A service mesh is a piece of infrastructure that that you can add to a containerized distributed application – say a microservice based application. The service mesh gives you complete control over the communication between all the microservices. It does this by equipping each service with a sidecar container. This sidecar will act as a reverse proxy for the service and will handle all inbound and outbound communication with the service. We call this communication the “data plane”. The service mesh also offers a “control plane”. This is a set of services that communicate with all the sidecars in the mesh. Through the control plane you can configure the sidecars.
There are several service mesh implementations available, including Istio, Linkerd and Consul.
Some of the capabilities of a service mesh include security, traffic shaping, fault injection and observability. By default, communication between services is done using mutual TLS. Through “virtual services” you can influence the routing of the messages between services. This enables A/B testing or canary release scenarios. By injecting faults, you can simulate network level issues and test the resilience of the services. The mesh offers observability because each sidecar pushes real-time telemetry back to the control plane. This telemetry can be visualized with monitoring tools like Grafana, Kiali or Jaeger. The telemetry includes information about the application services, as well as the sidecars and the control plane.
On March 16th, Edwin van Wijk taught the masterclass “Get a grip on your microservices using a service mesh”. In this masterclass, he explained what a service mesh is and demonstrated the capabilities of a service mesh implemented with Istio in a sample application. If you want to experiment with a service mesh yourself, check out Edwin’s sample application “Pitstop”. You can find the repository here: https://github.com/edwinvw/pitstop. The wiki of this repo contains extensive information on how to run the application with an Istio service mesh.