A service mesh allows service developers to offload the work of network communication, and focus more on business logic.
A service mesh is a configurable infrastructure layer for a microservices application. It makes communication between service instances flexible, reliable, and fast. The mesh provides service discovery, load balancing, encryption, authentication and authorization, support for the circuit breaker pattern, and other capabilities.
The service mesh is usually implemented by providing a proxy instance, called a sidecar, for each service instance. Sidecars handle interservice communications, monitoring, and security‑related concerns – anything that can be abstracted away from the individual services. This way, developers can handle development, support, and maintenance for the application code in the services; operations teams can maintain the service mesh and run the app.
Istio, backed by Google, IBM, and Lyft, is currently the best‑known service mesh architecture. Kubernetes, which was originally designed by Google, is currently the only container orchestration framework supported by Istio.
A service mesh works with a service discovery protocol to detect services as they come up. Then, the mesh ages them gracefully when they disappear. Service discovery is a container management framework that keeps a list of instances that are ready to receive requests – or be discovered – by other services. Together, they create resilience in service‑to‑service communication.