Book Image

Mastering Service Mesh

By : Anjali Khatri, Vikram Khatri

Book Image

Mastering Service Mesh

By: Anjali Khatri, Vikram Khatri

Overview of this book

Although microservices-based applications support DevOps and continuous delivery, they can also add to the complexity of testing and observability. The implementation of a service mesh architecture, however, allows you to secure, manage, and scale your microservices more efficiently. With the help of practical examples, this book demonstrates how to install, configure, and deploy an efficient service mesh for microservices in a Kubernetes environment. You'll get started with a hands-on introduction to the concepts of cloud-native application management and service mesh architecture, before learning how to build your own Kubernetes environment. While exploring later chapters, you'll get to grips with the three major service mesh providers: Istio, Linkerd, and Consul. You'll be able to identify their specific functionalities, from traffic management, security, and certificate authority through to sidecar injections and observability. By the end of this book, you will have developed the skills you need to effectively manage modern microservices-based applications.

Preface

Who this book is for

What this book covers

To get the most out of this book

Section 1: Cloud-Native Application Management

Section 1: Cloud-Native Application Management

Free Chapter

Monolithic Versus Microservices

Monolithic Versus Microservices

Early computer machines

Monolithic applications

Microservices applications

Further reading

Cloud-Native Applications

Cloud-Native Applications

An introduction to CNAs

Container runtime

Container orchestration platforms

Cloud-native infrastructure

Further reading

Section 2: Architecture

Section 2: Architecture

Service Mesh Architecture

Service Mesh Architecture

Service mesh overview

Shifting Dev responsibilities to Ops

Service mesh rules

Service mesh architecture

Further reading

Service Mesh Providers

Service Mesh Providers

Introducing service mesh providers

A quick comparison

Support services

Further reading

Service Mesh Interface and SPIFFE

Service Mesh Interface and SPIFFE

Further reading

Section 3: Building a Kubernetes Environment

Section 3: Building a Kubernetes Environment

Building Your Own Kubernetes Environment

Building Your Own Kubernetes Environment

Technical requirements

Downloading your base VM

Performing prerequisite tasks

Building Kubernetes using one VM

Installing Helm and Tiller

Installing the Kubernetes dashboard

Additional steps

Further reading

Section 4: Learning about Istio through Examples

Section 4: Learning about Istio through Examples

Understanding the Istio Service Mesh

Understanding the Istio Service Mesh

Technical requirements

Introducing the Istio service mesh

Further reading

Installing a Demo Application

Installing a Demo Application

Technical requirements

Exploring Istio's BookInfo application

Understanding the BookInfo application

Further reading

Installing Istio

Installing Istio

Technical requirements

Performing pre-installation tasks

Installing Istio

Verifying our installation

Installing a load balancer

Setting up horizontal pod scaling

Further reading

Exploring Istio Traffic Management Capabilities

Exploring Istio Traffic Management Capabilities

Technical requirements

Traffic management

Traffic shifting

Fault injection

Circuit breaker

Managing traffic

Traffic mirroring

Further reading

Exploring Istio Security Features

Exploring Istio Security Features

Technical requirements

Overview of Istio's security

Advanced capabilities

Further reading

Enabling Istio Policy Controls

Enabling Istio Policy Controls

Technical requirements

Introduction to policy controls

Enabling rate limits

Controlling access to a service

Further reading

Exploring Istio Telemetry Features

Exploring Istio Telemetry Features

Technical requirements

Telemetry and observability

Configuring UI access

Collecting built-in metrics

Collecting new metrics

Database metrics

Distributed tracing

Exploring prometheus

Visualizing metrics through Grafana

Service mesh observability through Kiali

Tracing with Jaeger

Further reading

Section 5: Learning about Linkerd through Examples

Section 5: Learning about Linkerd through Examples

Understanding the Linkerd Service Mesh

Understanding the Linkerd Service Mesh

Technical requirements

Introducing the Linkerd Service Mesh

Linkerd architecture

Further reading

Installing Linkerd

Installing Linkerd

Technical requirements

Installing the Linkerd CLI

Installing Linkerd

Ingress gateway

Accessing the Linkerd dashboard

Deploying the Linkerd demo emoji app

Further reading

Exploring the Reliability Features of Linkerd

Exploring the Reliability Features of Linkerd

Technical requirements

Overview of the reliability of Linkerd

Further reading

Exploring the Security Features of Linkerd

Exploring the Security Features of Linkerd

Technical requirements

Setting up mTLS on Linkerd

Further reading

Exploring the Observability Features of Linkerd

Exploring the Observability Features of Linkerd

Technical requirements

Gaining insight into the service mesh

External Prometheus integration

Further reading

Section 6: Learning about Consul through Examples

Section 6: Learning about Consul through Examples

Understanding the Consul Service Mesh

Understanding the Consul Service Mesh

Technical requirements

Introducing the Consul service mesh

The Consul architecture

Consul's control and data planes

Monitoring and visualization

Traffic management

Further reading

Installing Consul

Installing Consul

Technical requirements

Installing Consul in a VM

Installing Consul in Kubernetes

Further reading

Exploring the Service Discovery Features of Consul

Exploring the Service Discovery Features of Consul

Technical requirements

Installing a Consul demo application

Service discovery

Implementing mutual TLS

Exploring intentions

Exploring the Consul key-value store

Securing Consul services with ACL

Monitoring and metrics

Registering an external service

Further reading

Exploring Traffic Management in Consul

Exploring Traffic Management in Consul

Technical requirements

Overview of traffic management in Consul

Deploying a demo application

Traffic management in Consul

Further reading

Assessment

Chapter 1: Monolithic versus Microservices

Chapter 2: Cloud-Native Applications

Chapter 3: Service Mesh Architecture

Chapter 4: Service Mesh Providers

Chapter 5: Service Mesh Interface and SPIFFE

Chapter 6: Building Your Own Kubernetes Environment

Chapter 7: Understanding the Istio Service Mesh

Chapter 8: Installing a Demo Application

Chapter 9: Installing Istio

Chapter 10: Exploring Istio Traffic Management Capabilities

Chapter 11: Exploring Istio Security Features

Chapter 12: Enabling Istio Policy Controls

Chapter 13: Exploring Istio Telemetry Features

Chapter 14: Understanding the Linkerd Service Mesh

Chapter 15: Installing Linkerd

Chapter 16: Exploring the Reliability Features of Linkerd

Chapter 17: Exploring the Security Features of Linkerd

Chapter 18: Exploring the Observability Features of Linkerd

Chapter 19: Understanding the Consul Service Mesh

Chapter 20: Installing Consul

Chapter 21: Exploring the Service Discovery Features of Consul

Chapter 22: Exploring Traffic Management in Consul

Other Books You May Enjoy

Other Books You May Enjoy

Leave a review - let other readers know what you think

Customer Reviews

5 star

0

4 star

0

3 star

0

2 star

0

1 star

0

Implementing mutual TLS

The communication between services is encrypted through sidecar proxies using mutual TLS. Each service is provided an identity through the SPIFFE X.509 certificate (please refer to Chapter 5, Service Mesh Interface and SPIFFE, for a discussion on SPIFFE). Since the services are not tied to fixed IP addresses, the SPIFFE-based identity can be used to connect and accept requests between SPIFFE-compliant services.

Consul has a built-in Certificate Authority, through which it assigns leaf certificates to sidecar proxies. These sidecar proxies can be configured for upstream configuration to specify alternate data centers that services can access for high availability. The CA federation can be enabled between multiple data centers. The CA federation helps the alternate data center to continue issuing leaf SPIFFE X509 certificates in the case of WAN disruptions...