Book Image

Mastering Service Mesh

By : Anjali Khatri, Vikram Khatri
Book Image

Mastering Service Mesh

By: Anjali Khatri, Vikram Khatri

Overview of this book

Although microservices-based applications support DevOps and continuous delivery, they can also add to the complexity of testing and observability. The implementation of a service mesh architecture, however, allows you to secure, manage, and scale your microservices more efficiently. With the help of practical examples, this book demonstrates how to install, configure, and deploy an efficient service mesh for microservices in a Kubernetes environment. You'll get started with a hands-on introduction to the concepts of cloud-native application management and service mesh architecture, before learning how to build your own Kubernetes environment. While exploring later chapters, you'll get to grips with the three major service mesh providers: Istio, Linkerd, and Consul. You'll be able to identify their specific functionalities, from traffic management, security, and certificate authority through to sidecar injections and observability. By the end of this book, you will have developed the skills you need to effectively manage modern microservices-based applications.

Related Content you might be interested in

Current Title:

Small book image
Mastering Service Mesh
Anjali Khatri | Vikram Khatri
Mar, 2020 | 626 pages
Small book image
Bootstrapping Service Mesh Implementations with Istio
Anand Rai
Apr, 2023 | 418 pages
Small book image
Mastering Kubernetes,
Gigi Sayfan
Jun, 2020 | 642 pages
Small book image
Simplifying Service Management with Consul
Robert E Jackson
Nov, 2021 | 234 pages
Table of Contents (31 chapters)
Preface
Preface
Who this book is for
What this book covers
Useful terms
To get the most out of this book
Get in touch
1
Section 1: Cloud-Native Application Management
Section 1: Cloud-Native Application Management
Free Chapter
2
Monolithic Versus Microservices
Monolithic Versus Microservices
Early computer machines
Monolithic applications
Microservices applications
Summary
Questions
Further reading
3
Cloud-Native Applications
Cloud-Native Applications
An introduction to CNAs
Container runtime
Container orchestration platforms
Cloud-native infrastructure
Summary
Questions
Further reading
4
Section 2: Architecture
Section 2: Architecture
5
Service Mesh Architecture
Service Mesh Architecture
Service mesh overview
Shifting Dev responsibilities to Ops
Service mesh rules
Service mesh architecture
Summary
Questions
Further reading
6
Service Mesh Providers
Service Mesh Providers
Introducing service mesh providers
A quick comparison
Support services
Summary
Questions
Further reading
7
Service Mesh Interface and SPIFFE
Service Mesh Interface and SPIFFE
SMI
SPIFFE
Summary
Questions
Further reading
8
Section 3: Building a Kubernetes Environment
Section 3: Building a Kubernetes Environment
9
Building Your Own Kubernetes Environment
Building Your Own Kubernetes Environment
Technical requirements
Downloading your base VM
Performing prerequisite tasks
Building Kubernetes using one VM
Installing Helm and Tiller
Installing the Kubernetes dashboard
Additional steps
Summary
Questions
Further reading
10
Section 4: Learning about Istio through Examples
Section 4: Learning about Istio through Examples
11
Understanding the Istio Service Mesh
Understanding the Istio Service Mesh
Technical requirements
Introducing the Istio service mesh
Control plane
Data plane
Observability
Summary
Questions
Further reading
12
Installing a Demo Application
Installing a Demo Application
Technical requirements
Exploring Istio's BookInfo application
Understanding the BookInfo application
Summary
Questions
Further reading
13
Installing Istio
Installing Istio
Technical requirements
Getting ready
Performing pre-installation tasks
Installing Istio
Verifying our installation
Installing a load balancer
Enabling Istio
Setting up horizontal pod scaling
Summary
Questions
Further reading
14
Exploring Istio Traffic Management Capabilities
Exploring Istio Traffic Management Capabilities
Technical requirements
Traffic management
Traffic shifting
Fault injection
Circuit breaker
Managing traffic
Traffic mirroring
Cleaning up
Summary
Questions
Further reading
15
Exploring Istio Security Features
Exploring Istio Security Features
Technical requirements
Overview of Istio's security
Authentication
Authorization
Advanced capabilities
Summary
Questions
Further reading
16
Enabling Istio Policy Controls
Enabling Istio Policy Controls
Technical requirements
Introduction to policy controls
Enabling rate limits
Controlling access to a service
Summary
Questions
Further reading
17
Exploring Istio Telemetry Features
Exploring Istio Telemetry Features
