Service Mesh的流量为什么在通信两端都需要经过sidecar ?




  • Outbound Feature
    • Load Blancing
    • Retry and circuit breakder
    • Other
  • Inbound Feature
    • Other

在我看来,除了Load BlancingRetry and circuit breakder两个功能必须在Outbound完成,其他功能在Outbound或者Inbound都是可以完成的。那么,大家就会想,既然是这样,为什么不只使用Outbound进行代理,Inbound就不要再使用代理层了,这样可以降低延时。



  • QUIC
  • mTLS
    TLS (Transport Layer Security) provides the necessary encryption for applications when communicating over a network. HTTPS (Hypertext Transfer Protocol Secure) is an extension of HTTP that leverages TLS for security. The TLS technique requires a CA (Certificate Authority) to issue a X.509 digital certificate to a service, which is then handed over to the consumer of the service for it to validate it with the CA itself. mTLS extends the same idea to applications, for example, microservices wherein both the provider and the consumer require to produce their own certificates to the other party. These certificates are validated by both parties with their respective CAs. Once validated, the communication between the server/client or provider/consumer happens securely.

Buoyant公司的CEO William,曾经给出对service mesh的定义:服务网格是一个独立的基础设施层,用来处理服务之间的通信。