Book Image

Mastering Service Mesh

By : Anjali Khatri, Vikram Khatri
Book Image

Mastering Service Mesh

By: Anjali Khatri, Vikram Khatri

Overview of this book

Although microservices-based applications support DevOps and continuous delivery, they can also add to the complexity of testing and observability. The implementation of a service mesh architecture, however, allows you to secure, manage, and scale your microservices more efficiently. With the help of practical examples, this book demonstrates how to install, configure, and deploy an efficient service mesh for microservices in a Kubernetes environment. You'll get started with a hands-on introduction to the concepts of cloud-native application management and service mesh architecture, before learning how to build your own Kubernetes environment. While exploring later chapters, you'll get to grips with the three major service mesh providers: Istio, Linkerd, and Consul. You'll be able to identify their specific functionalities, from traffic management, security, and certificate authority through to sidecar injections and observability. By the end of this book, you will have developed the skills you need to effectively manage modern microservices-based applications.
Table of Contents (31 chapters)
1
Section 1: Cloud-Native Application Management
4
Section 2: Architecture
8
Section 3: Building a Kubernetes Environment
10
Section 4: Learning about Istio through Examples
18
Section 5: Learning about Linkerd through Examples
24
Section 6: Learning about Consul through Examples

Summary

In this chapter, you have seen that a thin proxy is helpful to scale microservices. A proxy caches requests to avoid multiple trips to the control plane, and it sends asynchronous requests to Istio's Mixer, which can communicate to the backend services.

We've shown scenarios using the Bookinfo microservice where policy controls can be enabled in Istio through a simple edit to its config map. You can enable rate limits to prevent rogue users from abusing the system. This process defines rules where we identify a user, count their requests, and reject the requests after a rate limit. Finally, if there is a rogue user, control access to enable service denial can be configured through an IP-based whitelist or blacklist. This process defines a deny rule for services where we can deny access through instances and denier handlers.

In the next chapter, we will cover...