Technical requirements
Telemetry and observability
Configuring UI access
Collecting built-in metrics
Collecting new metrics
Database metrics
Distributed tracing
Exploring prometheus
Visualizing metrics through Grafana
Service mesh observability through Kiali
Tracing with Jaeger
Cleaning up
Summary
Questions
Further reading
18
Section 5: Learning about Linkerd through Examples
Section 5: Learning about Linkerd through Examples
19
Understanding the Linkerd Service Mesh
Understanding the Linkerd Service Mesh
Technical requirements
Introducing the Linkerd Service Mesh
Linkerd architecture
Linkerd proxy
Observability
Reliability
Security
Summary
Questions
Further reading
20
Installing Linkerd
Installing Linkerd
Technical requirements
Installing the Linkerd CLI
Installing Linkerd
Ingress gateway
Accessing the Linkerd dashboard
Deploying the Linkerd demo emoji app
Summary
Questions
Further reading
21
Exploring the Reliability Features of Linkerd
Exploring the Reliability Features of Linkerd
Technical requirements
Overview of the reliability of Linkerd
Summary
Questions
Further reading
22
Exploring the Security Features of Linkerd
Exploring the Security Features of Linkerd
Technical requirements
Setting up mTLS on Linkerd
Summary
Questions
Further reading
23
Exploring the Observability Features of Linkerd
Exploring the Observability Features of Linkerd
Technical requirements
Gaining insight into the service mesh
External Prometheus integration
Cleaning up
Summary
Questions
Further reading
24
Section 6: Learning about Consul through Examples
Section 6: Learning about Consul through Examples
25
Understanding the Consul Service Mesh
Understanding the Consul Service Mesh
Technical requirements
Introducing the Consul service mesh
The Consul architecture
Consul's control and data planes
Monitoring and visualization
Traffic management
Summary
Questions
Further reading
26
Installing Consul
Installing Consul
Technical requirements
Installing Consul in a VM
Installing Consul in Kubernetes
Summary
Questions
Further reading
27
Exploring the Service Discovery Features of Consul
Exploring the Service Discovery Features of Consul
Technical requirements
Installing a Consul demo application
Service discovery
Implementing mutual TLS
Exploring intentions
Exploring the Consul key-value store
Securing Consul services with ACL
Monitoring and metrics
Registering an external service
Summary
Questions
Further reading
28
Exploring Traffic Management in Consul
Exploring Traffic Management in Consul
Technical requirements
Overview of traffic management in Consul
Deploying a demo application
Traffic management in Consul
Mesh gateway
Summary
Questions
Further reading
29
Assessment
Assessment
Chapter 1: Monolithic versus Microservices
Chapter 2: Cloud-Native Applications
Chapter 3: Service Mesh Architecture
Chapter 4: Service Mesh Providers
Chapter 5: Service Mesh Interface and SPIFFE
Chapter 6: Building Your Own Kubernetes Environment
Chapter 7: Understanding the Istio Service Mesh
Chapter 8: Installing a Demo Application
Chapter 9: Installing Istio
Chapter 10: Exploring Istio Traffic Management Capabilities
Chapter 11: Exploring Istio Security Features
Chapter 12: Enabling Istio Policy Controls
Chapter 13: Exploring Istio Telemetry Features
Chapter 14: Understanding the Linkerd Service Mesh
Chapter 15: Installing Linkerd
Chapter 16: Exploring the Reliability Features of Linkerd
Chapter 17: Exploring the Security Features of Linkerd
Chapter 18: Exploring the Observability Features of Linkerd
Chapter 19: Understanding the Consul Service Mesh
Chapter 20: Installing Consul
Chapter 21: Exploring the Service Discovery Features of Consul
Chapter 22: Exploring Traffic Management in Consul
30
Other Books You May Enjoy
Other Books You May Enjoy
Leave a review - let other readers know what you think

SPIFFE

Secure Production Identity Framework for Everyone (SPIFFEhttps://spiffe.io) was inspired by a few brilliant engineers due to their need to remove application-level authentication and network-level access control configuration. Joe Beda, one of the creators of Kubernetes, was the original author of the SPIFFE specification.

SPIFFE started as open source in 2016 for securely identifying software systems in dynamic and heterogeneous environments. It is mainly about establishing trust in a complex distributed environment where workloads are dynamically scaled and scheduled to run on any node in a cluster. The workloads using SPIFFE identify themselves with each other by looking at URIs such as spiffe://trust-domain/path, which are defined in a Subject Alternative Name (SAN) field in X.509 certificates.

SPIFFE's runtime environment is called the SPIFFE Runtime...

Previous Section
End of Section 3
Next Section