Progressive Service Mesh Migration Strategy at Ant Financial
This article details Ant Financial's progressive Service Mesh migration plan, explaining the challenges of moving massive legacy applications to Kubernetes and Istio, the evaluated evolution routes, key migration practices like network continuity and DNS-based addressing, and the implementation of custom CoreDNS plugins for dynamic DNS updates.
Ant Financial presented a progressive Service Mesh migration plan for its main site, addressing challenges of large-scale legacy applications and the need for smooth transition to Kubernetes and Istio.
The plan outlines four evolution routes, evaluates their pros and cons, and ultimately adopts a two‑leg approach: early sidecar deployment for non‑K8s workloads combined with gradual migration to K8s and Istio.
Key migration practices include maintaining network connectivity, transparent sidecar interception, and using DNS‑based service addressing to simplify client logic.
To support DNS addressing, the team extended CoreDNS with custom plugins and a DynAPI for dynamic record updates, leveraging etcd for storage and ensuring safe operation across multiple clusters.
Future work focuses on securing DynAPI with HTTPS, improving watch performance, and integrating IDC‑aware DNS for cross‑region efficiency.
AntTech
Technology is the core driver of Ant's future creation.
How this landed with the community
Was this worth your time?
0 Comments
Thoughtful readers leave field notes, pushback, and hard-won operational detail here.