According to The New Stack, service mesh is a technology that aims to “improve the security, observability and traffic control of distributed systems”. More specifically, a service mesh is a component of orchestration tools for containerized environments such as Kubernetes, typically responsible for functions that include routing traffic among containerized applications, serving as the interface for defining autonomous service-to-service mutual TLS (mTLS) policies and then enforcing them, and providing visibility into application availability and security. Like Kubernetes as a whole, service meshes consist of control, management, and data planes.
Service meshes typically handle traffic management and security in a way that’s transparent to the containerized applications. By offloading functions like SSL/TLS and load balancing, service meshes free developers from having to implement security or service availability separately in each application.
Service meshes range in focus from small and very focused to very large with a comprehensive set of network and cluster management tools (such as Istio), and everywhere in between. The larger and more complex the service mesh, the more helpful an independent management plane can be.
Are You Ready for a Service Mesh?
While service meshes are an excellent tool for application traffic management in a managed cluster, they are not the be‑all and end‑all for Kubernetes. Like any additional tool, they introduce overhead: training for users, new management requirements, integration into existing CI/CD pipelines, and so on. Before investing in a service mesh, it’s important to identify which of your current and planned use cases might benefit from it.
Use our 6‑point checklist to determine your readiness – the more statements are true for you, the more a service mesh will add value:
- You have a mature, production CI/CD pipeline
- You are deploying frequently to production – at least once per day
- You are fully invested in Kubernetes for your production environment
- Your application is complex in both number and depth of services
- You have a zero‑trust production environment and need mTLS between services
- Your team has reached operational maturity when deploying and orchestrating your applications – meaning you’re comfortable running Kubernetes in production, including management and troubleshooting
How Can NGINX Help?
When you’ve established that you need a service mesh, the decision about which to choose comes down to your use cases. Ask yourself: “What do I want the mesh to manage?”
- If the answer is application traffic management, security, and governance, choose a mesh that highlights the data plane rather than the control plane, such as NGINX Service Mesh. It’s lightweight but full‑featured, and leverages NGINX Plus to bring enterprise‑grade traffic management and security tools to Kubernetes environments.
- If the answer is Kubernetes cluster and network management, lean towards a more feature‑rich mesh such as Istio with F5’s Aspen Mesh as the independent management plane.