Service Mesh & Istio
Traffic management, observability, security, sidecars, virtual services, gateways, Linkerd comparison
1What is the main role of a service mesh like Istio in a microservices architecture?
What is the main role of a service mesh like Istio in a microservices architecture?
Answer
A service mesh manages communication between microservices by providing traffic management, observability, and security features without modifying application code. Istio injects a sidecar proxy (Envoy) next to each pod to intercept and manage all network traffic. This centralizes configuration for retry, timeout, circuit breaking, mTLS, and distributed tracing at the infrastructure level rather than the application level.
2How does the sidecar pattern work in Istio and which proxy is used by default?
How does the sidecar pattern work in Istio and which proxy is used by default?
Answer
Istio automatically injects an Envoy proxy container as a sidecar into each application pod via a mutating admission webhook. This sidecar intercepts all inbound and outbound traffic from the application container, enabling traffic management, security, and observability policies without code changes. Envoy is chosen for its high performance, modern protocol support (HTTP/2, gRPC), and ability to handle dynamic configuration via xDS APIs.
3What is the difference between the control plane and the data plane in Istio?
What is the difference between the control plane and the data plane in Istio?
Answer
The control plane (Istiod) manages configuration, discovers services, and distributes rules to proxies via xDS APIs. It contains Pilot for service discovery, Citadel for certificate management, and Galley for configuration validation. The data plane consists of Envoy sidecars that execute traffic rules by intercepting and routing requests between services. Istiod never touches application traffic, only the sidecars do.
What is the role of a VirtualService in Istio?
What is the difference between a Gateway and a VirtualService in Istio?
+21 interview questions
Other DevOps interview topics
Version Control & Git
Linux Fundamentals
Shell Scripting & Bash
Networking Basics
Docker Fundamentals
CI/CD Fundamentals
GitHub Actions
GitLab CI/CD
Jenkins
Kubernetes Basics
Kubernetes Networking
Kubernetes Advanced
Ingress & API Gateway
Terraform Basics
Terraform Advanced
Ansible & Configuration Management
AWS Essentials
Azure Fundamentals
GCP Fundamentals
Monitoring & Prometheus
Logging & ELK Stack
Alerting & Incident Response
Cloud Identity & Secrets
CI/CD Pipeline Security
Helm & Kubernetes
Runtime & Cluster Security
Container Supply Chain Security
GitOps & ArgoCD
Progressive Delivery
Distributed Observability
Disaster Recovery & Backup
Performance Optimization
Cloud Cost Optimization
SRE Principles
Chaos Engineering
Platform Engineering
Master DevOps for your next interview
Access all questions, flashcards, technical tests, code review exercises and interview simulators.
Start for free