Bootstrapping Service Mesh Implementations with Istio: Build reliable, scalable, and secure microservices on Kubernetes with Service Mesh 9781803246819, 1803246812

Table of contents :
Cover
Title Page
Copyright and Credits
Contributors
Table of Contents
Preface
Part 1: The Fundamentals
Chapter1: Introducing Service Meshes
Revisiting cloud computing
Advantages of cloud computing
Understanding microservices architecture
Understanding Kubernetes
Getting to know Service Mesh
Retry mechanism, circuit breaking, timeouts, and deadlines
Blue/green and canary deployments
Summary
Chapter 2: Getting Started with Istio
Why is Istio the most popular Service Mesh?
Exploring alternatives to Istio
Kuma
Linkerd
Consul
AWS App Mesh
OpenShift Service Mesh
F5 NGINX Service Mesh
Preparing your workstation for Istio installation
System specifications
Installing minikube and the Kubernetes command-line tool
Installing Istio
Enabling Istio for a sample application
Sidecar injection
Istio gateways
Observability tools
Kiali
Jaeger
Prometheus
Grafana
Istio architecture
Summary
Chapter 3: Understanding Istio Control
Part 2: Istio in Practice
Chapter 4: Managing Application Traffic
Technical requirements
Setting up the environment
Creating an EKS cluster
Setting up kubeconfig and kubectl
Deploying the Sockshop application
Managing Ingress traffic using the Kubernetes Ingress resource
Managing Ingress using the Istio Gateway
Creating the gateway
Creating virtual services
Traffic routing and canary release
Traffic mirroring
Routing traffic to services outside of the cluster
Exposing Ingress over HTTPS
Enabling HTTP redirection to HTTPS
Enabling HTTPS for multiple hosts
Enabling HTTPS for CNAME and wildcard records
Managing Egress traffic using Istio
Summary
Chapter 5: Managing Application Resiliency
Application resiliency using fault injection
What is HTTP delay?
What is HTTP abort?
Application resiliency using timeouts and retries
Timeouts
Retries
Building application resiliency using load balancing
Round-robins
RANDOM
LEAST_REQUEST
Defining multiple load balancing rules
Rate limiting
Circuit breakers and outlier detection
Summary
Chapter 6: Securing Microservices Communication
Understanding Istio security architecture
Authentication using mutual TLS
Service-to-service authentication
Authentication with clients outside the mesh
Configuring RequestAuthentication
Configuring RequestAuthorization
Summary
Chapter 7: Service Mesh Observability
Understanding observability
Metric scraping using Prometheus
Installing Prometheus
Deploying a sample application
Customizing Istio metrics
Adding dimensions to the Istio metric
Creating a new Istio metric
Visualizing telemetry using Grafana
Implementing distributed tracing
Enabling distributed tracing with Jaeger
Summary
Part 3: Scaling, Extending,and Optimizing
Chapter 8: Scaling Istio toMulti-Cluster Deployments Across Kubernetes
Technical requirements
Setting up Kubernetes clusters
Setting up OpenSSL
Additional Google Cloud steps
Establishing mutual trust in multi-cluster deployments
Primary-remote on multi-network
Establishing trust between the two clusters
Deploying the Envoy dummy application
Primary-remote on the same network
Multi-primary on different networks
Deploying and testing via Envoy dummy services
Multi-primary on the same network
Summary
Chapter 9: Extending Istio Data Plane
Technical requirements
Why extensibility
Customizing the data plane using Envoy Filter
Understanding the fundamentals of Wasm
Extending the Istio data plane using Wasm
Introducing Proxy-Wasm
Wasm with Istio
Summary
Chapter 10: Deploying Istio Service Mesh for Non-Kubernetes Workloads
Technical requirements
Examining hybrid architecture
Setting up a Service Mesh for hybrid architecture
Overview of the setup
Setting up a demo app on a VM
Setting up Istio in the cluster
Configuring the Kubernetes cluster
Setting up Istio on a VM
Integrating the VM workload with the mesh
Summary
Chapter 11: Troubleshooting andOperating Istio
Understanding interactions between Istio components
Exploring Istiod ports
Exploring Envoy ports
Inspecting and analyzing the Istio configuration
Troubleshooting errors using access logs
Troubleshooting errors using debug logs
Changing debug logs for the Istio data plane
Changing log levels for the Istio control plane
Debugging the Istio agent
Understanding Istio’s best practices
Examining attack vectors for the control plane
Examining attack vectors for the data plane
Securing the Service Mesh
Automating best practices using OPA Gatekeeper
Summary
Chapter 12: Summarizing What We Have Learned and the Next Steps
Technical requirements
Enforcing workload deployment best practices using OPA Gatekeeper
Applying our learnings to a sample application
Enabling Service Mesh for the sample application
Configuring Istio to manage application traffic
Configuring Istio to manage application resiliency
Configuring Istio to manage application security
Certification and learning resources for Istio
Understanding eBPF
Summary
Appendix – Other Service Mesh Technologies
Consul Connect
Deploying an example application
Zero-trust networking
Traffic management and routing
Gloo Mesh
Kuma
Deploying envoydemo and curl in Kuma mesh
Traffic management and routing
Linkerd
Deploying envoydemo and curl in Linkerd
Zero-trust networking
Index
Other Books You May Enjoy