Istio Service Mesh

Our Introduction to Istio training covers using a service mesh (Istio) to control network traffic between microservices deployed on Kubernetes.

In this course you will learn how to control the flow of traffic and API calls between services, test various failure scenarios, automatically secure your services through managed authentication, authorization and encryption of communication between services, apply polices and ensure that they’re enforced, and observe everything with rich automatic tracing, monitoring and logging of all your services.

Goals

After completing this course, students will have a firm understanding on how to use a service mesh to control network traffic for their containerized application infrastructure.

• strong grasp of container basics (recommended training: Docker Basic)
• strong grasp of Kubernetes terminology and Kubernetes cluster operation fundamentals (recommended training: Kubernetes Basic)

Audience

• people familiar with containerized applications and container orchestration technologies, wishing to improve the security of their environment
• DevOps engineers
• Linux system administrators
• Systems design engineers
• Architects

Outline

Module 01: K8s-Network Policy

• Why use network policies
• What is MetalLB and how it works
• Configuring Layer2 and Layer3 MetalLB
• Additional MetalLB configuration samples

Hands-on Lab: Network Policies

Module 02: Istio - Introduction 

• What is a service mash
• What is Istio
• Istio architecture and components
• Setting up Istio

Hands-on Lab: Istio - Introduction

Module 03: Istio – Advanced Routing 

• Why route traffic?
• Traffic shifting
• Request routing
• External Resources

Hands-on Lab: Istio – Traffic routing

Module 04: Istio – Fault Injection

• Controlling Ingress traffic
• Fault injection
• Circuit breaking
• Traffic mirroring

Hands-on Lab: Istio – Fault injection

Module 05: Istio – mTLS

• Securing pod communication with Istio
• mTLS
• Authorization policies
• Policy target
• Authenticated and unauthenticated identity

Hands-on Lab: Istio – mTLS and Authorization

Module 06: Istio - Observability 

• Viewing the mesh with Kiali
• Kiali features
• Generating a service graph
• Tracing Calls with Jaeger
• Observability (Metrics, Distributed Tracers, Access Logs)

Hands-on Lab: Istio - Observability

Module 07: Open Policy Agent 

• How OPA works
• OPA and Kubernetes
• Integrating OPA with K8s
• Rego Expressions

Hands-on Lab: OPA Gatekeeper

Module 08: Cert Manager 

• What Cert Manager is
• cert-manager overview
• cert-manager concepts
• Installing cert-manger
• cert-manager walkthrough

Hands-on Lab: Cert Manager

Prerequisites

To attend this course, you need to have:

• PC/Laptop with internet access
• Updated web browser
• Working knowledge of the following Kubernetes topics: Role-Based Access Control (RBAC), resource control, logging and monitoring (recommended training: Kubernetes Advanced)