Overview

Microservices

Developers frequently break down cloud-native applications into multiple services that perform specific actions. This type of architecture is called microservices architecture.

Service Mesh Overview

A service mesh is defined as a dedicated infrastructure layer for managing service-to-service communication to make it manageable, visible, and controlled. If I had to describe service mesh with a more straightforward sentence, I would say that the service mesh is all about the communication between services.

Developers and operators can configure and execute the following scenarios without any code changes to the services:

  • Mutual TLS and automatic certificate rotation

  • Identifying performance and reliability issues using metrics

  • Visualizing metrics in tools like Grafana; this further allows altering and integrating with PagerDuty, for example

  • Debugging services and tracing using Jaeger or Zipkin*

  • Weight-based and request based traffic routing, canary deployments, A/B testing

  • Traffic mirroring

  • Increase service resiliency with timeouts and retries

  • Chaos testing by injecting failures and delays between services

  • Circuit breakers for detecting and ejecting unhealthy service instances

Istio Overview

Istio is an open source service mesh that layers transparently onto existing distributed applications. Istio’s powerful features provide a uniform and more efficient way to secure, connect, and monitor services.

Istio has two components: the data plane and the control plane.

istio architecture
Data Plane

The data plane is the communication between services. Without a service mesh, the network doesn’t understand the traffic being sent over, and can’t make any decisions based on what type of traffic it is, or who it is from or to.
An Envoy proxy is deployed along with each service that you start in your cluster, or runs alongside services running on VMs.

Control Plane

The control plane takes your desired configuration, and its view of the services, and dynamically programs the proxy servers, updating them as the rules or the environment changes.