanding the intent of the desired end state of a system. Kubernetes is an example of a system that uses declarative configuration to drive the desired end states once you apply the yaml to your Kubernetes cluster. While Kubernetes is very powerful and drives the desired end states based on declarative configurations, operators often need to store the desired configuration in a source control repository like GitHub and apply these configurations to their Kubernetes environments in an automated fashion through a merged pull request after running a set of tests and peer reviews.

We expect more products will integrate nicely with GitOps, not only at the initial deployment but also full lifecycle management including upgrades and roll back. Artificial intelligence can be used in conjunction with GitOps to handle operations such as gradually shifting more production traffic to the newer configuration, or roll back based on either increased failure rate or latency when compared with the prior configurations.



Lin Sun

Lin Sun 

Lin has been working on container and cloud-native technologies since 2014 from Docker to Kubernetes to Service Mesh. Lin has deep knowledge of Istio and Kubernetes and has extensive experience building and operating highly available cloud-native services. She is also an Istio maintainer, a member of the Istio steering committee and technical oversight committee. 

Nikki Rouda

Nikki Rouda 

Nikki Rouda leads product marketing for, the modern API infrastructure company delivering application networking from the edge to service mesh. Nikki has extensive experience leading application modernization, big data, analytics, and data center infrastructure initiatives.
Published Tuesday, November 30, 2021 7:32 AM by David Marshall
There are no comments for this post.
To post a comment, you must be a registered user. Registration is free and easy! Sign up now!
<November 2021>