Preface
Istio is one of the most widely adopted Service Mesh technologies. It is used to manage application networking to provide security and operational efficiency to microservices. This book explores Istio layer by layer to explain how it is used to manage application networking, resiliency, observability, and security. Using various hands-on examples, you’ll learn about Istio Service Mesh installation, its architecture, and its various components. You will perform a multi-cluster installation of Istio along with integrating legacy workloads deployed on virtual machines. You’ll learn how to extend the Istio data plane using WebAssembly (WASM), as well as covering Envoy and why it is used as the data plane for Istio. You’ll see how OPA Gatekeeper can be used to automate best practices for Istio. You’ll learn how to observe and operate Istio using Kiali, Prometheus, Grafana, and Jaeger. You’ll also explore other Service Mesh technologies such as Linkerd, Consul, Kuma, and Gloo Mesh. The easy-to-follow hands-on examples built using lightweight applications throughout the book will help you to focus on implementing and deploying Istio to cloud and production environments instead of having to deal with complex demo applications.
After reading this book, you’ll be able to perform reliable and zero-trust communication between applications, solve application networking challenges, and build resilience in distributed applications using Istio.
Who this book is for
Software developers, architects, and DevOps engineers with experience in using microservices in Kubernetes-based environments and who want to solve application networking challenges that arise in microservice communications will benefit from this book. To get the most out of this book, you will need to have some experience in working with the cloud, microservices, and Kubernetes.
What this book covers
Chapter 1, Introducing Service Meshes, covers the fundamentals of cloud computing, microservices architecture, and Kubernetes. It then outlines the context as to why a Service Mesh is required and what value it delivers. If you don’t have hands-on experience in dealing with large-scale deployment architecture using Kubernetes, the cloud, and microservices architecture, then this chapter will familiarize you with these concepts and give you a good foundation for understanding the more complex subjects in the subsequent chapters.
Chapter 2, Getting Started with Istio, describes why Istio has experienced viral popularity among the Service Mesh technologies available. The chapter then provides instructions to install and run Istio and walks you through Istio’s architecture and its various components. Once installed, you will then enable Istio sidecar injection in an example application packaged with the Istio installation. The chapter provides a step-by-step look at the pre- and post-enablement of Istio in the example application to give you an idea of how Istio works.
Chapter 3, Understanding Istio Control and Data Planes, dives deeper into Istio’s control plane and data plane. This chapter will help you understand the Istio control plane so you can plan the installation of control planes in a production environment. After reading this chapter, you should be able to identify the various components of the Istio control plane including istiod, along with the functionality they each deliver in the overall working of Istio. The chapter will also familiarize you with Envoy, its architecture, and how to use Envoy as a standalone proxy.
Chapter 4, Managing Application Traffic, provides details on how to manage application traffic using Istio. The chapter is full of hands-on examples, exploring the management of Ingress traffic using the Kubernetes Ingress resource and then showing how to do this using Istio Gateway, along with securely exposing Ingress over HTTPS. The chapter provides examples of canary releases, traffic mirroring, and routing traffic to services outside the mesh. Finally, we’ll see how to manage traffic egressing from the mesh.
Chapter 5, Managing Application Resiliency, provides details on how to make use of Istio to increase the application resiliency of microservices. The chapter discusses various aspects of application resiliency including fault injection, timeout and retries, load balancing, rate limiting, circuit breakers, and outlier detection, and how each of these is addressed by Istio.
Chapter 6, Securing Microservices Communication, dives deeper into advanced topics on security. The chapter starts with explaining Istio’s security architecture, followed by implementing mutual TLS for service communication both with other services in the mesh and with downstream clients outside the mesh. The chapter will walk you through various hands-on exercises to create custom security policies for authentication and authorization.
Chapter 7, Service Mesh Observability, provides insight into why observability is important, how to collect telemetry information from Istio, the different types of metrics available and how to fetch them via APIs, and how to enable distributed tracing for applications deployed in the mesh.
Chapter 8, Scaling Istio to Multi-Cluster Deployments Across Kubernetes, walks you through how Istio can be used to provide seamless connectivity between applications deployed across multiple Kubernetes clusters. The chapter also covers multiple installation options for Istio to achieve high availability and continuity with the Service Mesh. The chapter covers advanced topics of Istio installation and familiarizes you with how to set up Istio in a primary-remote configuration on multiple networks, primary-remote configuration on a single network, multi-primary configuration on different networks, and multi-primary configuration on a single network.
Chapter 9, Extending Istio Data Plane, provides various options to extend the Istio data plane. The chapter discusses EnvoyFilter and WebAssembly in great detail and examines how they can be used to extend the functionality of the Istio data plane beyond what is offered out of the box.
Chapter 10, Deploying the Istio Service Mesh for Non-Kubernetes Workloads, provides a background as to why organizations have a significant number of workloads still deployed on virtual machines. The chapter then introduces the concept of hybrid architecture, a combination of modern and legacy architecture, followed by showing how Istio helps to marry these two worlds of legacy and modern technologies and how you can extend Istio beyond Kubernetes to virtual machines.
