本文由 AI 分析生成
建立時間: 2017-10-09
Summary
EN: Kasun Indrasiri clarifies the distinction between service meshes and API gateways, two concepts frequently confused in microservices architecture. API gateways handle edge concerns (authentication, rate limiting, routing) for north-south traffic (external → internal). Service meshes handle infrastructure concerns (circuit breaking, service discovery, mTLS, observability) for east-west traffic (service → service) via sidecar proxies. The article argues they coexist and serve different purposes, though sidecar proxies can theoretically replace API gateways.
ZH: 本文釐清服務網格與 API Gateway 的區別:API Gateway 處理邊緣關注點(認證、限流、路由),用於南北向流量(外部到內部);服務網格透過 sidecar 代理處理基礎設施關注點(熔斷、服務發現、mTLS、可觀測性),用於東西向流量(服務間)。兩者並存且服務不同目的,但 sidecar 代理理論上可以取代 API Gateway。
Key Points
- API Gateway: north-south traffic (client → microservices); handles auth, rate limiting, routing, transformation
- Service Mesh: east-west traffic (service ↔ service); handles circuit breaking, service discovery, mTLS, distributed tracing
- Service mesh uses sidecar proxy pattern (e.g., Envoy): each service pod gets a co-located proxy
- Sidecar proxies intercept all traffic transparently — application code doesn’t need to implement resilience patterns
- The two can coexist: API gateway at the edge + service mesh for internal communication
- Theoretical replacement: a sidecar at the entry point can perform API gateway functions
Insights
- The sidecar proxy pattern is the architectural breakthrough of service meshes — it moves infrastructure concerns out of application code entirely
- Many teams deploy both because the operational overhead of service mesh (Istio, Linkerd) is significant and not justified for all east-west communication
- The article is from 2017 — since then, service meshes (Istio, Cilium) have matured and become more commonly deployed
Connections
- Connects to the self-hosted Kubernetes blog: service meshes are a natural addition to K8s infrastructure
- Relates to rainbow deploys: the service mesh’s traffic management capabilities make sophisticated deployment patterns more feasible
- The inverse Conway maneuver article: service mesh adoption often follows (or enables) the move to microservices architecture
Raw Excerpt
“API gateways are for north-south traffic — the entry point for external clients into your system. Service meshes are for east-west traffic — the communication between your internal services. They solve different problems and should coexist, not compete.”