What is a Service Mesh and How Does it Compare to Kubernetes

Cloud-native applications are often architected as a complex network of distributed microservices running in containers. Running these applications in containers leverages Kubernetes as the de-facto standard for container orchestration.

Microservice sprawl is a challenge that many companies run into using microservices. This rapid growth in microservices creates problems around standardizing routing between multiple services, versions, authorization, authentication, encryption, and load balancing managed by a Kubernetes cluster.

Enhance your Kubernetes skills and gain credibility in the field with the Certified Kubernetes Administrator Certification Training. Enroll now!

What is Service Mesh?

A service mesh is a layer for a microservices application that you can configure. The mesh provides microservice discovery, load balancing, encryption, authentication, and authorization that are flexible, reliable, and fast.

The typical way to implement a service mesh is by providing a proxy instance, called a sidecar, for each service instance. Sidecars handle inter‑service communications, monitoring, security‑related concerns – anything that can be abstracted away from the individual services. This way, developers can focus on development, support, and maintenance for the application code in the services; operations can maintain the service mesh and run the app.

With a Service Mesh, you can split the business logic of the application from observability and network and security policies. The Service Mesh will enable you to connect, secure, and monitor your microservices.

  • Connect: a Service Mesh provides a way for services to discover and talk to each other. It allows for more effective routing to manage the flow of traffic and API calls between services/endpoints. 
  • Secure: a Service Mesh offers you reliable communication between services. You can use a Service Mesh to enforce policies to allow or deny the connection. For example, you can configure a system to deny access to production services from a client service running in a development environment.
  • Monitor: a Service Mesh enables the visibility of your microservices system. Service Mesh can integrate with out-of-the-box monitoring tools such as Prometheus and Jaeger.

These key features provide control into the behavior of the entire network of distributed microservices that make up a complex cloud-native application.

How a Service Mesh and Kubrerenetes Work Together

If you are deploying only a base Kubernetes cluster without a Service Mesh, you will run into the following issues:

  • There is no security between services.
  • Tracing a service latency problem is a severe challenge.
  • Load balancing is limited.

As you can see, a Service Mesh adds a missing layer currently absent in Kubernetes. In other words, a service mesh complements Kubernetes.

DevOps Engineer Master's Program

Bridge between software developers and operationsExplore Course
DevOps Engineer Master's Program

Who is Building Service Mesh Solutions?

The three leading Service Mesh providers are:

  • Consul
  • Istio
  • Linkerd

Let’s review each one in more detail.

Consul

Consul is a full-feature service management framework. Consul started as a way to manage services running on Nomad and has grown to support multiple other data centers and container management platforms, including Kubernetes.

Additional information is available at Consul.io.

Istio

Istio is a Kubernetes-native solution. Istio was developed by Lyft and now has backing and support from Google, IBM, and Microsoft.  

Istio split its data and control planes by using a sidecar-loaded proxy. The sidecar caches information so that it does not need to go back to the control plane for every call. A Kubernetes cluster is used to manage the control planes as pods. This arrangement offers better resilience if there is a failure of a single pod in any part of the service mesh.

Additional information is available at Istio.io.

Linkerd

Linkerd is also a popular Service Mesh run on top of Kubernetes and, due to its rewrite in v2, its architecture is very close to Istio’s. The difference is that Linkerd places a focus on simplicity

Additional information is available at Linkerd.io.

Next Steps

A Service Mesh is not a solution that you can stand up and have run by itself. A service mesh must be tied into your DevOps strategy. For the next steps, you will want to put in place the following:

  • You will want to have solutions running in the cloud.
  • Your solutions should be using Containers (such as Docker).
  • You will want to be using Kubernetes to manage your Containers in the Cloud.

With these three steps, you now have the base setup for running a Service Mesh. I have found that Istio is easier to set up with AWS, Microsoft Azure, Google Cloud, and IBM. The reason is that each vendor is investing development into Istio. Also, the DevOps community around Istio is more robust than competing products. With that said, the Service Mesh market is still very new. There is a lot of opportunity for other products to come out and offer an easier setup and more functionality.

The bottom line is that this is a space worth watching. Keep an eye on changes applied to Istio and other products. Choose to test new products frequently as the market matures. 

To become more proficient with Kubernetes and related tools, you may wish to pursue Simplilearn’s courses in DevOps or the comprehensive DevOps Engineer Master’s Program.  If you want to strengthen your cloud computing skills, consider Simplilearn’s courses in AWS, Azure, and Google Cloud technology, or the Simplilearn Cloud Architect Master’s Program that covers all three cloud platforms.

About the Author

Matthew DavidMatthew David

Matt is a Digital Leader at Accenture. His passion is a combination of solving today's problems to run more efficiently, adjusting focus to take advantage of digital tools to improve tomorrow and move organizations to new ways of working that impact the future.

View More
  • Disclaimer
  • PMP, PMI, PMBOK, CAPM, PgMP, PfMP, ACP, PBA, RMP, SP, and OPM3 are registered marks of the Project Management Institute, Inc.