bluemsi/2nd
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
95cd8bb891bf94ea5dd50e4a490ee17d5707ecf2
2nd/10_Wiki/Topics/Architecture/Service Mesh.md
T
Antigravity Agent f8b21af4be Wiki cleanup: error-doc removal, dedup merge, link normalization 
10_Wiki/Topics 대규모 정리:
- 오류 캡처/미완성 stub 문서 227개 제거
- 교차폴더 중복 43클러스터 병합 (63파일 → redirect)
- 링크명 정규화: 깨진 링크 수정·redirect 직결·개념 매핑 ~2,400건
- 카테고리 MOC 6개 신규 생성
- Graph 섹션 미해결 related-keyword 링크 10,058건 제거

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
2026-05-20 23:52:15 +09:00

4.8 KiB
Raw Blame History

id, title, category, status, canonical_id, aliases, duplicate_of, source_trust_level, confidence_score, verification_status, tags, raw_sources, last_reinforced, github_commit, tech_stack
id title category status canonical_id aliases duplicate_of source_trust_level confidence_score verification_status tags raw_sources last_reinforced github_commit tech_stack
wiki-2026-0508-service-mesh Service Mesh 10_Wiki/Topics verified self
Service Mesh
Istio
Linkerd
sidecar mesh
none A 0.9 applied
microservices
kubernetes
networking
observability
2026-05-10 pending
language framework
yaml kubernetes

Service Mesh

매 한 줄

"매 service-to-service 통신을 매 platform layer로 매 외부화". mTLS, retry, traffic split, observability를 매 application code 변경 없이. 2026년에는 매 Istio Ambient Mode (sidecar-less)와 Linkerd (Rust)가 매 표준이며, 매 eBPF-based Cilium Service Mesh가 매 빠르게 확산.

매 핵심

매 핵심 기능

  • mTLS: 매 서비스 간 매 암호화 + 매 identity.
  • Traffic mgmt: canary, A/B, retry, timeout, circuit-break.
  • Observability: 매 metrics, traces, access log 매 자동.
  • Policy: 매 authz, 매 rate limit.

매 architecture

  • Data plane: 매 proxy (Envoy/linkerd2-proxy/eBPF) — 매 traffic 매 가로챔.
  • Control plane: 매 config 분배 (istiod, linkerd-controller).

매 응용

  1. 매 다중 microservice K8s cluster.
  2. 매 zero-trust networking.
  3. 매 progressive delivery (Argo Rollouts + mesh).
  4. 매 multi-cluster federation.

💻 패턴

매 Istio Ambient (2026, no sidecar)

apiVersion: install.istio.io/v1alpha1
kind: IstioOperator
spec:
  profile: ambient
  meshConfig:
    accessLogFile: /dev/stdout

istioctl install --set profile=ambient
kubectl label namespace prod istio.io/dataplane-mode=ambient

매 Traffic split (canary)

apiVersion: networking.istio.io/v1
kind: VirtualService
metadata: { name: orders }
spec:
  hosts: [orders]
  http:
    - route:
        - { destination: { host: orders, subset: v1 }, weight: 90 }
        - { destination: { host: orders, subset: v2 }, weight: 10 }

매 Retry + timeout

apiVersion: networking.istio.io/v1
kind: VirtualService
metadata: { name: payments }
spec:
  hosts: [payments]
  http:
    - timeout: 2s
      retries:
        attempts: 3
        perTryTimeout: 500ms
        retryOn: 5xx,reset,connect-failure

매 mTLS strict

apiVersion: security.istio.io/v1
kind: PeerAuthentication
metadata: { name: default, namespace: prod }
spec:
  mtls: { mode: STRICT }

매 AuthorizationPolicy

apiVersion: security.istio.io/v1
kind: AuthorizationPolicy
metadata: { name: orders-allow-checkout }
spec:
  selector: { matchLabels: { app: orders } }
  rules:
    - from: [{ source: { principals: ["cluster.local/ns/prod/sa/checkout"] } }]
      to: [{ operation: { methods: [POST], paths: ["/place"] } }]

매 Linkerd (간단 + Rust proxy)

linkerd install --crds | kubectl apply -f -
linkerd install | kubectl apply -f -
kubectl annotate ns prod linkerd.io/inject=enabled

매 Cilium Service Mesh (eBPF)

apiVersion: helm.cattle.io/v1
kind: HelmChartConfig
metadata: { name: cilium }
spec:
  valuesContent: |
    serviceMesh:
      enabled: true
    kubeProxyReplacement: true
    ingressController:
      enabled: true

매 Observability — Tempo/Grafana 연동

# 매 Istio가 매 자동으로 매 Jaeger/Tempo로 trace 송신
meshConfig:
  defaultProviders:
    tracing: [tempo]
  extensionProviders:
    - name: tempo
      zipkin: { service: tempo.observability.svc, port: 9411 }

매 결정 기준

상황 Approach
매 < 10 service Mesh 매 over-kill. 매 lib (resilience4j) 충분.
매 10+ service + K8s Mesh 가치 ↑.
매 latency 매 critical Linkerd (Rust, 가벼움).
매 feature-rich Istio Ambient.
매 eBPF + CNI 통합 Cilium Mesh.
매 multi-cluster Istio multi-primary.

기본값: K8s 표준 + Istio Ambient. 매 가벼움 우선이면 Linkerd.

🔗 Graph

🤖 LLM 활용

언제: 매 service 수 매 폭증, 매 zero-trust 의무화, 매 progressive delivery. 언제 X: 매 monolith, 매 < 5 service, 매 platform 팀 부재.

안티패턴

  • 매 mesh 매 도입하고 매 lib retry 그대로: 매 double retry → 매 storm.
  • 매 sidecar 마다 매 큰 resource: 매 ambient mode 미사용.
  • 매 mTLS 미적용: 매 mesh 본질 미활용.
  • 매 mesh 가 매 모든 문제 해결한다고 가정: 매 application bug는 별개.

🧪 검증 / 중복

  • Verified (Istio docs 1.24+, Linkerd docs 2.16+, Cilium docs 1.16+).
  • 신뢰도 A.

🕓 Changelog

날짜 변경
2026-05-08 Phase 1
2026-05-10 Manual cleanup — Istio Ambient + Linkerd + Cilium 2026 patterns
Reference in New Issue View Git Blame Copy Permalink