An infrastructure layer for communication between microservices without code changes.
Why¶
In microservices, every call is a network call. Service mesh handles latency, outages, security, and monitoring transparently.
How It Works¶
Sidecar proxy (Envoy) at each service intercepts traffic and provides:
- mTLS — automatic encryption
- Load balancing
- Retries/timeouts — circuit breaking
- Observability — metrics, traces
- Traffic management — canary, A/B
Implementation¶
- Istio — most widely adopted, comprehensive
- Linkerd — simpler, lower overhead
- Cilium — eBPF, no sidecar
When to (Not) Use¶
- YES — 10+ services, mTLS, complex routing
- NO — few services, monolith, API gateway is sufficient
Service Mesh for Microservices¶
Solves real problems, but adds complexity.
service meshistiomicroservices