Service Mesh (Istio/Linkerd) for Microservices

Our company is engaged in the development, support and maintenance of sites of any complexity. From simple one-page sites to large-scale cluster systems built on micro services. Experience of developers is confirmed by certificates from vendors.
8+Years of work900+Completed projects100+In house employees19+Partners
Development and maintenance of all types of websites:
Informational websites or web applications
Business card websites, landing pages, corporate websites, online catalogs, quizzes, promo websites, blogs, news resources, informational portals, forums, aggregators
E-commerce websites or web applications
Online stores, B2B portals, marketplaces, online exchanges, cashback websites, exchanges, dropshipping platforms, product parsers
Business process management web applications
CRM systems, ERP systems, corporate portals, production management systems, information parsers
Electronic service websites or web applications
Classified ads platforms, online schools, online cinemas, website builders, portals for electronic services, video hosting platforms, thematic portals

These are just some of the technical types of websites we work with, and each of them can have its own specific features and functionality, as well as be customized to meet the specific needs and goals of the client.

Offered services
Showing 1 of 1 servicesAll 2065 services
Service Mesh (Istio/Linkerd) for Microservices
Complex
from 2 weeks to 3 months
FAQ
Our competencies:
Development stages
Latest works
  • image_web-applications_feedme_466_0.webp
    Development of a web application for FEEDME
    1161
  • image_ecommerce_furnoro_435_0.webp
    Development of an online store for the company FURNORO
    1041
  • image_crm_enviok_479_0.webp
    Development of a web application for Enviok
    822
  • image_crm_chasseurs_493_0.webp
    CRM development for Chasseurs
    847
  • image_website-sbh_0.png
    Website development for SBH Partners
    999
  • image_website-_0.png
    Website development for Red Pear
    451
Show more works

Service Mesh (Istio/Linkerd) Implementation for Microservices

Service Mesh is an infrastructure layer for managing inter-service traffic in Kubernetes. Instead of each microservice independently implementing retry, timeout, mTLS, and tracing, these functions are offloaded to sidecar proxy, transparent to service code.

What Service Mesh Provides

Traffic Management:

  • Canary deployment (5% traffic → new version)
  • A/B testing by headers
  • Circuit breaker at infrastructure level
  • Retry and timeout without code changes

Observability:

  • Automatic tracing of all inter-service requests
  • Metrics: latency, error rate, throughput for each service pair
  • Service dependency graph (Service Graph)

Security:

  • mTLS between all services without code changes
  • Certificate rotation
  • Authorization Policies

Istio vs Linkerd

Criterion Istio Linkerd
Proxy Envoy (heavy, powerful) Linkerd2-proxy (light, Rust)
Sidecar RAM 300–500 MB 10–30 MB
Complexity High Moderate
Capabilities Full set Core features
Learning curve Steep Gentler

Linkerd for teams needing mTLS, observability, and basic traffic management without learning hundreds of Istio CRDs.

Linkerd Installation

# Install CLI
curl --proto '=https' --tlsv1.2 -sSfL https://run.linkerd.io/install | sh

# Check cluster
linkerd check --pre

# Install control plane
linkerd install --crds | kubectl apply -f -
linkerd install | kubectl apply -f -

# Verify
linkerd check

Sidecar injection (namespace annotation):

apiVersion: v1
kind: Namespace
metadata:
  name: production
  annotations:
    linkerd.io/inject: enabled

After this, all pods in namespace automatically get linkerd-proxy container.

Istio Traffic Management

Canary Deployment — gradual rollout of new version:

Use VirtualService and DestinationRule for traffic splitting, header-based routing, and progressive traffic shift.

Circuit Breaker through DestinationRule:

Configure consecutive error thresholds, ejection times, and connection pools.

mTLS

In Istio, enable mTLS per-namespace or globally:

apiVersion: security.istio.io/v1beta1
kind: PeerAuthentication
metadata:
  name: default
  namespace: production
spec:
  mtls:
    mode: STRICT  # only mTLS, plaintext forbidden

Authorization Policy — who can call whom:

apiVersion: security.istio.io/v1beta1
kind: AuthorizationPolicy
metadata:
  name: order-service-policy
  namespace: production
spec:
  selector:
    matchLabels:
      app: order-service
  rules:
    - from:
        - source:
            principals: ["cluster.local/ns/production/sa/api-gateway"]
      to:
        - operation:
            methods: ["GET", "POST"]

Observability via Kiali

Kiali is UI for Istio showing Service Graph:

kubectl apply -f https://raw.githubusercontent.com/istio/istio/release-1.20/samples/addons/kiali.yaml
kubectl apply -f https://raw.githubusercontent.com/istio/istio/release-1.20/samples/addons/jaeger.yaml
kubectl apply -f https://raw.githubusercontent.com/istio/istio/release-1.20/samples/addons/prometheus.yaml
kubectl apply -f https://raw.githubusercontent.com/istio/istio/release-1.20/samples/addons/grafana.yaml

istioctl dashboard kiali

Implementation Timeline

  • Linkerd installation + basic observability — 3–5 days
  • Istio installation + canary routing + mTLS — 1–2 weeks
  • Authorization policies + full observability stack — 1 more week