Cover image for Mastering Service Mesh

Mastering Service Mesh

Author Anjali Khatri , Vikram Khatri , Dinesh Nirmal
Release Date: 2020/03/01
Topic:
0%
479
Chapters
0-1
Hours read
0k
Total Words
    Start Reading Now    
       Add to Wishlist       
View table of contents

Book Description

Understand how to use service mesh architecture to efficiently manage and safeguard microservices-based applications with the help of examples

Key Features

  • Manage your cloud-native applications easily using service mesh architecture
  • Learn about Istio, Linkerd, and Consul - the three primary open source service mesh providers
  • Explore tips, techniques, and best practices for building secure, high-performance microservices

Book Description

Although microservices-based applications support DevOps and continuous delivery, they can also add to the complexity of testing and observability. The implementation of a service mesh architecture, however, allows you to secure, manage, and scale your microservices more efficiently. With the help of practical examples, this book demonstrates how to install, configure, and deploy an efficient service mesh for microservices in a Kubernetes environment.

You'll get started with a hands-on introduction to the concepts of cloud-native application management and service mesh architecture, before learning how to build your own Kubernetes environment. While exploring later chapters, you'll get to grips with the three major service mesh providers: Istio, Linkerd, and Consul. You'll be able to identify their specific functionalities, from traffic management, security, and certificate authority through to sidecar injections and observability.

By the end of this book, you will have developed the skills you need to effectively manage modern microservices-based applications.

What you will learn

  • Compare the functionalities of Istio, Linkerd, and Consul
  • Become well-versed with service mesh control and data plane concepts
  • Understand service mesh architecture with the help of hands-on examples
  • Work through hands-on exercises in traffic management, security, policy, and observability
  • Set up secure communication for microservices using a service mesh
  • Explore service mesh features such as traffic management, service discovery, and resiliency

Who this book is for

This book is for solution architects and network administrators, as well as DevOps and site reliability engineers who are new to the cloud-native framework. You will also find this book useful if you're looking to build a career in DevOps, particularly in operations. Working knowledge of Kubernetes and building microservices that are cloud-native is necessary to get the most out of this book.

