This course explains how to use the Istio ServiceMesh for routing and managing and network traffic, enforce security and how to observe telemetry.

Students are expected to have basic knowledge of Kubernetes. We advice students to follow our KUBERNETES course. Though not required, it is helpful to have an understanding of Microservice architecture and patterns

Introduction

• Introduction to a Service Mesh
• Introduce/recap Micro-services Architecture (MSA ) patterns (in particular the sidecar)
• Discuss challenges in a service mesh
• Understand the differences between an Enterprise Service Bus (ESB) and a Service Mesh
• Introduce Istio
• High-level architecture of Istio
• Components of the data plane and control plane
• Introduce the Envoy project and its use in Istio
• Brief overview of installation and configuration techniques (e.g., Istioctl, Helm)
• Install Istio using Istioctl

Traffic Management

• Overview of traffic management with Istio
• Controlling Ingress and Egress traffic
• Configuring Gateways
• Defining Virtual Services
• Understand host and destination bindings
• Controlling HTTP traffic (matching, rewriting, redirecting, …)
• Testing resilience by using declarative faults
• Using Destination rules
• Flowing traffic to different versions (subsets)
• Managing versions using mirroring
• Explicitly adding Service Entries for outside traffic
• Resilience service with Circuit Breakers

Security

• Understand the need for declarative security
• List security tasks (identity, message privacy, message integrity, non-repudiation)
• Understand Istio identity (users, services)
• Add end-user authentication using JWT
• Apply Mutual TLS (mTLS) for inter-service authentication
• Managing certificates
• mTLS Migration techniques
• Using namespaces and label selectors to enforce policies
• Define HTTP-based access-control
• Using JWT to define end-user/external client access control

Telemetry

• Overview of Istio's Observability options
• Using Envoy's access logs
• Introduce Metrics
• Understand the different levels of metrics gathering (Envoy, Service and control plane)
• Configuring service-level metrics
• Using Prometheus and Grafana for metric visualisation
• Trace request traffic through your mesh (Distributed traces)
• Using Jaeger as a trace-backend (discuss other options)