Bootstrapping Service Mesh Implementations with Istio: Build reliable, scalable, and secure microservices on Kubernetes with Service Mesh

Length: 418 pages
Edition: 1
Language: English
Publisher: Packt Publishing
Publication Date: 2023-04-21
ISBN-10: 1803246812
ISBN-13: 9781803246819
Sales Rank: #1153662 (See Top 100 Books)

A step-by-step guide to Istio Service Mesh implementation, with examples of complex and distributed workloads built using microservices architecture and deployed in Kubernetes

Purchase of the print or Kindle book includes a free PDF eBook

Key Features

Learn the design, implementation, and troubleshooting of Istio in a clear and concise format
Grasp concepts, ideas, and solutions that can be readily applied in real work environments
See Istio in action through examples that cover Terraform, GitOps, AWS, Kubernetes, and Go

Book Description

Istio is a game-changer in managing connectivity and operational efficiency of microservices, but implementing and using it in applications can be challenging. This book will help you overcome these challenges and gain insights into Istio’s features and functionality layer by layer with the help of easy-to-follow examples. It will let you focus on implementing and deploying Istio on the cloud and in production environments instead of dealing with the complexity of demo apps.

You’ll learn the installation, architecture, and components of Istio Service Mesh, perform multi-cluster installation, and integrate legacy workloads deployed on virtual machines. As you advance, you’ll understand how to secure microservices from threats, perform multi-cluster deployments on Kubernetes, use load balancing, monitor application traffic, implement service discovery and management, and much more. You’ll also explore other Service Mesh technologies such as Linkerd, Consul, Kuma, and Gloo Mesh. In addition to observing and operating Istio using Kiali, Prometheus, Grafana and Jaeger, you’ll perform zero-trust security and reliable communication between distributed applications.

After reading this book, you’ll be equipped with the practical knowledge and skills needed to use and operate Istio effectively.

What you will learn

Get an overview of Service Mesh and the problems it solves
Become well-versed with the fundamentals of Istio, its architecture, installation, and deployment
Extend the Istio data plane using WebAssembly (Wasm) and learn why Envoy is used as a data plane
Understand how to use OPA Gatekeeper to automate Istio’s best practices
Manage communication between microservices using Istio
Explore different ways to secure the communication between microservices
Get insights into traffic flow in the Service Mesh
Learn best practices to deploy and operate Istio in production environments

Who this book is for

The book is for DevOps engineers, SREs, cloud and software developers, sysadmins, and architects who have been using microservices in Kubernetes-based environments. It addresses challenges in application networking during microservice communications. Working experience on Kubernetes, along with knowledge of DevOps, application networking, security, and programming languages like Golang, will assist with understanding the concepts covered.