Table of Contents

  1. Title Page
  2. Copyright and Credits
    1. Mastering Service Mesh
  3. About Packt
    1. Why subscribe?
  4. Foreword
  5. Contributors
    1. About the authors
    2. About the reviewers
    3. Packt is searching for authors like you
  6. Preface
    1. Who this book is for
    2. What this book covers
    3. Useful terms
    4. To get the most out of this book
      1. Download the example code files
      2. Download the color images
      3. Conventions used
      4. Errata
    5. Get in touch
      1. Reviews
  7. Section 1: Cloud-Native Application Management
  8. Monolithic Versus Microservices
    1. Early computer machines
      1. Hardware virtualization
      2. Software virtualization
      3. Container orchestration
    2. Monolithic applications
      1. Brief history of SOA and ESB
        1. API Gateway
      2. Drawbacks of monolithic applications
    3. Microservices applications
      1. Early pioneers
      2. What is a microservice?
      3. Evolution of microservices
      4. Microservices architecture
      5. Benefits and drawbacks of microservices
      6. Future of microservices
    4. Summary
    5. Questions
    6. Further reading
  9. Cloud-Native Applications
    1. An introduction to CNAs
    2. Container runtime
    3. Container orchestration platforms
    4. Cloud-native infrastructure
    5. Summary
    6. Questions
    7. Further reading
  10. Section 2: Architecture
  11. Service Mesh Architecture
    1. Service mesh overview
      1. Who owns the service mesh?
      2. Basic and advanced service mesh capabilities
      3. Emerging trends
    2. Shifting Dev responsibilities to Ops
    3. Service mesh rules
      1. Observability
      2. Routing
      3. Automatic scaling
      4. Separation of duties
      5. Trust
      6. Automatic service registration and discovery 
      7. Resiliency
    4. Service mesh architecture
    5. Summary
    6. Questions
    7. Further reading
  12. Service Mesh Providers
    1. Introducing service mesh providers
      1. Istio
      2. Linkerd
      3. Consul
      4. Other providers
    2. A quick comparison
    3. Support services
    4. Summary
    5. Questions
    6. Further reading
  13. Service Mesh Interface and SPIFFE
    1. SMI
      1. SMI specifications
    2. SPIFFE
    3. Summary
    4. Questions
    5. Further reading
  14. Section 3: Building a Kubernetes Environment
  15. Building Your Own Kubernetes Environment
    1. Technical requirements
    2. Downloading your base VM 
      1. Building an environment for Windows
        1. Downloading our virtualization software
        2. Setting the network address 
        3. Performing finalization checks
      2. Building an environment for macOS
        1. Downloading our virtualization software
        2. Setting the network address
        3. Performing finalization checks
    3. Performing prerequisite tasks
    4. Building Kubernetes using one VM
      1. Installing Kubernetes
      2. Running kubeadm
      3. Configuring kubectl
      4. Installing the Calico network for pods
      5. Creating an admin account
      6. Installing kubectl on client machines
      7. Performing finalization checks
    5. Installing Helm and Tiller
      1. Installing without security
      2. Installing with Transport Layer Security (TLS)
    6. Installing the Kubernetes dashboard
      1. Running the Kubernetes dashboard
      2. Get an authentication token
      3. Exploring the Kubernetes dashboard
    7. Additional steps
      1. Installing the Metrics Server 
      2. Installing VMware Octant 
      3. Installing Prometheus and Grafana 
      4. Uninstalling Kubernetes and Docker
      5. Powering the VM up and down
    8. Summary
    9. Questions
    10. Further reading
  16. Section 4: Learning about Istio through Examples
  17. Understanding the Istio Service Mesh
    1. Technical requirements 
    2. Introducing the Istio service mesh
      1. Istio's architecture
    3. Control plane
      1. Galley
      2. Pilot
        1. Service discovery
        2. Traffic management
        3. Gateway
        4. Virtual service
          1. Routing rules
          2. Fault injection
          3. Abort rules
        5. Service entry
        6. Destination rule
          1. Load balancing
          2. Circuit breaker
          3. Blue/green deployment
          4. Canary deployment
        7. Namespace isolation
      3. Mixer
        1. Configuration of Mixer
          1. Attributes
          2. Handlers
          3. Rules
      4. Citadel
        1. Certificate and key rotation
        2. Authentication  
        3. Strong identity
          1. RBAC for a strong identity
        4. Authorization
        5. Enabling  mTLS to secure service communication
        6. Secure N-to-N mapping of services
        7. Policies
          1. Implementing authentication
        8. Implementing authorization
    4. Data plane
      1. Sidecar proxy
      2. Istio's Envoy sidecar proxy
        1. What is Envoy?
        2. Envoy architecture
        3. Deployment
    5. Observability
    6. Summary
    7. Questions
    8. Further reading
  18. Installing a Demo Application
    1. Technical requirements
    2. Exploring Istio's BookInfo application
      1. BookInfo application architecture
