Home

Awesome

<img src="docs/pics/logo/KMESH-horizontal-colour.png" alt="kmesh-logo" style="zoom: 100%;" />

LICENSE codecov

Introduction

Kmesh is a high-performance and low overhead service mesh data plane based on eBPF and programmable kernel. Kmesh brings traffic management, security and monitoring to service communication without needing application code changes. It is natively sidecarless, zero intrusion and without adding any resource cost to application container.

Why Kmesh

Challenges of the Service Mesh Data Plane

Service mesh software represented by Istio has gradually become popular and become an important component of cloud native infrastructure. However, there are still some challenges faced:

Kmesh Architecture

Kmesh transparently intercept and forward traffic based on node local eBPF without introducing extra connection hops, both the latency and resource overhead are negligible.

<div align="center"> <img src="docs/pics/kmesh-arch.svg" alt="kmesh-arch" width="800" /> <p>Kmesh Architecture</p> </div>

The main components of Kmesh include:

Kmesh innovatively sinks Layer 4 and Simple Layer 7 (HTTP) traffic governance to the kernel, and build a transparent sidecarless service mesh without passing through the proxy layer on the data path. We named this Kernel-Native mode.

<div align="center"> <img src="docs/pics/kernel-native-mode.png" alt="kernel-native-mode" width="800" /> <p>Kernel-Native Mode</p> </div>

Kmesh also provide a Dual-Engine Mode, which makes use of eBPF and waypoint to process L4 and L7 traffic separately, thus allow you to adopt Kmesh incrementally, enabling a smooth transition from no mesh, to a secure L4, to full L7 processing.

<div align="center"> <img src="docs/pics/dual-engine-mode.png" alt="duel-engine-mode" width="800" /> <p>Dual-Engine Mode</p> </div>

Key features of Kmesh

Smooth Compatibility

High Performance

Low Resource Overhead

Zero Trust

Safety Isolation

Open Ecology

Quick Start

Please refer to quick start and user guide to try Kmesh quickly.

Performance

Based on Fortio, the performance of Kmesh and Envoy was tested. The test results are as follows:

fortio_performance_test

For a complete performance test result, please refer to Kmesh Performance Test.

Contact

If you have any question, feel free to reach out to us in the following ways:

Contributing

If you're interested in being a contributor and want to get involved in developing Kmesh, please see CONTRIBUTING for more details on submitting patches and the contribution workflow.

License

The Kmesh user space components are licensed under the Apache License, Version 2.0. The BPF code templates, ko(kernel module) and mesh data accelerate are dual-licensed under the General Public License, Version 2.0 (only) and the 2-Clause BSD License (you can use the terms of either license, at your option).

Credit

This project was initially incubated in the openEuler community, thanks openEuler Community for the help on promoting this project in early days.