Cover
Title Page
Copyright and Credits
Contributors
Table of Contents
Preface
Part 1: The Fundamentals
Chapter1: Introducing Service Meshes
	Revisiting cloud computing
		Advantages of cloud computing
	Understanding microservices architecture
	Understanding Kubernetes
	Getting to know Service Mesh
		Retry mechanism, circuit breaking, timeouts, and deadlines
		Blue/green and canary deployments
	Summary
Chapter 2: Getting Started with Istio
	Why is Istio the most popular Service Mesh?
	Exploring alternatives to Istio
		Kuma
		Linkerd
		Consul
		AWS App Mesh
		OpenShift Service Mesh
		F5 NGINX Service Mesh
	Preparing your workstation for Istio installation
		System specifications
		Installing minikube and the Kubernetes command-line tool
	Installing Istio
		Enabling Istio for a sample application
		Sidecar injection
		Istio gateways
	Observability tools
		Kiali
		Jaeger
		Prometheus
		Grafana
	Istio architecture
	Summary
Chapter 3: Understanding Istio Control
Part 2: Istio in Practice
Chapter 4: Managing Application Traffic
	Technical requirements
		Setting up the environment
		Creating an EKS cluster
		Setting up kubeconfig and kubectl
		Deploying the Sockshop application
	Managing Ingress traffic using the Kubernetes Ingress resource
	Managing Ingress using the Istio Gateway
		Creating the gateway
		Creating virtual services
	Traffic routing and canary release
	Traffic mirroring
	Routing traffic to services outside of the cluster
	Exposing Ingress over HTTPS
		Enabling HTTP redirection to HTTPS
		Enabling HTTPS for multiple hosts
		Enabling HTTPS for CNAME and wildcard records
	Managing Egress traffic using Istio
	Summary
Chapter 5: Managing Application Resiliency
	Application resiliency using fault injection
		What is HTTP delay?
		What is HTTP abort?
	Application resiliency using timeouts and retries
		Timeouts
		Retries
	Building application resiliency using load balancing
		Round-robins
		RANDOM
		LEAST_REQUEST
		Defining multiple load balancing rules
	Rate limiting
	Circuit breakers and outlier detection
	Summary
Chapter 6: Securing Microservices Communication
	Understanding Istio security architecture
	Authentication using mutual TLS
		Service-to-service authentication
		Authentication with clients outside the mesh
	Configuring RequestAuthentication
	Configuring RequestAuthorization
	Summary
Chapter 7: Service Mesh Observability
	Understanding observability
	Metric scraping using Prometheus
		Installing Prometheus
		Deploying a sample application
	Customizing Istio metrics
		Adding dimensions to the Istio metric
		Creating a new Istio metric
	Visualizing telemetry using Grafana
	Implementing distributed tracing
		Enabling distributed tracing with Jaeger
	Summary
Part 3: Scaling, Extending, and Optimizing
Chapter 8: Scaling Istio to Multi-Cluster Deployments Across Kubernetes
	Technical requirements
		Setting up Kubernetes clusters
		Setting up OpenSSL
		Additional Google Cloud steps
	Establishing mutual trust in multi-cluster deployments
	Primary-remote on multi-network
		Establishing trust between the two clusters
		Deploying the Envoy dummy application
	Primary-remote on the same network
	Multi-primary on different networks
		Deploying and testing via Envoy dummy services
	Multi-primary on the same network
	Summary
Chapter 9: Extending Istio Data Plane
	Technical requirements
	Why extensibility
	Customizing the data plane using Envoy Filter
	Understanding the fundamentals of Wasm
	Extending the Istio data plane using Wasm
		Introducing Proxy-Wasm
		Wasm with Istio
	Summary
Chapter 10: Deploying Istio Service Mesh for Non-Kubernetes Workloads
	Technical requirements
	Examining hybrid architecture
	Setting up a Service Mesh for hybrid architecture
		Overview of the setup
		Setting up a demo app on a VM
		Setting up Istio in the cluster
		Configuring the Kubernetes cluster
		Setting up Istio on a VM
		Integrating the VM workload with the mesh
	Summary
Chapter 11: Troubleshooting and Operating Istio
	Understanding interactions between Istio components
		Exploring Istiod ports
		Exploring Envoy ports
	Inspecting and analyzing the Istio configuration
	Troubleshooting errors using access logs
	Troubleshooting errors using debug logs
		Changing debug logs for the Istio data plane
		Changing log levels for the Istio control plane
	Debugging the Istio agent
	Understanding Istio’s best practices
		Examining attack vectors for the control plane
		Examining attack vectors for the data plane
		Securing the Service Mesh
	Automating best practices using OPA Gatekeeper
	Summary
Chapter 12: Summarizing What We Have Learned and the Next Steps
	Technical requirements
	Enforcing workload deployment best practices using OPA Gatekeeper
	Applying our learnings to a sample application
		Enabling Service Mesh for the sample application
		Configuring Istio to manage application traffic
		Configuring Istio to manage application resiliency
		Configuring Istio to manage application security
	Certification and learning resources for Istio
	Understanding eBPF
	Summary
Appendix – Other Service Mesh Technologies
	Consul Connect
		Deploying an example application
		Zero-trust networking
		Traffic management and routing
	Gloo Mesh
	Kuma
		Deploying envoydemo and curl in Kuma mesh
		Traffic management and routing
	Linkerd
		Deploying envoydemo and curl in Linkerd
		Zero-trust networking
Index
Other Books You May Enjoy

To access the Link, solve the captcha.

How to download source code?

1. Go to: https://github.com/PacktPublishing

2. In the Find a repository… box, search the book title: Bootstrapping Service Mesh Implementations with Istio: Build reliable, scalable, and secure microservices on Kubernetes with Service Mesh, sometime you may not get the results, please search the main title.