Microservice architectures solve some problems but introduce others. Dividing applications into independent services simplifies development, updates, and scaling. At the same time, it gives you many more moving parts to connect and secure. Managing all of the network services — load balancing, traffic management, authentication and authorization, etc. — can become stupendously complex.
There is a collective term for this networked space between the services in your Kubernetes cluster: a service mesh. A Google project, Istio, is all about giving you a way to manage your cluster’s service mesh before it turns into a bramble-snarl.
What is a service mesh?
With any group of networked applications, there is a slew of common behaviors that tend to spring up around them. Load balancing, for instance: There are few cases where a group of networked services don’t need that. Likewise, being able to A/B test different combinations of services, or to set up end-to-end authentication across chains of services. These behaviors are collectively referred to as a service mesh.