Master the English vocabulary of service mesh technologies — Istio, Linkerd, Envoy — and the concepts they implement: mTLS, traffic management, observability, and policy enforcement.
0 / 10 completed
1 / 10
What is a 'service mesh'?
A service mesh is an infrastructure layer (usually implemented as sidecar proxies) that intercepts all service-to-service traffic and provides cross-cutting features: mutual TLS, load balancing, circuit breaking, retries, and telemetry — without changing application code.
2 / 10
What is a 'sidecar proxy' in a service mesh?
A sidecar proxy (e.g. Envoy in Istio) runs as a second container in the same pod as your service. All traffic in and out of the pod flows through the sidecar, which applies mesh policies — without any changes to the application code.
3 / 10
What does 'mTLS' stand for and why is it important in a service mesh?
Mutual TLS (mTLS) means both the client and the server present and verify certificates. In a service mesh, mTLS is automatically applied to all inter-service traffic, giving you encrypted, identity-verified communication without writing any auth code.
4 / 10
What is 'traffic shifting' in an Istio context?
Traffic shifting (or traffic splitting) routes a configurable percentage of requests to different service versions. Used for canary deployments: 'Start shifting 5% of traffic to v2, monitor error rates, then gradually increase to 100%.'
5 / 10
What is a 'VirtualService' in Istio?
An Istio VirtualService configures routing rules: match traffic by URI, header, or method and forward it to specific destinations (e.g. different versions), inject delays, or return synthetic responses. It works together with DestinationRule.
6 / 10
What does 'circuit breaker' mean in a service mesh context?
A circuit breaker monitors failure rates for calls to an upstream service. When failures exceed a threshold, it 'opens' (stops sending requests) for a period, preventing your service from wasting resources on a failing dependency and causing a cascading failure.
7 / 10
What is the 'control plane' in a service mesh like Istio?
The control plane (Istiod in modern Istio) is the brain of the mesh: it receives configuration (VirtualServices, DestinationRules), translates it into Envoy proxy configuration, and pushes it to all sidecars. The data plane (proxies) does the actual traffic handling.
8 / 10
What is 'Envoy' in the context of service meshes?
Envoy is an open-source edge and service proxy originally developed by Lyft. It is used as the sidecar proxy in Istio (and as the foundation for many API gateways). It handles load balancing, retries, circuit breaking, health checks, and telemetry.
9 / 10
What does 'observability' mean in a service mesh context?
A service mesh gives you observability for free: every request passing through the sidecar proxies is measured (latency, error rate, throughput) and traced. You get a detailed service topology map and per-request traces without adding any instrumentation to your application.
10 / 10
What is 'Linkerd' in relation to service meshes?
Linkerd is a CNCF graduated project and an alternative to Istio. It uses ultra-lightweight Rust-based micro-proxies (instead of Envoy), focusing on simplicity, security (mTLS by default), and low resource overhead. Good choice for teams that find Istio complex.