Service Mesh
Infrastructure layer dedicated to managing communication between microservices, providing observability, security, and traffic control transparently.
seed#service-mesh#istio#envoy#networking#microservices#observability
What it is
A service mesh is an infrastructure layer that manages communication between microservices transparently. Each service has a sidecar proxy that intercepts all network traffic, providing observability, security, and control without modifying application code.
Capabilities
| Capability | What it solves | Without mesh | With mesh |
|---|---|---|---|
| Observability | Traffic visibility | Instrument each service manually | Automatic metrics, traces, and logs |
| Security | Encryption between services | Configure TLS in each service | Automatic mTLS, certificate rotation |
| Traffic control | Safe deployments | All or nothing | Canary, traffic splitting, circuit breakers |
| Policies | Governance | Implement in each service | Centralized rate limiting and access control |
Implementations
| Service Mesh | Proxy | Characteristics |
|---|---|---|
| Istio | Envoy | Most complete, complex |
| Linkerd | linkerd2-proxy | Lightweight, simple |
| AWS App Mesh | Envoy | Native AWS integration |
| Consul Connect | Envoy | Multi-platform |
When do you need a service mesh?
- Many microservices (>10) communicating with each other
- You need mTLS between services
- You require detailed traffic observability
- Canary deployments or traffic splitting
Why it matters
A service mesh manages communication between microservices transparently: mTLS, circuit breaking, observability, and traffic management without modifying application code. It is the network layer that makes complex distributed systems operable.
References
- Istio Documentation — Official documentation.
- Linkerd — Lightweight service mesh.
- Envoy Proxy — CNCF, 2024. High-performance proxy used by most service meshes.