Introduction to Service Mesh Solutions and Their Implementation in Our Platform

The service architecture has evolved from monolithic applications to microservices, and in the cloud‑native era microservices have further progressed to service mesh, separating governance functions into an independent infrastructure layer.

Microservice adoption brings clear boundaries, easier maintenance, independent deployment and scaling, but also introduces distributed complexity, deployment challenges, increased latency, and troubleshooting difficulties, prompting the need for service governance.

Service governance provides capabilities such as service discovery, tracing, resilience, and API gateways. Traditional approaches like API gateways, rpcx with Zookeeper, and Kubernetes native services each have limitations and incompatibilities.

Service mesh, exemplified by Linkerd and especially Istio, abstracts governance into a sidecar layer that offers discovery, load balancing, circuit breaking, rate limiting, retries, authentication, and observability without modifying application code.

Our platform selected Istio as the open‑source mesh solution, leveraging Envoy sidecars, with a control plane (istiod) comprising Pilot, Citadel, and Galley, and a data plane using Envoy proxies to provide L4/L7 traffic management.

Implementation details include traffic ingress via Istio Ingress Gateway, iptables‑based pod traffic hijacking for transparent sidecar injection, and a smooth migration path that allows services to move between the legacy API gateway and the mesh without code changes.

For rollback, iptables rules can be removed to detach sidecars, enabling graceful downgrade. Additional extensions were built as EnvoyFilters, Lua/Wasm plugins, and custom webhook containers to manage traffic policies.

Future work focuses on lazy loading of service configurations (using projects like Slime), Envoy gray‑release strategies, efficient monitoring and metric collection, and better plugin management via CRDs.

Overall, the service mesh provides a unified, transparent governance layer that decouples business logic from infrastructure, improving scalability, observability, and operational flexibility in a cloud‑native environment.