Istio Service Mesh

Definition

Open-source service mesh providing traffic management and security for microservices across any Kubernetes cluster, enhancing observability.

Use Cases

Frequently Asked Questions

What's the difference between Istio service mesh and an API gateway?
An API gateway mainly manages north-south traffic (client-to-service traffic entering your platform), handling things like authentication, rate limiting, and routing at the edge. Istio service mesh focuses on east-west traffic (service-to-service communication inside your platform), adding features like mutual TLS between services, fine-grained traffic splitting for canary releases, retries/timeouts, and deep telemetry across microservices.
When should I use Istio service mesh?
Use Istio when you have multiple microservices and need consistent, centralized controls for service-to-service security (mTLS), traffic management (canary/blue-green, retries, timeouts), and observability (metrics, logs, tracing) across one or more Kubernetes clusters. If you have a small number of services, minimal security/traffic requirements, or limited platform engineering capacity, a lighter approach (Kubernetes Ingress + basic observability) may be simpler.
How much does Istio service mesh cost?
Istio itself is open source and has no license fee, but it has operational and infrastructure costs. Common cost drivers include extra CPU/memory for sidecar proxies (Envoy) per pod, control-plane resources, increased network/telemetry volume (metrics and traces), and engineering time for installation, upgrades, and policy management. If you use a managed or supported distribution (for example, a cloud provider’s service-mesh offering), you may also pay for the managed control plane and associated platform services.

Category: containers

Difficulty: advanced

Related Terms

See Also