Service Mesh
The service mesh is typically implemented as a scalable set of network proxies deployed alongside application code (a pattern sometimes called a sidecar). These proxies handle the communication between the microservices and also act as a point at which the service mesh features can be introduced. The proxies comprise the service mesh’s data plane, and are controlled as a whole by its control plane.
We leverage ISTIO’s service mesh capabilities in the following areas of our deployment:
- To secure the service-to-service communication at the network layer. By default, mTLS is enabled and pod-to-pod traffic is completely encrypted.
- Ingress controller for routing traffic to the cluster
- Auto scaling of vendor pod using ISTIO traffic metrics