DevOps · 5 modules

Service Mesh: Istio & Linkerd

The platform layer for service-to-service traffic. Learn sidecars and ambient mode, traffic management, mTLS and zero trust, resilience patterns and mesh observability — and remember it with spaced repetition.

flashcards
80
flashcards
per day
~10 min
per day
level
Intermediate → Advanced
level
modules
5
modules
About this topic

What is a service mesh?

A service mesh is a dedicated infrastructure layer that handles service-to-service communication — routing, security and telemetry — outside your application code. Proxies (Envoy sidecars in Istio, micro-proxies in Linkerd, or ambient/sidecarless modes) sit on the request path, so every call gets mTLS, retries and metrics without touching the app.

The mental model that makes everything click is the split between the data plane (the proxies moving your traffic) and the control plane (the brain configuring them). From there the features follow: traffic splitting for canary releases, retry budgets that prevent retry storms, authorization policies for zero-trust networking, and RED metrics for every service — for free.

This track is the advanced tier of the Kubernetes family: it assumes you know Pods, Services and Deployments, and stays vendor-neutral — concepts first, with Istio and Linkerd named where the implementations genuinely differ. Spaced repetition keeps the distinctions sharp for design reviews and interviews alike.

What you'll learn

5 modules, seed to bloom

Each module is a set of flashcards — 80 in total. Answer, review, and watch your knowledge grow from seed to full bloom.

Mesh Concepts & Architecture

What a mesh is, data vs control plane, sidecars, ambient mode, and when to use one

16 cards

Traffic Management

L7 routing, canary releases, retries and timeouts, mirroring, and load balancing

16 cards

Security & mTLS

Mutual TLS, workload identity, authorization policies, and zero-trust networking

16 cards

Resilience Patterns

Circuit breaking, outlier detection, fault injection, rate limiting, and failover

16 cards

Mesh Observability

Golden signals from the proxies, RED metrics, tracing propagation, and access logs

16 cards
Try before you plant

Sample questions

A taste of the real flashcards. Pick an answer, then reveal the explanation.

Sample · Service Mesh: Istio & Linkerd

What is a service mesh?

  • AAn infrastructure layer managing service-to-service traffic — apps offload routing, security and telemetry
  • BA message broker between services — requests are queued and delivered asynchronously by the platform
  • CA Kubernetes network plugin — it assigns Pod IPs and wires the cluster's low-level connectivity
  • DAn API gateway for internal APIs — a central proxy terminates and forwards every service call
Permalink & share
Sample · Service Mesh: Istio & Linkerd

How does a canary release work with a mesh?

  • AA small traffic share goes to the new version — it grows gradually as health metrics stay green
  • BThe new version replaces all Pods at once — the mesh rolls back if startup probes fail
  • CThe new version runs in a separate cluster — DNS switches over after a long soak period
  • DBoth versions process every request — responses are compared and the faster one wins
Permalink & share
Sample · Service Mesh: Istio & Linkerd

Which class of attack remains possible even with mesh mTLS everywhere?

  • AApplication-level exploits — SQL injection in a request rides the encrypted channel intact
  • BTraffic sniffing on the node network — packet captures reveal payloads between the Pods
  • CService impersonation inside the mesh — any Pod can present another workload's identity
  • DMan-in-the-middle between sidecars — intermediaries can silently rewrite the requests
Permalink & share
Sample · Service Mesh: Istio & Linkerd

What is the mesh's role in distributed tracing?

  • AProxies create spans for each hop — but apps must forward trace headers between calls
  • BProxies trace everything alone — the applications need no involvement whatsoever
  • CProxies sample logs into traces — text lines are stitched together by timestamp
  • DProxies only label the metrics — actual traces require a language-specific agent
Permalink & share
How Gnoseed works

Learn it once, keep it for good

1

Answer a question

Each card is one practical concept with multiple options. Pick what you think is right.

2

Get the full answer

See the correct option plus a clear explanation, and a link to deeper docs when one is available.

3

Review at the right time

A spaced-repetition engine (SM-2 or FSRS) resurfaces each card just before you would forget it.

Why learn this

Why service mesh is worth your time

Platform-level superpowers

mTLS, canary routing and golden-signal metrics for every service without changing application code — once you know how to wield them.

Zero-trust, in practice

Workload identity and authorization policies are how modern clusters drop the "trusted internal network" assumption.

Resilience by configuration

Circuit breaking, outlier ejection and retry budgets tame cascading failures — if you understand what each knob really does.

A senior-level differentiator

Mesh architecture questions (sidecar vs ambient, ON-path vs control plane) are staples of platform and SRE interviews.

FAQ

Common questions

Do I need Kubernetes knowledge first? +

Yes — the track assumes you are comfortable with Pods, Services and Deployments. The Kubernetes tracks cover those fundamentals if you need them first.

Is this Istio-specific or Linkerd-specific? +

Neither — the cards teach mesh concepts that hold across implementations, and name Istio or Linkerd explicitly where they genuinely differ (Envoy sidecars vs micro-proxies, ambient mode, Viz extension).

Is it free? +

Yes, completely free. No registration or credit card is required, and all your progress is stored locally in your browser.

Does my team actually need a mesh? +

Not always — and the track says so. One of the concepts covered is when a mesh is overkill and plain Kubernetes Services with NetworkPolicies are the better call.

Ready to master service mesh?

Plant your first seed today. Ten minutes a day is all it takes to turn mesh buzzwords into working knowledge.

Start learning free