Book Image

Bootstrapping Service Mesh Implementations with Istio

By : Anand Rai
4 (1)
Book Image

Bootstrapping Service Mesh Implementations with Istio

4 (1)
By: Anand Rai

Overview of this book

Istio is a game-changer in managing connectivity and operational efficiency of microservices, but implementing and using it in applications can be challenging. This book will help you overcome these challenges and gain insights into Istio's features and functionality layer by layer with the help of easy-to-follow examples. It will let you focus on implementing and deploying Istio on the cloud and in production environments instead of dealing with the complexity of demo apps.  You'll learn the installation, architecture, and components of Istio Service Mesh, perform multi-cluster installation, and integrate legacy workloads deployed on virtual machines. As you advance, you'll understand how to secure microservices from threats, perform multi-cluster deployments on Kubernetes, use load balancing, monitor application traffic, implement service discovery and management, and much more. You’ll also explore other Service Mesh technologies such as Linkerd, Consul, Kuma, and Gloo Mesh. In addition to observing and operating Istio using Kiali, Prometheus, Grafana and Jaeger, you'll perform zero-trust security and reliable communication between distributed applications. After reading this book, you'll be equipped with the practical knowledge and skills needed to use and operate Istio effectively.
Table of Contents (19 chapters)
Part 1: The Fundamentals
Part 2: Istio in Practice
Part 3: Scaling, Extending,and Optimizing

Understanding Istio’s best practices

When operating the Service Mesh, it is advised to assume that security threats will not just originate from outside of the organization’s security boundaries but also from within the security perimeter. You should always assume that networks are not impregnable and create security controls that can secure assets, even if network boundaries are breached. In this section, we will discuss some of the various attack vectors to be mindful of when implementing Service Mesh.

Examining attack vectors for the control plane

The following list shows common strategies for initiating attacks on the control plane:

  • Causing configuration to deliberately make the control plane malfunction so that the Service Mesh becomes inoperable, thus impacting business-critical applications being managed by the mesh. This can also be a precursor to forthcoming attacks targeting Ingress or any other applications.
  • Obtaining privileged access to...