Adding a service mesh to Kubernetes
A service mesh pattern is a logical extension of the sidecar proxy. By attaching sidecar proxies to every Pod, a service mesh can control functionality for service-to-service requests, such as advanced routing rules, retries, and timeouts. In addition, by having every request pass through a proxy, service meshes can implement mutual TLS encryption between services for added security and can give administrators incredible observability into requests in their cluster.
There are several service mesh projects that support Kubernetes. The most popular are as follows:
- Istio
- Linkerd
- Kuma
- Consul
Each of these service meshes has different takes on the service mesh pattern. Istio is likely the single most popular and comprehensive solution, but is also quite complex. Linkerd is also a mature project, but is easier to configure (though it uses its own proxy instead of Envoy). Consul is an option that supports Envoy in addition...