Istio in Action, Video Edition

Video description

Solve difficult service-to-service communication challenges around security, observability, routing, and resilience with an Istio-based service mesh. Istio allows you to define these traffic policies as configuration and enforce them consistently without needing any service-code changes.

In Istio in Action you will learn:

  • Why and when to use a service mesh
  • Envoy’s role in Istio’s service mesh
  • Allowing “North-South” traffic into a mesh
  • Fine-grained traffic routing
  • Make your services robust to network failures
  • Gain observability over your system with telemetry “golden signals”
  • How Istio makes your services secure by default
  • Integrate cloud-native applications with legacy workloads such as in VMs

Reduce the operational complexity of your microservices with an Istio-powered service mesh! Istio in Action shows you how to implement this powerful new architecture and move your application-networking concerns to a dedicated infrastructure layer. Non-functional concerns stay separate from your application, so your code is easier to understand, maintain, and adapt regardless of programming language. In this practical guide, you’ll go hands-on with the full-featured Istio service mesh to manage microservices communication. Helpful diagrams, example configuration, and examples make it easy to understand how to control routing, secure container applications, and monitor network traffic.

About the Technology
Offload complex microservice communication layer challenges to Istio! The industry-standard Istio service mesh radically simplifies security, routing, observability, and other service-to-service communication challenges. With Istio, you use a straightforward declarative configuration style to establish application-level network policies. By separating communication from business logic, your services are easier to write, maintain, and modify.

About the Book
Istio in Action teaches you how to implement an Istio-based service mesh that can handle complex routing scenarios, traffic encryption, authorization, and other common network-related tasks. You’ll start by defining a basic service mesh and exploring the data plane with Istio’s service proxy, Envoy. Then, you’ll dive into core topics like traffic routing and visualization and service-to-service authentication, as you expand your service mesh to workloads on multiple clusters and legacy VMs.

What's Inside
  • Comprehensive coverage of Istio resources
  • Practical examples to showcase service mesh capabilities
  • Implementation of multi-cluster service meshes
  • How to extend Istio with WebAssembly
  • Traffic routing and observability
  • VM integration into the mesh

About the Reader
For developers, architects, and operations engineers.

About the Authors
Christian Posta is a well-known architect, speaker, and contributor. Rinor Maloku is an engineer at working on application networking solutions.

Presents a clear-headed vision of how to achieve the goal of decoupling applications from infrastructure. I hope you’ll enjoy this book as much as I have.
- From the Foreword by Eric Brewer, VP Infrastructure and Google Fellow

I really enjoyed the gentle introduction to Istio. I can easily recommend this book to everyone starting development with Kubernetes.
- Christoph Schubert, SAP SE

A comprehensive guide for building an in-depth understanding of the Istio service mesh.
- Fotis Stamatelopoulos, Upwork

It felt like I was shadowing a highly skilled subject matter expert.
- Paolo Antinori, Red Hat

