Service Mesh¶
What is a service mesh?¶
A service mesh is an infrastructure layer that handles security controls, observability, and traffic management for a microservice application. Generally, a goal of a service mesh is to add this functionality without the microservices knowing about it, enabling developers to separate these concerns from their applications.
Some examples of service meshes include:
Istio (see Charmed Istio for deploying with Juju)
Why do I need a service mesh?¶
Kubernetes facilitates deploying resilient and scalable microservice applications in multi-tenant environments, but these deployments also have specific operational concerns:
how do I protect against person-in-the-middle attacks?
how do I enforce fine-grained access controls so that only applications who need to talk to each other can?
how do I gain visibility into the traffic flow of an application?
Service meshes address these problems through:
authentication: strong identity enforcement in service-to-service communication, including mTLS encryption
authorization: explicit service-to-service authorization controls
observability: automatic observability throughout the mesh