      2. Deploying the Bookinfo application in Kubernetes
      3. Enabling a DNS search for Kubernetes services in a VM
    3. Understanding the BookInfo application
      1. Exploring the BookInfo application in a Kubernetes environment
    4. Summary
    5. Questions
    6. Further reading
  19. Installing Istio
    1. Technical requirements
    2. Getting ready
    3. Performing pre-installation tasks
      1. Downloading the source code
      2. Validating the environment before installation
      3. Choosing an installation profile
    4. Installing Istio
      1. Installing Istio using the helm template
      2. Installing Istio using Helm and Tiller
      3. Installing Istio using a demo profile
    5. Verifying our installation
    6. Installing a load balancer
    7. Enabling Istio
      1. Enabling Istio for an existing application
      2. Enabling Istio for new applications
    8. Setting up horizontal pod scaling
    9. Summary
    10. Questions
    11. Further reading
  20. Exploring Istio Traffic Management Capabilities
    1. Technical requirements
    2. Traffic management
      1. Creating an Istio gateway
        1. Finding the Ingress gateway IP address
      2. Creating a virtual service
        1. Running using pod's transient IP address
        2. Running using a service IP address
        3. Running using Node Port
      3. Creating a destination rule
    3. Traffic shifting
      1. Identity-based traffic routing
      2. Canary deployments
    4. Fault injection
      1. Injecting HTTP delay faults
      2. Injecting HTTP abort faults
      3. Request timeouts
    5. Circuit breaker
    6. Managing traffic
      1. Managing Ingress traffic patterns
      2. Managing Egress traffic patterns
        1. Blocking access to external services
        2. Allowing access to external services
        3. Routing rules for external services
    7. Traffic mirroring
    8. Cleaning up
    9. Summary
    10. Questions
    11. Further reading
  21. Exploring Istio Security Features
    1. Technical requirements
    2. Overview of Istio's security
    3. Authentication
      1. Testing the httpbin service
      2. Generating keys and certificates
        1. Installing the step CLI
        2. Generating private key, server, and root certificates
      3. Mapping IP addresses to hostname
      4. Configuring an Ingress gateway using SDS
        1. Creating secrets using key and certificate
        2. Enabling httpbin for simple TLS
        3. Enabling bookinfo for simple TLS
        4. Rotating virtual service keys and certificates
        5. Enabling an Ingress gateway for httpbin using mutual TLS
        6. Verifying the TLS configuration
        7. Node agent to rotate certificates and keys for services
      5. Enabling mutual TLS within the mesh
        1. Converting into strict mutual TLS
          1. Redefining destination rules
          2. Enabling mTLS at the namespace level
          3. Verifying the TLS configuration
    4. Authorization
      1. Namespace-level authorization
      2. Service-level authorization at the individual level
      3. Service-level authorization for databases
    5. Advanced capabilities
    6. Summary
    7. Questions
    8. Further reading
  22. Enabling Istio Policy Controls
    1. Technical requirements
    2. Introduction to policy controls
    3. Enabling rate limits
      1. Defining quota and assigning to services
      2. Defining rate limits
      3. Defining quota rules
    4. Controlling access to a service
      1. Denying access
      2. Creating attribute-based white/blacklists
      3. Creating an IP-based white/blacklist
    5. Summary
    6. Questions
    7. Further reading
  23. Exploring Istio Telemetry Features
    1. Technical requirements
    2. Telemetry and observability
    3. Configuring UI access
    4. Collecting built-in metrics
    5. Collecting new metrics
    6. Database metrics
    7. Distributed tracing
      1. Trace sampling
      2. Tracing backends
        1. Adapters for the backend
    8. Exploring prometheus 
      1. Sidecar proxy metrics
      2. Prometheus query
      3. Prometheus target collection health
      4. Prometheus configuration
    9. Visualizing metrics through Grafana
    10. Service mesh observability through Kiali
    11. Tracing with Jaeger
    12. Cleaning up
    13. Summary
    14. Questions
    15. Further reading
  24. Section 5: Learning about Linkerd through Examples
  25. Understanding the Linkerd Service Mesh
    1. Technical requirements
    2. Introducing the Linkerd Service Mesh
    3. Linkerd architecture
      1. Control plane
        1. Using the command-line interface (CLI)
      2. Data plane
    4. Linkerd proxy
      1. Architecture
      2. Configuring a service
      3. Ingress controller
    5. Observability
      1. Grafana and Prometheus
      2. Distributed tracing
      3. Exporting metrics
      4. Injecting the debugging sidecar
    6. Reliability
      1. Traffic split
      2. Fault injection
      3. Service profiles
      4. Retries and timeouts
      5. Load balancing
      6. Protocols and the TCP proxy
    7. Security
      1. Automatic mTLS
    8. Summary
    9. Questions
    10. Further reading
  26. Installing Linkerd
    1. Technical requirements
