• Infrastructure layer for service to service
• Lightweight proxies deployed together with
• Ensures consistent routing, security,
resilience and monitoring.
Service Mesh Capabilities
• Trafﬁc Control
• Service Discovery
• Load Balancing
• Deployment Strategies
• Data Plane
• Intercepts all inbound (ingress) and outbound (egress)
• Service mesh sidecar model (proxy) is an implementation of
the data plane that runs as a container in a Kubernetes Pod.
• Control Plane
• Manages and conﬁgures proxies to route trafﬁc, enforce
policies, and collect telemetry.
• Made up of three services: Pilot, Mixer, and Auth.
ISTIO Control Plane
• Service Discovery, RouteRule
• Telemetry, ACL’s, White Lists,
Rate Limits, Custom Metrics
• Certiﬁcate Authority, TLS,
ISTIO Sidecar Proxies
• Envoy is a Layer 7 proxy developed by Lyft.
• Default and most popular implementation of
• nginMesh (Nginx)
• Works in the ISTIO environment.
• Kubenernetes APIs allow users to specify the desired
state of a Kubernetes cluster with declarative yaml or
json conﬁg for a Resource.
• Facilitating self-healing APIs that continuously watch the
state of the system.
• Leveraging tools that work with any Kubernetes conﬁg such
as kubectl and kustomize.
• Integrating with Kubernetes Authz and Authn.
• Developers can build and publish their own Kubernetes APIs
which may be installed into running clusters by cluster
Custom Resource and
• Custom Controllers have access to Kubernetes
API that can see the current state and make
decisions in milliseconds.
• Custom Controllers can use custom rules that
can monitor a cluster, change pods, and scale
endpoints of an applications.
• Useful for abstracting complexities of managing
state-full applications in Kubernetes clusters.
• SDK for rapidly building and publishing Kubernetes APIs in
go. It facilitates using canonical techniques used by core
Kubernetes APIs as well as techniques speciﬁc to
• Initializing new project library dependencies and structure.
• Bootstrapping API scaffolding code, tests, and documentation.
• High level abstractions wrapping client-go, apimachinery, and
• Building and publishing API container images and yaml conﬁg.
• Building and publish API reference documentation.