Cover image for Istio: Up and Running

Istio: Up and Running

Author Zack Butcher , Lee Calcote
Release Date: 2019/08/01
ISBN: 9781492043775
Topic:
0%
20
Chapters
0-1
Hours read
0k
Total Words
    Start Reading Now    
       Add to Wishlist       
View table of contents

Book Description

You did it. You successfully transformed your application into a microservices architecture. But now that you’re running services across different environments—public to public, private to public, virtual machine to container—your cloud native software is beginning to encounter reliability issues.

How do you stay on top of this ever-increasing complexity? With the Istio service mesh, you’ll be able to manage traffic, control access, monitor, report, get telemetry data, manage quota, trace, and more with resilience across your microservice.

In this book, Lee Calcote and Zack Butcher explain why your services need a service mesh and demonstrate step-by-step how Istio fits into the life cycle of a distributed application. You’ll learn about the tools and APIs for enabling and managing many of the features found in Istio.

  • Explore the observability challenges Istio addresses
  • Use request routing, traffic shifting, fault injection, and other features essential to running a solid service mesh
  • Generate and collect telemetry information
  • Try different deployment patterns, including A/B, blue/green, and canary
  • Get examples of how to develop and deploy real-world applications with Istio support

Table of Contents

  1. Preface
    1. Who Should Read This Book
    2. Why We Wrote This Book
    3. Conventions Used in This Book
    4. Using Code Examples
    5. O’Reilly Online Learning
    6. How to Contact Us
    7. Acknowledgments
  2. 1. Introducing the Service Mesh
    1. What Is a Service Mesh?
      1. Fundamentals
    2. Sailing into a Service Mesh
      1. Client Libraries: The First Service Meshes?
      2. Why Do You Need One?
      3. Don’t We Already Have This in Our Container Platforms?
    3. Landscape and Ecosystem
      1. Landscape
      2. Ecosystem
      3. The Critical, Fallible Network
      4. The Value of a Service Mesh
    4. The Istio Service Mesh
      1. The Origin of Istio
      2. The Current State of Istio
      3. Cadence
      4. Releases
      5. Feature Status
      6. Future
      7. What Istio Isn’t
      8. It’s Not Just About Microservices
    5. Terminology
  3. 2. Cloud Native Approach to Uniform Observability
    1. What Does It Mean to Be Cloud Native?
      1. The Path to Cloud Native
      2. Packaging and Deployment
      3. Application Architecture
      4. Development and Operations Processes
      5. Cloud Native Infrastructure
    2. What Is Observability?
      1. Pillars of Telemetry
      2. Logs
      3. Metrics
      4. Traces
      5. Combining Telemetry Pillars
      6. Why Is Observability Key in Distributed Systems?
    3. Uniform Observability with a Service Mesh
      1. Client Libraries
      2. Interfacing with Monitoring Systems
  4. 3. Istio at a Glance
    1. Service Mesh Architecture
    2. Planes
      1. Istio Control-Plane Components
      2. Service Proxy
      3. Istio Data-Plane Components
      4. Gateways
    3. Extensibility
      1. Customizable Sidecars
      2. Extensible Adapters
    4. Scale and Performance
    5. Deployment Models
  5. 4. Deploying Istio
    1. Preparing Your Environment for Istio
      1. Docker Desktop as the Installation Environment
      2. Configuring Docker Desktop
    2. Installing Istio
      1. Istio Installation Options
      2. Registering Istio’s Custom Resources
      3. Installing Istio Control-Plane Components
      4. Deploying the Bookinfo Sample Application
      5. Deploying the Sample App with Automatic Sidecar Injection
