I wrote this blog on using a service mesh with Dgraph, this time using NGINX Service Mesh. For internal traffic from clients within the Kubernetes cluster, Dgraph can be secured using strict MutualTLS as well as be properly load balanced (as gRPC uses HTTP/2, default service proxy sub-optimal).
I also wrote a followup on north-south traffic, as far as what comes into the service mesh, using NGINX+ Ingress Controller, which integrates with the service mesh, so that traffic between the ingress controller and meshed services goes through MutualTLS as well.