Glossary Term

Service Mesh

Updated · 1 min read

A service mesh intercepts all network traffic between microservices and manages cross-cutting concerns — encryption, retries, circuit breaking, distributed tracing — transparently, without requiring changes to application code.

The Sidecar Pattern

Most service meshes inject a lightweight proxy (typically Envoy) as a sidecar container alongside every service Pod. All inbound and outbound traffic flows through the proxy, which enforces policies, collects telemetry, and handles connection management — invisible to the application.

What a Mesh Provides

  • mTLS — Mutual TLS between all services, automatically, with certificate rotation
  • Traffic Management — Canary deployments, A/B testing, weighted routing, fault injection
  • Observability — Distributed traces, per-service latency histograms, and request-level access logs
  • Resilience — Retries, timeouts, and circuit breakers applied at the network layer

Leading Implementations

Istio (CNCF graduated, Google origin) is the most feature-complete. Linkerd (CNCF graduated) prioritises simplicity and lower resource overhead. Consul Connect (HashiCorp) integrates tightly with the broader Consul service registry ecosystem.

Ready to put this into practice?

Our team has deployed these architectures across 100+ client engagements.

Talk to an Expert →

More Glossary Terms

Browse all →
FinOps FinOps (Financial Operations) is the discipline of applying financial accountability to the on-demand, variable-cost nature of cloud infrastructure. It combines culture, process, and tooling to ensure that cloud investment is visible, measured, and optimised continuously. The FinOps Lifecycle * Inform — Achieve full visibility: resource tagging, cost attribution, real-time dashboards, showback and GitOps GitOps extends Infrastructure as Code by making a Git repository the canonical, immutable source for both application manifests and infrastructure configuration. A GitOps operator continuously compares the live system against the state declared in Git, automatically remediating any divergence. The Four Principles (OpenGitOps) 1. Declarative — Desired system state expressed in Infrastructure as Code Infrastructure as Code (IaC) treats servers, networks, databases, and load balancers as software: version-controlled, peer-reviewed, and deployed through automated pipelines. Instead of clicking through a cloud console, you declare the desired state of your infrastructure and let the tool calculate and apply the diff. Declarative vs Imperative Most modern IaC Kubernetes Kubernetes (K8s) is an open-source system originally designed by Google, now maintained by the CNCF. It groups containers into logical units called Pods for easy management and service discovery. Core Architecture A cluster consists of a control plane (API server, scheduler, etcd, controller manager) and worker nodes that run Pods