Introduction to Istio
Decoupling at Layer 5
As the third phase in your microservices journey, service meshes provide a substrate of secure connectivity, uniform visibility and granular control over service requests. Service meshes have quickly entered the cloud native landscape filling unmet service-level needs. Organizations that have adopted containers and who are running a handful or more of microservices find tools to provide observability, control and security lacking. Operating at layer 5, service meshes promise much value. This live training walks you through a series of hands-on labs, introducing you to each and every aspect of the popular service mesh - Istio. During this workshop you will gain hands-on experience as we walk through deploying Istio alongside microservices running in Kubernetes.
What you'll learn-and how you can apply it
By the end of this live, hands-on, online course, you’ll understand:
- How to manage traffic through load balancing and resilient communications
- How to enforce policies and rate limiting
- Istio's methods for managing telemetry, monitoring and reporting
- Approaches to canary deployments and securing communication with Istio
And you’ll be able to:
- Configure and operate Istio in context of an example workloads and their common use cases.
- Take the third step in your cloud native journey with an initial deployment of a service mesh.
This training course is for you because...
- You’re an operator who wants uniform observability irrespective of the different languages and libraries that run your services.
- You’re a developer who wants to affect application behavior without code change.
- You want to become a cloud native architect or level-up as one.
- Working knowledge of Kubernetes
- Familiarity with Docker for Desktop
- Attend Introduction to Kubernetes (live online training course with Sebastien Goasguen)
- Access to local or remote Kubernetes cluster. Either of these two local, single-node clusters will work:
- Minikube - For help, see the “Installing Kubernetes Locally Using minikube” chapter of Kubernetes: Up and Running book.
About your instructor
Lee Calcote is an innovative product and technology leader, passionate about developer platforms and management software for clouds, containers, functions and applications. Advanced and emerging technologies have been a consistent focus through Calcote’s tenure at SolarWinds, Seagate, Cisco and Pelco. As founder of Layer5, he is also an advisor and author. Calcote is active in the community as a Docker Captain and Cloud Native Ambassador.
The timeframes are only estimates and may vary according to how the class is progressing
Segment 1: Service Meshes and related technologies (20 min)
- Presentation: Service mesh concepts in the context of related technologies like container orchestrators, API gateways, and microservices frameworks.
- Presentation: How the separation of service / session-layer concerns from application code decouples developer and operators at layer 5.
Segment 2: Setup Kubernetes & Istio (30 min)
- Presentation: Review of service mesh deployment architectures.
- Exercise: Setup Kubernetes and Istio on your local machine, deploy and explore Istio’s control and data plane components: Pilot, Mixer, Galley, Citadel, Gateways and Sidecar Proxy, Envoy.
- Break (5 min)
Segment 3: Deploying an app onto the mesh (30 min)
- Presentation: Overview of Istio’s canonical sample application and Istio’s requirements for onboarding an application onto the service mesh.
- Exercise: Deploy the sample application and review its configuration for exposure through Gateways and sidecar proxy. Use Meshery as a service mesh manager to understand performance and overhead characteristics of Istio.
Segment 4: Observability (30 min)
- Presentation: Understanding types of telemetry available within a service mesh.
- Exercise: View distributed traces in Jaeger, service level metrics in Prometheus and view service mesh-generated logs.
- Break (5 min)
Segment 5: Traffic Control (30 min)
- Presentation: Traffic management with a service mesh
- Exercise: Manipulate Istio’s traffic routing and control capabilities using examples of fault injection, circuit breaking and canary testing.
Segment 6: Security (20 min)
- Presentation: Istio’s service security capabilities.
- Exercise: Enable mutual TLS between services and perform service identity verification.
Wrap up and final Q&A (10 min)