Service Mesh là infrastructure layer xử lý service-to-service communication trong microservices, thường được implement qua sidecar proxy pattern (mỗi service pod có một proxy container đi kèm).
- Service Mesh cung cấp: mTLS (mutual TLS) cho encrypted communication giữa services, load balancing, circuit breaking, retry logic, timeout, distributed tracing, metrics collection – tất cả mà không cần sửa application code.
- Vấn đề Service Mesh giải quyết: khi có hàng chục microservices, implement networking concerns trong mỗi service (bằng library) rất khó maintain, tốn công, dễ inconsistent.
- Service Mesh chuyển những concerns này ra infrastructure layer.
- Istio (với Envoy sidecar) và Linkerd là hai giải pháp phổ biến nhất.
- Trade-off: operational complexity rất cao, Istio đặc biệt nặng và có learning curve lớn – chỉ phù hợp khi có đủ platform engineering team.
- Nhiều tổ chức chọn giải pháp đơn giản hơn như Consul Connect hoặc AWS App Mesh.
A Service Mesh is an infrastructure layer that handles service-to-service communication in microservices, typically implemented via the sidecar proxy pattern (each service pod has an accompanying proxy container).
- A Service Mesh provides: mTLS (mutual TLS) for encrypted inter-service communication, load balancing, circuit breaking, retry logic, timeouts, distributed tracing, and metrics collection — all without modifying application code.
- The problem it solves: with dozens of microservices, implementing networking concerns in each service (via libraries) is hard to maintain, labor-intensive, and inconsistent.
- A Service Mesh moves these concerns to the infrastructure layer.
- Istio (with an Envoy sidecar) and Linkerd are the two most popular solutions.
- Trade-offs: operational complexity is very high; Istio in particular is heavyweight with a steep learning curve — only appropriate when you have a dedicated platform engineering team.
- Many organizations opt for simpler solutions like Consul Connect or AWS App Mesh.