- True – It is the end user's responsibility to rotate certificates and keys that have been defined for the Ingress gateway in order to secure traffic from external clients and send it to the edge microservice. Note that Istio's Citadel rotates certificates for microservices.
- True – There can only be one MeshPolicy (with name as the default) that will apply mTLS mesh-wide.
- True – Mutual TLS can be as granular as possible from the namespace level to the service level by defining a policy.
- True – Mutual TLS can be enabled through destination rules or by using MeshPolicy.
- True – Istio is capable of shielding modern microservices applications from running in a zero-trust network without any changes needing to be made to the application code.
- True – Istio makes VPNs and firewalls redundant...
Mastering Service Mesh
By :
Mastering Service Mesh
By:
Overview of this book
Although microservices-based applications support DevOps and continuous delivery, they can also add to the complexity of testing and observability. The implementation of a service mesh architecture, however, allows you to secure, manage, and scale your microservices more efficiently. With the help of practical examples, this book demonstrates how to install, configure, and deploy an efficient service mesh for microservices in a Kubernetes environment.
You'll get started with a hands-on introduction to the concepts of cloud-native application management and service mesh architecture, before learning how to build your own Kubernetes environment. While exploring later chapters, you'll get to grips with the three major service mesh providers: Istio, Linkerd, and Consul. You'll be able to identify their specific functionalities, from traffic management, security, and certificate authority through to sidecar injections and observability.
By the end of this book, you will have developed the skills you need to effectively manage modern microservices-based applications.
Table of Contents (31 chapters)
Preface
Section 1: Cloud-Native Application Management
Free Chapter
Monolithic Versus Microservices
Cloud-Native Applications
Section 2: Architecture
Service Mesh Architecture
Service Mesh Providers
Service Mesh Interface and SPIFFE
Section 3: Building a Kubernetes Environment
Building Your Own Kubernetes Environment
Section 4: Learning about Istio through Examples
Understanding the Istio Service Mesh
Installing a Demo Application
Installing Istio
Exploring Istio Traffic Management Capabilities
Exploring Istio Security Features
Enabling Istio Policy Controls
Exploring Istio Telemetry Features
Section 5: Learning about Linkerd through Examples
Understanding the Linkerd Service Mesh
Installing Linkerd
Exploring the Reliability Features of Linkerd
Exploring the Security Features of Linkerd
Exploring the Observability Features of Linkerd
Section 6: Learning about Consul through Examples
Understanding the Consul Service Mesh
Installing Consul
Exploring the Service Discovery Features of Consul
Exploring Traffic Management in Consul
Assessment
Other Books You May Enjoy
Customer Reviews