In case you're wondering what a service mesh is, this seems to be one explainer: <a href="https://istio.io/docs/concepts/what-is-istio/" rel="nofollow">https://istio.io/docs/concepts/what-is-istio/</a><p>Things that this seems to do are application level end-to-end authorization / authentication, load balancing, monitoring, etc.<p>Not sure if it does service discovery or you'll still need something else for that.
Apart from the specific technology used, it's important to change the way applications are designed and implemented. I saw many projects in trouble because they merely split a monolithic application into small pieces, without applying a new model of design and thinking. If you approach micro-services development without changing your mind first, you will fail.
Sadly Kubernetes is still vendor locked in - although you have a selection of them.
Average Joe cannot install Kubernetes on their pool of commodity dedicated servers or VPS servers because there is no ingress that works with already assigned IP addresses.
If you buy a dedicated server you get a block if IPs and there is no way to assign them to ingress.
If such thing was developed, people could ditch expensive cloud providers in favour of order of magnitude cheaper dedicated servers.
I feel that service mesh integration in k8s is still very immature. Be aware that running any sidecar model service mesh requires setting elevated permissions on the entire pod. Your pod security policy will need to allow NET_ADMIN at the very least, since service meshes mostly operate by manipulating iptables rules in the pod. Often there are other elevated permissions required. Usually this means people are setting elevated permissions globally on the default svc account, which is scary.