Learn the vocabulary of centrally managing service-to-service traffic in a microservices architecture.
0 / 5 completed
1 / 5
At standup, a dev mentions a dedicated infrastructure layer that handles service-to-service traffic, retries, and encryption transparently, without each service implementing that logic itself. What is this layer called?
A service mesh is a dedicated infrastructure layer that transparently handles service-to-service traffic concerns, like retries, encryption, and load balancing, without each individual service needing to implement that logic itself. This centralizes cross-cutting networking concerns outside individual application code, typically through a sidecar proxy deployed alongside each service. It's a common architectural pattern in a larger microservices deployment where consistent, centrally managed traffic handling matters.
2 / 5
During a design review, the team wants to gradually shift a small percentage of live traffic to a new service version before fully rolling it out. Which capability supports this?
Traffic splitting, or canary routing, gradually shifts a small percentage of live traffic to a new service version, letting the team observe its real-world behavior before committing to a full rollout. Routing all traffic immediately risks a much larger blast radius if the new version has an undiscovered issue. A service mesh typically provides this fine-grained traffic control declaratively, without requiring changes to the services' own application code.
3 / 5
In a code review, a dev notices every service-to-service call within the mesh is automatically encrypted using mutual TLS, without the application code implementing any encryption itself. What does this represent?
Mesh-managed mutual TLS automatically encrypts and authenticates traffic between services within the mesh, without requiring each individual service's application code to implement that encryption itself. This ensures consistent, strong transport security across the entire mesh rather than depending on every team correctly implementing it independently. Centralizing this concern in the mesh's infrastructure layer also makes it far easier to audit and enforce consistently.
4 / 5
An incident report shows a service mesh's sidecar proxy added enough latency overhead to a high-throughput critical path that it became a noticeable performance bottleneck. What practice would reduce this risk?
Measuring a service mesh's added latency overhead before applying it to a performance-sensitive critical path reveals whether that overhead is acceptable for the specific use case. Assuming the overhead is always negligible skips a real evaluation that matters more for a high-throughput, latency-sensitive path than a less critical one. This deliberate performance evaluation helps the team decide where a service mesh's operational benefits are worth its measurable cost.
5 / 5
During a PR review, a teammate asks why the team relies on a service mesh instead of implementing retry logic, encryption, and traffic control separately within each individual service's own code. What is the reasoning?
Implementing retry logic, encryption, and traffic control separately within every individual service means that same logic gets duplicated and maintained independently across the whole system, with a real risk of inconsistency between services. A service mesh centralizes these cross-cutting concerns in one shared infrastructure layer, applied consistently everywhere. The tradeoff is the added operational complexity of running and managing the mesh infrastructure itself.