Istio in Action, Video Edition

Istio in Action, Video Edition

English | MP4 | AVC 1280×720 | AAC 44KHz 2ch | 87 Lessons (12h 05m) | 1.68 GB

Solve difficult service-to-service communication challenges around security, observability, routing, and resilience with an Istio-based service mesh. Istio allows you to define these traffic policies as configuration and enforce them consistently without needing any service-code changes.

In Istio in Action you will learn:

  • Why and when to use a service mesh
  • Envoy’s role in Istio’s service mesh
  • Allowing “North-South” traffic into a mesh
  • Fine-grained traffic routing
  • Make your services robust to network failures
  • Gain observability over your system with telemetry “golden signals”
  • How Istio makes your services secure by default
  • Integrate cloud-native applications with legacy workloads such as in VMs

Reduce the operational complexity of your microservices with an Istio-powered service mesh! Istio in Action shows you how to implement this powerful new architecture and move your application-networking concerns to a dedicated infrastructure layer. Non-functional concerns stay separate from your application, so your code is easier to understand, maintain, and adapt regardless of programming language. In this practical guide, you’ll go hands-on with the full-featured Istio service mesh to manage microservices communication. Helpful diagrams, example configuration, and examples make it easy to understand how to control routing, secure container applications, and monitor network traffic.

Offload complex microservice communication layer challenges to Istio! The industry-standard Istio service mesh radically simplifies security, routing, observability, and other service-to-service communication challenges. With Istio, you use a straightforward declarative configuration style to establish application-level network policies. By separating communication from business logic, your services are easier to write, maintain, and modify.

Istio in Action teaches you how to implement an Istio-based service mesh that can handle complex routing scenarios, traffic encryption, authorization, and other common network-related tasks. You’ll start by defining a basic service mesh and exploring the data plane with Istio’s service proxy, Envoy. Then, you’ll dive into core topics like traffic routing and visualization and service-to-service authentication, as you expand your service mesh to workloads on multiple clusters and legacy VMs.

What’s Inside

  • Comprehensive coverage of Istio resources
  • Practical examples to showcase service mesh capabilities
  • Implementation of multi-cluster service meshes
  • How to extend Istio with WebAssembly
  • Traffic routing and observability
  • VM integration into the mesh
Table of Contents

1 Part 1 Understanding Istio
2 Introducing the Istio service mesh
3 Our cloud infrastructure is not reliable
4 Solving these challenges with application libraries
5 What’s a service mesh
6 How a service mesh relates to an enterprise service bus
7 Where Istio fits in distributed architectures
8 First steps with Istio
9 Getting to know the Istio control plane
10 Deploying your first application in the service mesh
11 Istio observability
12 Istio for resiliency
13 Istio’s data plane The Envoy proxy
14 Envoy’s core features, Part 1
15 Envoy’s core features, Part 2
16 Configuring Envoy
17 Envoy in action
18 Envoy request retries
19 Part 2 Securing, observing, and controlling your service’s network traffic
20 Istio gateways Getting traffic into a cluster
21 Specifying Gateway resources
22 Securing gateway traffic
23 HTTP redirect to HTTPS
24 Exposing TCP ports on an Istio gateway
25 Operational tips
26 Traffic control Fine-grained traffic routing
27 Routing requests with Istio
28 Traffic shifting
29 Reducing risk even further Traffic mirroring
30 Resilience Solving application networking challenges
31 Client-side load balancing
32 Testing various client-side load-balancing strategies
33 Locality-aware load balancing
34 Transparent timeouts and retries
35 Advanced retries
36 Guarding against slow services with connection-pool control
37 Guarding against unhealthy services with outlier detection
38 Observability Understanding the behavior of your services
39 Exploring Istio metrics
40 Scraping Istio metrics with Prometheus
41 Customizing Istio’s standard metrics
42 Creating new metrics
43 Observability Visualizing network behavior with Grafana, Jaeger, and Kiali
44 How does distributed tracing work
45 Viewing distributed tracing data
46 Visualization with Kiali
47 Securing microservice communication
48 Auto mTLS
49 Understanding Istio’s PeerAuthentication resource
50 Authorizing service-to-service traffic
51 Allowing requests originating from a single namespace
52 End-user authentication and authorization
53 Integrating with custom external authorization services
54 Part 3 Istio day-2 operations
55 Troubleshooting the data plane
56 Discovering misconfigurations with Kiali
57 Querying proxy configurations using istioctl
58 Troubleshooting application issues
59 Inspect network traffic with ksniff
60 Performance-tuning the control plane
61 Monitoring the control plane
62 Tuning performance
63 Ignoring events Reducing the scope of discovery using discovery selectors
64 Event-batching and push-throttling properties
65 Part 4 Istio in your organization
66 Scaling Istio in your organization
67 How workloads are discovered in multi-cluster deployments
68 Overview of a multi-cluster, multi-network, multi-control-plane service mesh
69 Enabling cross-cluster workload discovery
70 Setting up cross-cluster connectivity
71 Load-balancing across clusters
72 Incorporating virtual machine workloads into the mesh
73 Virtual machine high availability
74 Setting up the infrastructure
75 Representing a group of workloads with a WorkloadGroup
76 Routing traffic to cluster services
77 Demystifying the DNS proxy
78 Extending Istio on the request path
79 Configuring an Envoy filter with the EnvoyFilter resource
80 Rate-limiting requests with external call-out
81 Extending Istio’s data plane with Lua
82 Building a new Envoy filter with WebAssembly
83 Appendix A. Customizing the Istio installation
84 Appendix B. Istio’s sidecar and its injection options
85 Appendix C. Istio security SPIFFE
86 Appendix C. How Istio implements SPIFFE
87 Appendix E. How the virtual machine is configured to join the mesh