      6. Networking with the Sample App
    3. Uninstalling Istio
    4. Helm-Based Installations
      1. Install Helm
      2. Install with Helm Template
      3. Confirming a Helm-Based Installation
      4. Uninstalling a Helm-Based Installation
    5. Other Environments
  6. 5. Service Proxy
    1. What Is a Service Proxy?
      1. An iptables Primer
    2. Envoy Proxy Overview
      1. Why Envoy?
    3. Envoy in Istio
    4. Sidecar Injection
      1. Manual Sidecar Injection
      2. Ad Hoc Sidecarring
      3. Automatic Sidecar Injection
      4. Kubernetes Init Containers
      5. Sidecar Resourcing
    5. Envoy’s Functionality
      1. Core Constructs
      2. Certificates and Protecting Traffic
  7. 6. Security and Identity
    1. Access Control
      1. Authentication
      2. Authorization
    2. Identity
      1. SPIFFE
    3. Key Management Architecture
      1. Citadel
      2. Node Agents
      3. Envoy
      4. Pilot
    4. mTLS
    5. Configuring Istio Auth Policies
      1. Authentication Policy: Configuring mTLS
      2. Authorization Policy: Configuring Who Can Talk to Whom
  8. 7. Pilot
    1. Configuring Pilot
      1. Mesh Configuration
      2. Networking Configuration
      3. Service Discovery
    2. Configuration Serving
    3. Debugging and Troubleshooting Pilot
      1. istioctl
      2. Troubleshooting Pilot
    4. Tracing Configuration
      1. Listeners
      2. Routes
      3. Clusters
  9. 8. Traffic Management
    1. Understanding How Traffic Flows in Istio
    2. Understanding Istio’s Networking APIs
      1. ServiceEntry
      2. DestinationRule
      3. VirtualService
      4. Gateway
    3. Traffic Steering and Routing
    4. Resiliency
      1. Load-Balancing Strategy
      2. Outlier Detection
      3. Retries
      4. Timeouts
      5. Fault Injection
    5. Ingress and Egress
      1. Ingress
      2. Egress
  10. 9. Mixer and Policies in the Mesh
    1. Architecture
      1. Enforcing Policy
    2. Understanding How Mixer Policies Work
      1. Reporting Telemetry
    3. Attributes
      1. Sending Reports
      2. Checking Caches
    4. Adapters
      1. In-Process Adapters
      2. Out-of-Process Adapters
    5. Creating a Mixer Policy and Using Adapters
      1. Mixer Configuration
      2. Open Policy Agent Adapter
      3. Prometheus Adapter
  11. 10. Telemetry
    1. Adapter Models
      1. Reporting Telemetry
    2. Metrics
      1. Configuring Mixer to Collect Metrics
      2. Setting Up Metrics Collection and Querying for Metrics
      3. Traces
      4. Disabling Tracing
    3. Logs
      1. Metrics
    4. Visualization
  12. 11. Debugging Istio
    1. Introspecting Istio Components
    2. Troubleshooting with a Management Plane
      1. Parlaying with kubectl
    3. Workload Preparedness
      1. Application Configuration
      2. Network Traffic and Ports
      3. Services and Deployments
      4. Pods
    4. Istio Installation, Upgrade, and Uninstall
      1. Installation
      2. Upgrade
      3. Uninstallation
    5. Troubleshooting Mixer
    6. Troubleshooting Pilot
    7. Debugging Galley
    8. Debugging Envoy
      1. Envoy’s Administrative Console
      2. 503 or 404 Requests
      3. Sidecar Injection
    9. Version Compatibility
  13. 12. Real-World Considerations for Application Deployment
    1. Control-Plane Considerations
      1. Galley
      2. Pilot
      3. Mixer
      4. Citadel
    2. Case Study: Canary Deployment
      1. Cross-Cluster Deployments
  14. 13. Advanced Scenarios
    1. Types of Advanced Topologies
      1. Single-Cluster Meshes
      2. Multiple-Cluster Meshes
      3. Use Cases
    2. Choosing a Topology
      1. Cross-Cluster or Multicluster?
      2. Configuring Cross-Cluster
      3. Configure DNS and Deploy Bookinfo
  15. Index