Sidecar per pod
Every application pod has an Envoy sidecar. App talks to localhost:port; sidecar handles TLS, retries, routing.
Advertisement
Sidecar per pod
Every application pod has an Envoy sidecar. App talks to localhost:port; sidecar handles TLS, retries, routing.
Advertisement
Control plane
Istio Pilot or Linkerd's control plane pushes config to sidecars via xDS (dynamic configuration API).
What sidecar handles
- mTLS between services (auto-cert-rotation)
- Retries + timeouts (config-driven)
- Circuit breakers
- Distributed tracing
- Metrics collection
What sidecar costs
Extra hop adds ~1-3ms latency. Memory footprint per pod (50-200MB per Envoy). Config complexity is real.
When to skip mesh
Small services (<10). Latency-critical paths. Small ops team. Direct HTTP works fine for most.