When the time comes to run a cloud-native application, the first order of business is actually getting external “user” traffic into your Kubernetes cluster and to your backend services, which requires a way to manage incoming traffic.
A Kubernetes-native ingress controller, such as Emissary Ingress, serves this purpose, routing and securing traffic into your cluster. However, an ingress only deals with the “first hop” of external traffic entering a cluster. With a microservices-based system there are often multiple hops between dependent services.
A service mesh, such as Linkerd, provides additional traffic management functionality for service-to-service communication within a Kubernetes cluster.
Both ingress and service meshes provide “layer 7” (L7 from the OSI model) traffic management capabilities, such as load balancing, rate limiting, and circuit breaking. These are key to safeguarding availability and scalability. They also offer traffic observability, from top line rate, error, and duration (RED) metrics all the way through to access logs and distributed tracing to visualize the flow of a user request through the microservice graph.