Service Mesh

Service Mesh

A service mesh adds a sidecar proxy (Envoy) to each pod — handling mTLS, retries, tracing, and traffic splitting without code changes.

# Popular meshes
# Istio   -- most features, complex setup
# Linkerd -- lightweight, simpler

# Istio traffic policy
apiVersion: networking.istio.io/v1alpha3
kind: VirtualService
metadata:
  name: payment-service
spec:
  http:
    - retries:
        attempts: 3
        perTryTimeout: 5s
      timeout: 15s

# Canary split via Istio
route:
  - destination: {host: svc, subset: v1}
    weight: 90
  - destination: {host: svc, subset: v2}
    weight: 10