Table of contents

  1. Part 1 Understanding Istio
  2. Chapter 1. Introducing the Istio service mesh
  3. Chapter 1. Our cloud infrastructure is not reliable
  4. Chapter 1. Solving these challenges with application libraries
  5. Chapter 1. What’s a service mesh?
  6. Chapter 1. How a service mesh relates to an enterprise service bus
  7. Chapter 1. Where Istio fits in distributed architectures
  8. Chapter 2. First steps with Istio
  9. Chapter 2. Getting to know the Istio control plane
  10. Chapter 2. Deploying your first application in the service mesh
  11. Chapter 2. Istio observability
  12. Chapter 2. Istio for resiliency
  13. Chapter 3. Istio’s data plane: The Envoy proxy
  14. Chapter 3. Envoy’s core features, Part 1
  15. Chapter 3. Envoy’s core features, Part 2
  16. Chapter 3. Configuring Envoy
  17. Chapter 3. Envoy in action
  18. Chapter 3. Envoy request retries
  19. Part 2 Securing, observing, and controlling your service’s network traffic
  20. Chapter 4. Istio gateways: Getting traffic into a cluster
  21. Chapter 4. Specifying Gateway resources
  22. Chapter 4. Securing gateway traffic
  23. Chapter 4. HTTP redirect to HTTPS
  24. Chapter 4. Exposing TCP ports on an Istio gateway
  25. Chapter 4. Operational tips
  26. Chapter 5. Traffic control: Fine-grained traffic routing
  27. Chapter 5. Routing requests with Istio
  28. Chapter 5. Traffic shifting
  29. Chapter 5. Reducing risk even further: Traffic mirroring
  30. Chapter 6. Resilience: Solving application networking challenges
  31. Chapter 6. Client-side load balancing
  32. Chapter 6. Testing various client-side load-balancing strategies
  33. Chapter 6. Locality-aware load balancing
  34. Chapter 6. Transparent timeouts and retries
  35. Chapter 6. Advanced retries
  36. Chapter 6. Guarding against slow services with connection-pool control
  37. Chapter 6. Guarding against unhealthy services with outlier detection
  38. Chapter 7. Observability: Understanding the behavior of your services
  39. Chapter 7. Exploring Istio metrics
  40. Chapter 7. Scraping Istio metrics with Prometheus
  41. Chapter 7. Customizing Istio’s standard metrics
  42. Chapter 7. Creating new metrics
  43. Chapter 8. Observability: Visualizing network behavior with Grafana, Jaeger, and Kiali
  44. Chapter 8. How does distributed tracing work?
  45. Chapter 8. Viewing distributed tracing data
  46. Chapter 8. Visualization with Kiali
  47. Chapter 9. Securing microservice communication
  48. Chapter 9. Auto mTLS
  49. Chapter 9. Understanding Istio’s PeerAuthentication resource
  50. Chapter 9. Authorizing service-to-service traffic
  51. Chapter 9. Allowing requests originating from a single namespace
  52. Chapter 9. End-user authentication and authorization
  53. Chapter 9. Integrating with custom external authorization services
  54. Part 3 Istio day-2 operations
  55. Chapter 10. Troubleshooting the data plane
  56. Chapter 10. Discovering misconfigurations with Kiali
  57. Chapter 10. Querying proxy configurations using istioctl
  58. Chapter 10. Troubleshooting application issues
  59. Chapter 10. Inspect network traffic with ksniff
  60. Chapter 11. Performance-tuning the control plane
  61. Chapter 11. Monitoring the control plane
  62. Chapter 11. Tuning performance
  63. Chapter 11. Ignoring events: Reducing the scope of discovery using discovery selectors
  64. Chapter 11. Event-batching and push-throttling properties
  65. Part 4 Istio in your organization
  66. Chapter 12. Scaling Istio in your organization
  67. Chapter 12. How workloads are discovered in multi-cluster deployments
  68. Chapter 12. Overview of a multi-cluster, multi-network, multi-control-plane service mesh
  69. Chapter 12. Enabling cross-cluster workload discovery
  70. Chapter 12. Setting up cross-cluster connectivity
  71. Chapter 12. Load-balancing across clusters
  72. Chapter 13. Incorporating virtual machine workloads into the mesh
  73. Chapter 13. Virtual machine high availability
  74. Chapter 13. Setting up the infrastructure
  75. Chapter 13. Representing a group of workloads with a WorkloadGroup
  76. Chapter 13. Routing traffic to cluster services
  77. Chapter 13. Demystifying the DNS proxy
  78. Chapter 14. Extending Istio on the request path
  79. Chapter 14. Configuring an Envoy filter with the EnvoyFilter resource
  80. Chapter 14. Rate-limiting requests with external call-out
  81. Chapter 14. Extending Istio’s data plane with Lua
  82. Chapter 14. Building a new Envoy filter with WebAssembly
  83. Appendix A. Customizing the Istio installation
  84. Appendix B. Istio’s sidecar and its injection options
  85. Appendix C. Istio security: SPIFFE
  86. Appendix C. How Istio implements SPIFFE
  87. Appendix E. How the virtual machine is configured to join the mesh

Product information

  • Title: Istio in Action, Video Edition
  • Author(s): Rinor Maloku, Christian E. Posta
  • Release date: April 2022
  • Publisher(s): Manning Publications
  • ISBN: None