Service Mesh comparison – Istio vs LinkerD
What is a service mesh?
A service mesh is in charge of managing the network traffic between the services. It does it in a more automated and scalable way compared to otherwise what it would take a lot of manual work. (and we know that manual work is not good 🙂 )
In other words, the service mesh lays in top of Kubernetes, takes over your services networking and makes the communications safe and reliable. It allows to connect, secure and monitor your services.
You can focus on writing your microservices and leverage the observability, network, and security policies to the service mesh.
Key capabilities of a service mesh
We can split the key capabilities in three:
- Traffic Management
- mTLS
- Fault Injection
- Circuit Breaking
- Deployment Strategies
- Metrics/Observability
- Out-of-the-box monitoring and tracing tools
- Out-of-the-box monitoring and tracing tools
- Security/Policies
- Enforce policies and isolation
A service mesh enables “intelligent route control” capabilities, along with end-to-end encryption in the communications between the services. In addition, it also enables fault injection and advanced deployment strategies like blue/green, canaries, rolling upgrades, and more.
A service mesh becomes the “dashboard of your microservices“, a place where you can view and control what’s going on inside your cluster.
Service mesh comparison
When it comes to service mesh for Kubernetes, there are two big players, Istio and LinkerD. Both have amazing features and work in a very similar way so it is often a complicated choice.
Istio
- Istio is a Kubernetes native service mesh, but it supports other orchestration tools like Consul and even VMs.
- It was created by Lyft, but Google and IBM are now supporting it. Today Anthos comes with “Istio” service mesh capabilities.
- It relies on a control plane and sidecars for working
- We can say it is the most popular Kubernetes Service Mesh
- It is very customizable
- It is complex
LinkerD
- Mirrors Istio architecture closely. (sidecars, control plane)
- It is part of the Cloud Native Foundation (CNCF)
- LinkerD focuses on simplicity instead of Flexibility
- It is a Kubernetes-only solution
- We can say it is the second most used Kubernetes service mesh
Comparison Table
Here you can find a summary of a comparison between the features:
| ISTIO | LINKERD | |
| Mesh Features | ||
| Encrypted traffic | Yes. Auto mTLS | Yes, but not for TCP. (mongo connection) |
| Inter microservices traffic management | Yes. Policies | Limited |
| Microservices metrics for automatic scalability | Yes. Prometheus | Yes. Prometheus |
| Real-time mesh status observability | Yes. Kiali. (more graphical) | Yes. (own dashboard, simpler) |
| Microservices Rate Limiting | Yes | No |
| Microservices Testing Features (fail injection, delays, % balancer) | Yes | Limited |
| Microservices Circuit breaking | Yes | No |
| Microservices Release mechanisms (canary, green/blue, etc.) | Yes | Yes |
| Monitoring integration and metrics standards (opentelemetry) | Yes. Grafana, Jaeger (tracing) | Yes |
| Access Logs Generation | Yes | No out-of-the-box (possible with plugins) |
| Does it work for Inter-cluster communications? (multi-cluster) | Yes | No |
| Mesh Generic stuff | ||
| Complexity | High | Low |
| Easy of Use | Complex | Medium |
| Companies behind it | Google, Lyft, IBM | Buoyant |
| Market acceptance/maturity. Community size | Large | Medium |
| Support Model | Community and Google on Anthos | Community. Buoyant |
| License/Cost | Apache 2.0 | Apache 2.0 |
| Pros | Many Features. Can be extended. | Easy to Use |
| Cons | Complex | Deeply Integrated with kubernetes. Cannot be expanded. |
Comparison Conclusion
In conclusion, Istio is very flexible, but it is also very complex, therefore the learning curve is really big, yet it allows you to do more. LinkerD on the other hand focuses on simplicity, so it is easy to use but less customizable.