    2. Installing the Linkerd CLI
    3. Installing Linkerd
      1. Validating the prerequisites
      2. Installing the Linkerd control plane
      3. Separating roles and responsibilities
        1. Cluster administrator
        2. Application administrator
    4. Ingress gateway
    5. Accessing the Linkerd dashboard
    6. Deploying the Linkerd demo emoji app
      1. Installing a demo application
      2. Deploying the booksapp application
    7. Summary
    8. Questions
    9. Further reading
  27. Exploring the Reliability Features of Linkerd
    1. Technical requirements
    2. Overview of the reliability of Linkerd 
      1. Configuring load balancing
      2. Setting up a service profile
      3. Retrying failed transactions
        1. Retry budgets
      4. Implementing timeouts
      5. Troubleshooting error code
    3. Summary
    4. Questions
    5. Further reading
  28. Exploring the Security Features of Linkerd
    1. Technical requirements
    2. Setting up mTLS on Linkerd
      1. Validating mTLS on Linkerd
      2. Using trusted certificates for the control plane
        1. Installing step certificates
        2. Creating step root and intermediate certificates
        3. Redeploying control plane using certificates
        4. Regenerating and rotating identity certificates for microservices
      3. Securing the ingress gateway
        1. TLS termination
        2. Testing the application in the browser
        3. Testing the application through curl
    3. Summary
    4. Questions
    5. Further reading
  29. Exploring the Observability Features of Linkerd
    1. Technical requirements
    2. Gaining insight into the service mesh
      1. Insights using CLI
      2. Insight using Prometheus
      3. Insights using Grafana
    3. External Prometheus integration
    4. Cleaning up
    5. Summary
    6. Questions
    7. Further reading
  30. Section 6: Learning about Consul through Examples
  31. Understanding the Consul Service Mesh
    1. Technical requirements
    2. Introducing the Consul service mesh
    3. The Consul architecture
      1. Data center 
      2. Client/server
      3. Protocols
        1. RAFT
        2. Consensus protocol
        3. Gossip protocol
    4. Consul's control and data planes
      1. Configuring agents
      2. Service discovery and definitions
      3. Consul integration
    5. Monitoring and visualization
      1. Telegraf
      2. Grafana
    6. Traffic management
      1. Service defaults
      2. Traffic routing
      3. Traffic split
      4. Mesh gateway
    7. Summary
    8. Questions
    9. Further reading
  32. Installing Consul
    1. Technical requirements
    2. Installing Consul in a VM
    3. Installing Consul in Kubernetes
      1. Creating persistent volumes 
      2. Downloading the Consul Helm chart
      3. Installing Consul
      4. Connecting Consul DNS to Kubernetes
      5. Consul server in a VM
    4. Summary
    5. Questions
    6. Further reading
  33. Exploring the Service Discovery Features of Consul
    1. Technical requirements
    2. Installing a Consul demo application
      1. Defining Ingress for the Consul dashboard
    3. Service discovery
      1. Using the Consul web console
    4. Implementing mutual TLS
    5. Exploring intentions
    6. Exploring the Consul key-value store
    7. Securing Consul services with ACL
    8. Monitoring and metrics
    9. Registering an external service
    10. Summary
    11. Questions
    12. Further reading
  34. Exploring Traffic Management in Consul
    1. Technical requirements
    2. Overview of traffic management in Consul 
      1. Implementing L7 configuration
    3. Deploying a demo application
    4. Traffic management in Consul
      1. Directing traffic to a default subset
      2. Canary deployment
      3. Round-robin traffic
      4. Shifting traffic permanently
      5. Path-based traffic routing
      6. Checking Consul services
    5. Mesh gateway
    6. Summary
    7. Questions
    8. Further reading
  35. Assessment
    1. Chapter 1: Monolithic versus Microservices
    2. Chapter 2: Cloud-Native Applications
    3. Chapter 3: Service Mesh Architecture
    4. Chapter 4: Service Mesh Providers
    5. Chapter 5: Service Mesh Interface and SPIFFE
    6. Chapter 6: Building Your Own Kubernetes Environment
    7. Chapter 7: Understanding the Istio Service Mesh
    8. Chapter 8: Installing a Demo Application
    9. Chapter 9: Installing Istio
    10. Chapter 10: Exploring Istio Traffic Management Capabilities
    11. Chapter 11: Exploring Istio Security Features
    12. Chapter 12: Enabling Istio Policy Controls
    13. Chapter 13: Exploring Istio Telemetry Features
    14. Chapter 14: Understanding the Linkerd Service Mesh
    15. Chapter 15: Installing Linkerd
    16. Chapter 16: Exploring the Reliability Features of Linkerd
    17. Chapter 17: Exploring the Security Features of Linkerd
    18. Chapter 18: Exploring the Observability Features of Linkerd
    19. Chapter 19: Understanding the Consul Service Mesh
    20. Chapter 20: Installing Consul
    21. Chapter 21: Exploring the Service Discovery Features of Consul
    22. Chapter 22: Exploring Traffic Management in Consul
  36. Other Books You May Enjoy
    1. Leave a review - let other readers know what you think
18.117.216.229