O'Reilly logo
live online training icon Live Online training

Introduction to Istio

Decoupling at Layer 5

Lee Calcote

As the third phase in your microservices journey, service meshes provide a substrate of secure connectivity, uniform visibility and granular control over service requests. Service meshes have quickly entered the cloud native landscape filling unmet service-level needs. Organizations that have adopted containers and who are running a handful or more of microservices find tools to provide observability, control and security lacking. Operating at layer 5, service meshes promise much value. This live training walks you through a series of hands-on labs, introducing you to each and every aspect of the popular service mesh - Istio. During this workshop you will gain hands-on experience as we walk through deploying Istio alongside microservices running in Kubernetes.

What you'll learn-and how you can apply it

By the end of this live, hands-on, online course, you’ll understand:

  • How to manage traffic through load balancing and resilient communications
  • How to enforce policies and rate limiting
  • Istio's methods for managing telemetry, monitoring and reporting
  • Approaches to canary deployments and securing communication with Istio

And you’ll be able to:

  • Configure and operate Istio in context of an example workloads and their common use cases.
  • Take the third step in your cloud native journey with an initial deployment of a service mesh.

This training course is for you because...

  • You’re an operator who wants uniform observability irrespective of the different languages and libraries that run your services.
  • You’re a developer who wants to affect application behavior without code change.
  • You want to become a cloud native architect or level-up as one.


  • Working knowledge of Kubernetes
  • Familiarity with Docker for Desktop
  • Access to local or remote Kubernetes cluster (any size). Either of these two local, single-node clusters will work.

Recommended preparation:

Recommended follow-up:

About your instructor

  • Lee Calcote is an innovative product and technology leader, passionate about developer platforms and management software for clouds, containers, functions and applications. Advanced and emerging technologies have been a consistent focus through Calcote’s tenure at SolarWinds, Seagate, Cisco and Pelco. As founder of Layer5, he is also an advisor and author. Calcote is active in the community as a Docker Captain and Cloud Native Ambassador.


The timeframes are only estimates and may vary according to how the class is progressing

Segment 1: Service Meshes and related technologies (20 min)

  • Presentation: Service mesh concepts in the context of related technologies like container orchestrators, API gateways, and microservices frameworks.
  • Presentation: How the separation of service / session-layer concerns from application code decouples developer and operators at layer 5.
  • Q&A

Segment 2: Setup Kubernetes & Istio (30 min)

  • Presentation: Review of service mesh deployment architectures.
  • Exercise: Setup Kubernetes and Istio on your local machine, deploy and explore Istio’s control and data plane components: Pilot, Mixer, Galley, Citadel, Gateways and Sidecar Proxy, Envoy.
  • Q&A
  • Break (5 min)

Segment 3: Deploying an app onto the mesh (30 min)

  • Presentation: Overview of Istio’s canonical sample application and Istio’s requirements for onboarding an application onto the service mesh.
  • Exercise: Deploy the sample application and review its configuration for exposure through Gateways and sidecar proxy. Use Meshery as a service mesh manager to understand performance and overhead characteristics of Istio.
  • Q&A

Segment 4: Observability (30 min)

  • Presentation: Understanding types of telemetry available within a service mesh.
  • Exercise: View distributed traces in Jaeger, service level metrics in Prometheus and view service mesh-generated logs.
  • Q&A
  • Break (5 min)

Segment 5: Traffic Control (30 min)

  • Presentation: Traffic management with a service mesh
  • Exercise: Manipulate Istio’s traffic routing and control capabilities using examples of fault injection, circuit breaking and canary testing.
  • Q&A

Segment 6: Security (20 min)

  • Presentation: Istio’s service security capabilities.
  • Exercise: Enable mutual TLS between services and perform service identity verification.

Wrap up and final Q&A (10 min)