The original idea behind service mesh was to add a proxy alongside a running workload. Today, most service meshes in Kubernetes run a dedicated proxy for each workload instance, as an additional container in each pod, in an approach known as the sidecar pattern. This pattern ensures that the proxy does not become a bottleneck and does not introduce a failure domain beyond a single pod. It allows the proxies to own the identity of the workload and authenticate it among themselves.
With the sidecar, administrators can offload common network functions such as timeouts, retries and load balancing, rather than requiring each separate container to manage those functions on their own.
Some of the products that appear on this site are from companies from which QuinStreet receives compensation. This compensation may impact how and where products appear on this site including, for example, the order in which they appear. QuinStreet does not include all companies or all types of products available in the marketplace.