What Is Service Mesh?

• A service mesh is a configurable, low‑latency infrastructure layer designed to handle a high volume of network‑based interprocess communication among application infrastructure services
• The mesh provides critical capabilities including service discovery, load balancing, encryption, observability, traceability, authentication and authorization, and support for the circuit breaker pattern.
• Aservice mesh takes the logic governing service-to-service communication out of individual services and abstracts it to a layer of infrastructure.
• Without a service mesh, each service (i.e. microservice) needs to be coded with logic to govern service-to-service communication, which means developers are less focused on business goals
• A service mesh captures every aspect of service-to-service communication as performance metrics
• A service mesh is a component of IT infrastructure that manages communications between internal microservices and components, and helps them share the data that fuels application functionality

The Sidecar Proxy

• A service mesh is built into an app as an array of network proxies
• In a service mesh, requests are routed between microservices through proxies in their own infrastructure layer.
• Individual proxies that make up a service mesh are sometimes called “sidecars,” since they run alongside each service, rather than within them
• Together, these “sidecar” proxies which are decoupled from each other, form a mesh network

Why to Use Service Mesh?

• Service Mesh manages the network traffic between services. It does that in a much more graceful and scalable way compared to what would otherwise require a lot of manual, error-prone work and operational burden that is not sustainable in the long-run.
• Service mesh layers on top of your Kubernetes infrastructure and is making communications between services over the network safe and reliable
• Connect: Service Mesh enables services to discover and talk to each other. It enables intelligent routing to control the flow of traffic and API calls between services/endpoints
• Secure: Service Mesh allows you secure communication between services. It can enforce policies to allow or deny communication. E.g. you can configure a policy to deny access to production services from a client service running in the development environment.
• Monitor: Service Mesh enables observability of your distributed microservices system. Service Mesh often integrates out-of-the-box with monitoring and tracing tools (such as Prometheus and Jaeger in the case of Kubernetes) to allow you to discover and visualize dependencies between services, traffic flow, API latencies, and tracing.
• Service Mesh for Microservice Architecture:
  • Service-to-service communication is what makes microservices possible
  • The logic governing communication can be coded into each service without a service mesh layer—but as communication gets more complex, a service mesh becomes more valuable
  • For cloud-native apps built in a microservices architecture, a service mesh is a way to comprise a large number of discrete services into a functional application
  • Service mesh allows you to separate the business logic of the application from observability, network and security policies
  • It allows you to connect, secure, and monitor your microservices

Service Mesh Options for Kubernetes

• Istio
• Linkered
• Consul Connect
• OpenShift Service Mesh
• NGINX Service Mesh (NSM)

See: Comparison of Istio, Linkerd and Consul Connect for Kubernetes Service Mesh

Links

• https://platform9.com/blog/kubernetes-service-mesh-a-comparison-of-istio-linkerd-and-consul/#what-is-service-mesh
• https://www.redhat.com/en/topics/microservices/what-is-a-service-mesh
• https://www.nginx.com/blog/what-is-a-service-mesh/
• https://istio.io/latest/about/service-mesh/
• https://buoyant.io/what-is-a-service-mesh

Next

• Microservices Choreography vs Orchestration
• Service mesh vs. API gateway
• https://specify.io/concepts/microservices#choreography
• Service mesh vs. API gateway