Book Image

Bootstrapping Service Mesh Implementations with Istio

By : Anand Rai
4 (1)
Book Image

Bootstrapping Service Mesh Implementations with Istio

4 (1)
By: Anand Rai

Overview of this book

Istio is a game-changer in managing connectivity and operational efficiency of microservices, but implementing and using it in applications can be challenging. This book will help you overcome these challenges and gain insights into Istio's features and functionality layer by layer with the help of easy-to-follow examples. It will let you focus on implementing and deploying Istio on the cloud and in production environments instead of dealing with the complexity of demo apps.  You'll learn the installation, architecture, and components of Istio Service Mesh, perform multi-cluster installation, and integrate legacy workloads deployed on virtual machines. As you advance, you'll understand how to secure microservices from threats, perform multi-cluster deployments on Kubernetes, use load balancing, monitor application traffic, implement service discovery and management, and much more. You’ll also explore other Service Mesh technologies such as Linkerd, Consul, Kuma, and Gloo Mesh. In addition to observing and operating Istio using Kiali, Prometheus, Grafana and Jaeger, you'll perform zero-trust security and reliable communication between distributed applications. After reading this book, you'll be equipped with the practical knowledge and skills needed to use and operate Istio effectively.

Related Content you might be interested in

Current Title:

Small book image
Bootstrapping Service Mesh Implementations with Istio
Anand Rai
Apr, 2023 | 418 pages
Small book image
Mastering Service Mesh
Vikram Khatri | Anjali Khatri
Mar, 2020 | 626 pages
Small book image
Kubernetes – An Enterprise Guide
Marc Boorshtein | Scott Surovich
Dec, 2021 | 578 pages
Small book image
Cloud Native with Kubernetes
Alexander Raul
Jan, 2021 | 446 pages
Table of Contents (19 chapters)
Preface
Preface
Who this book is for
What this book covers
To get the most out of this book
Download the example code files
Download the color images
Conventions used
Get in touch
Share Your Thoughts
Download a free PDF copy of this book
1
Part 1: The Fundamentals
Part 1: The Fundamentals
Free Chapter
2
Chapter 1: Introducing Service Meshes
Chapter 1: Introducing Service Meshes
Revisiting cloud computing
Understanding microservices architecture
Understanding Kubernetes
Getting to know Service Mesh
Summary
3
Chapter 2: Getting Started with Istio
Chapter 2: Getting Started with Istio
Why is Istio the most popular Service Mesh?
Exploring alternatives to Istio
Preparing your workstation for Istio installation
Installing Istio
Observability tools
Istio architecture
Summary
4
Chapter 3: Understanding Istio Control and Data Planes
Chapter 3: Understanding Istio Control and Data Planes
Exploring the components of a control plane
Deployment models for the Istio control plane
Exploring Envoy, the Istio data plane
Summary
5
Part 2: Istio in Practice
Part 2: Istio in Practice
6
Chapter 4: Managing Application Traffic
Chapter 4: Managing Application Traffic
Technical requirements
Managing Ingress traffic using the Kubernetes Ingress resource
Managing Ingress using the Istio Gateway
Traffic routing and canary release
Traffic mirroring
Routing traffic to services outside of the cluster
Exposing Ingress over HTTPS
Managing Egress traffic using Istio
Summary
7
Chapter 5: Managing Application Resiliency
Chapter 5: Managing Application Resiliency
Application resiliency using fault injection
Application resiliency using timeouts and retries
Building application resiliency using load balancing
Rate limiting
Circuit breakers and outlier detection
Summary
8
Chapter 6: Securing Microservices Communication
Chapter 6: Securing Microservices Communication
Understanding Istio security architecture
Authentication using mutual TLS
Configuring RequestAuthentication
Configuring RequestAuthorization
Summary
9
Chapter 7: Service Mesh Observability
Chapter 7: Service Mesh Observability
Understanding observability
Metric scraping using Prometheus
Customizing Istio metrics
Visualizing telemetry using Grafana
Implementing distributed tracing
Summary
10
Part 3: Scaling, Extending,and Optimizing
Part 3: Scaling, Extending,and Optimizing
11
Chapter 8: Scaling Istio to Multi-Cluster Deployments Across Kubernetes
Chapter 8: Scaling Istio to Multi-Cluster Deployments Across Kubernetes
Technical requirements
Establishing mutual trust in multi-cluster deployments
Primary-remote on multi-network
Primary-remote on the same network
Multi-primary on different networks
Multi-primary on the same network
Summary
12
Chapter 9: Extending Istio Data Plane
Chapter 9: Extending Istio Data Plane
Technical requirements
Why extensibility
Customizing the data plane using Envoy Filter
Understanding the fundamentals of Wasm
Extending the Istio data plane using Wasm
Summary
13
Chapter 10: Deploying Istio Service Mesh for Non-Kubernetes Workloads
Chapter 10: Deploying Istio Service Mesh for Non-Kubernetes Workloads
Technical requirements
Examining hybrid architecture
Setting up a Service Mesh for hybrid architecture
Summary
14
Chapter 11: Troubleshooting and Operating Istio
Chapter 11: Troubleshooting and Operating Istio
Understanding interactions between Istio components
Inspecting and analyzing the Istio configuration
Troubleshooting errors using access logs
Troubleshooting errors using debug logs
Debugging the Istio agent
Understanding Istio’s best practices
Automating best practices using OPA Gatekeeper
Summary
15
Chapter 12: Summarizing What We Have Learned and the Next Steps
Chapter 12: Summarizing What We Have Learned and the Next Steps
Technical requirements
Enforcing workload deployment best practices using OPA Gatekeeper
Applying our learnings to a sample application
Certification and learning resources for Istio
Understanding eBPF
Summary
16
Index
Index
Why subscribe?
17
Other Books You May Enjoy
Other Books You May Enjoy
Packt is searching for authors like you
Share Your Thoughts
Download a free PDF copy of this book
Appendix – Other Service Mesh Technologies
Appendix – Other Service Mesh Technologies
Consul Connect
Gloo Mesh
Kuma
Linkerd

Configuring RequestAuthorization

In the previous section, we configured a RequestAuthentication policy, which verifies a JWT token against the issuer and JWK details as per the JWKS location. We configured Auth0 as the authentication provider and the one that generates the bearer token. In this section, we will learn about how to make use of the information provided by authentication policies such as peer authentication and request authentication to authorize client access to the server (the requested resource, Pod, workload, service, etc.).

We will first focus on implementing an authorization policy in conjunction with the RequestAuthentication policy from the previous section.

To let curl access the envoy dummy using the access token issued by Auth0, we need to create an AuthorizationPolicy:

apiVersion: "security.istio.io/v1beta1"
kind: "AuthorizationPolicy"
metadata:
  name: "envoydummy-authz-policy"
  namespace: utilities...
Previous Section
End of Section 5
Next Section