Draft documentation: https://docs.google.com/document/d/131gjC-MxZ0BenJBY_ZRKhUzrmLgx4sPtnbWnkp7KmN4/edit?usp=sharing

We often get questions about "how to scale a service mesh". In Service Mesh 2, there was a feature called "multi-tenancy". It turns out the term can mean different things to different users - sometimes not related to the feature we used to have. Scaling and multi-tenancy are two very closely related problems, so this page attempts to provide guidance for both topics.

Istio includes several features for scoping service mesh resources within a service mesh that can be used to isolate areas of a mesh, implementing a form of soft multi-tenancy within a single service mesh. This page describes those features.

Note that Discovery Selectors are used to scope the namespaces that a mesh watches, but the features below assume a single mesh with a boundary that has already been defined with discovery selectors (or includes the entire cluster). This story is about dividing that mesh into different zones.

Features covered:

• Sidecar resource
• exportTO
• Authorization Policies 

The Istio Zones project attempts to automate these features: https://github.com/openshift-service-mesh/istio-zones. That project is out of scope for this doc task.

For more background, this Kubecon talk also discussed these concepts: https://www.youtube.com/watch?v=w3d8gxGpaNQ&t=128s