Что такое Service Mesh
Коротко:
Service Mesh — infrastructure layer, managing communication between microservices. Sidecar proxies (Envoy) intercept all traffic → handle: mTLS encryption, retries, circuit breakers, traffic shaping, observability (metrics/traces). Примеры: Istio (most-featured), Linkerd (lightweight), Consul Connect, AWS App Mesh. Overhead: +2-5 ms latency per hop, больше memory.
Ниже: подробности, пример, смежные термины, FAQ.
Подробности
- Sidecar pattern: каждый pod имеет Envoy proxy container
- Control plane: управляет всеми sidecars (Istio istiod, Linkerd control plane)
- mTLS by default: zero-trust networking внутри cluster
- Traffic management: weighted routing, canary, A/B без application code
- Observability: auto-generated traces, metrics, mTLS cert rotation
Пример
# Istio VirtualService — 10% traffic to v2
apiVersion: networking.istio.io/v1beta1
kind: VirtualService
spec:
http:
- route:
- destination: { host: my-service, subset: v1 }
weight: 90
- destination: { host: my-service, subset: v2 }
weight: 10Смежные термины
Больше по теме
Часто задаваемые вопросы
Service mesh или API gateway?
Gateway — north-south (ingress). Mesh — east-west (service-to-service). Дополняют друг друга.
Overkill для small cluster?
Для < 10 services — yes. Complexity не окупается. Для 50+ services + mTLS requirement — worth it.
Istio или Linkerd?
Istio: feature-rich, steep learning curve. Linkerd: lightweight Rust, simpler UX. Для starter — Linkerd.