Chapter 11, Troubleshooting and Operating Istio, provides details of common problems you will encounter when operating Istio and how to distinguish and isolate them from other issues. The chapter then covers various techniques to analyze and troubleshoot the day-2 problems often faced by operations and reliability engineering teams. The chapter provides various best practices for deploying and operating Istio and shows how to automate the enforcement of best practices using OPA Gatekeeper.
Chapter 12, Summarizing What We Have Learned and the Next Steps, helps you revise what you’ve learned from this book by putting it to use to deploy and configure an open source application, helping you gain confidence in employing your learning in real-world applications. The chapter also provides various resources you can explore to advance your learning and expertise in Istio. Finally, the chapter introduces eBPF, an advanced technology poised to make a positive impact on service meshes.
Appendix – Other Service Mesh Technologies, introduces other Service Mesh technologies including Linkerd, Gloo Mesh, and Consul Connect, which are gaining popularity, recognition, and adoption by organizations. The information provided in this appendix is not exhaustive, but rather aims to make you familiar with the alternatives to Istio and help you form an opinion on how these technologies fare in comparison to Istio.
To get the most out of this book
Readers will need hands-on experience of using and deploying microservices on Kubernetes-based environments. Readers need to be familiar with using YAML and JSON and performing basic operations of Kubernetes. As the book makes heavy usage of various cloud provider services, it is helpful to have some experience of using various cloud platforms.
|
Software/hardware covered in the book |
Operating system requirements |
|
A workstation with a quad-core processor and 16 GB RAM at a minimum |
macOS or Linux |
|
Access to AWS, Azure, and Google Cloud subscriptions |
N/A |
|
Visual Studio Code or similar |
N/A |
|
minikube, Terraform |
N/A |
If you are using the digital version of this book, we advise you to type the code yourself or access the code from the book’s GitHub repository (a link is available in the next section). Doing so will help you avoid any potential errors related to the copying and pasting of code.
Download the example code files
You can download the example code files for this book from GitHub at https://github.com/PacktPublishing/Bootstrap-Service-Mesh-Implementations-with-Istio. If there’s an update to the code, it will be updated in the GitHub repository.
We also have other code bundles from our rich catalog of books and videos available at https://github.com/PacktPublishing/. Check them out!
Download the color images
We also provide a PDF file that has color images of the screenshots and diagrams used in this book. You can download it here: https://packt.link/DW41O.
Conventions used
There are a number of text conventions used throughout this book.
Code in text: Indicates code words in text, database table names, folder names, filenames, file extensions, pathnames, dummy URLs, user input, and Twitter handles. Here is an example: “The configuration patch is applied to HTTP_FILTER and in particular to the HTTP router filter of the http_connection_manager network filter.”
A block of code is set as follows:
"filterChainMatch": {
"destinationPort": 80,
"transportProtocol": "raw_buffer"
},When we wish to draw your attention to a particular part of a code block, the relevant lines or items are set in bold:
"filterChainMatch": {
"destinationPort": 80,
"transportProtocol": "raw_buffer"
},Any command-line input or output is written as follows:
% curl -H "Host:httpbin.org" http://a816bb2638a5e4a8c990ce790b47d429-1565783620.us-east-1.elb.amazonaws.com/get
Bold: Indicates a new term, an important word, or words that you see onscreen. For instance, words in menus or dialog boxes appear in bold. Here is an example: "Cloud computing is utility-style computing with a business model similar to what is provided by businesses selling utilities such as LPG and electricity to our homes"
Tips or important notes
Appear like this.
Get in touch
Feedback from our readers is always welcome.
General feedback: If you have questions about any aspect of this book, email us at [email protected] and mention the book title in the subject of your message.
Errata: Although we have taken every care to ensure the accuracy of our content, mistakes do happen. If you have found a mistake in this book, we would be grateful if you would report this to us. Please visit www.packtpub.com/support/errata and fill in the form.
Piracy: If you come across any illegal copies of our works in any form on the internet, we would be grateful if you would provide us with the location address or website name. Please contact us at [email protected] with a link to the material.
If you are interested in becoming an author: If there is a topic that you have expertise in and you are interested in either writing or contributing to a book, please visit authors.packtpub.com.
Share Your Thoughts
Once you’ve read Bootstrapping Service Mesh Implementations with Istio, we’d love to hear your thoughts! Please click here to go straight to the Amazon review page for this book and share your feedback.
Your review is important to us and the tech community and will help us make sure we’re delivering excellent quality content.
Download a free PDF copy of this book
Thanks for purchasing this book!
Do you like to read on the go but are unable to carry your print books everywhere?
Is your eBook purchase not compatible with the device of your choice?
Don’t worry, now with every Packt book you get a DRM-free PDF version of that book at no cost.
Read anywhere, any place, on any device. Search, copy, and paste code from your favorite technical books directly into your application.
The perks don’t stop there, you can get exclusive access to discounts, newsletters, and great free content in your inbox daily
Follow these simple steps to get the benefits:
- Scan the QR code or visit the link below
https://packt.link/free-ebook/9781803246819
- Submit your proof of purchase
- That’s it! We’ll send your free PDF and other benefits to your email directly