Service Meshes are part of all our Kubernetes implementations now. We value the additional security features they provide to our platforms.
We are using Istio on multiple production clusters and are assessing Cilium as it also improves on Kubernetes' NetworkPolicies. We also consider Linkerd a good candidate when looking for a Service Mesh for your project.
Service Mesh is a solution which makes service to service communication more comfortable and more secure in large microservice architectures. It decouples the routing part from the microservices which allows a service mesh implementation to offer features like:
- Service Discovery (canary routing, a-b testing, etc.)
- Resilience (circuit breaking, timeouts, etc.)
- Observability (route metrics, traffic logging, etc.)
- End-to-end encryption (mTLS)
service mesh implementations:
- Istio
- Open Service Mesh
- Kuma
- and many more...
At AOE we are using service meshes in multiple projects and are assessing best-practices and service mesh implementations.