What is a Service Mesh?

A service mesh is a dedicated infrastructure layer that adds features to a network between services. It allows to control traffic and gain insights throughout the system. Observability, traffic shifting (for canary releasing), resiliency features (such as circuit breaking and retry/timeout) and automatic mutual TLS can be configured once and enforced in a decentralized fashion. In contrast to libraries, which are used for similar functionality, a service mesh does not require code changes. Instead, it adds a layer of additional containers that implement the features reliably and agnostic to technology or programming language.

Service Mesh Architecture



Without a Service Mesh,

... each Microservice implements Business Logic and Cross Cutting Concerns (CCC) by itself.



With a Service Mesh,

... many CCCs like traffic metrics, routing, and encryption are moved out of the Microservice and into a proxy. Business logic and business metrics stay in the Microservices. Incoming and outgoing requests are transparently routed through the proxies. In addition to a layer of proxies (Data Plane), a Service Mesh adds a so-called Control Plane. If distributes configuration updates to all proxies and receives metrics collected by the proxies for further processing, e.g. by a monitoring infrastructure such as Prometheus.

Who needs a Service Mesh?

The value of a service mesh grows with the number of services an application consists of. Logically, microservices architectures are the most common use cases for a service mesh. However, the specific interaction might be more relevant in regards to how a service mesh can improve the control, reliability, security, and observability of the services. Even a monolith could benefit from a service mesh and some concrete microservice applications might not.