expert kubernetes & istio: service mesh

Course Introduction

Expert Kubernetes & ISTIO: Service Mesh

Mode of Training: Online Training

Name of Trainer: Mr. Khaja

QUALITY THOUGHT * www.youtube.com/c/LearningThoughts * www.qualitythought.in

* #209,Nilgiri Block, Aditya Enclave, Ameerpet * 1

Expert Kubernetes & ISTIO: Service Mesh

Kubernetes Networking Networking Introduction

Networking History

OSI model

TCP/IP

Application

Transport

Network

Internet Protocol

Link Layer

Linux Networking

Basics

The Network Interface

The Bridge Interface

Packet Handling in the Kernel

Netfilter

Conntrack

Routing

High Level Routing

iptables

IPVS

eBPF

Network Troubleshooting Tools

Security Warning

Ping

Traceroute

Dig

Telnet

Nmap

Netstat

Netcat

openssl

Curl

Container Networking Basics

ph: 99637 99240 Email: [email protected]


* #209,Nilgiri Block, Aditya Enclave, Ameerpet * [email protected] 2

Docker Networking Model

Overlay Networking

Container Network Interface

Container connectivity

Container to Container

Container to Container Separate Hosts

Exploring Advanced Networking

Understanding the Kubernetes networking model

Intra-pod communication (container to container)

Inter-pod communication (pod to pod)

Pod-to-service communication

External access

Kubernetes networking versus Docker networking

Lookup and discovery

Self-registration

Services and endpoints

Loosely coupled connectivity with queues

Loosely coupled connectivity with data stores

Kubernetes ingress

Kubernetes network plugins

Basic Linux networking

IP addresses and ports

Network namespaces

Subnets, netmasks, and CIDRs

Virtual Ethernet devices

Bridges

Routing

Maximum transmission unit

Pod networking

Kubenet

Container networking interface

Kubernetes networking solutions

Bridging on bare metal clusters

Contiv

Open vSwitch

Nuage networks VCS

Flannel

Calico

Romana

Weave Net




Using network policies effectively

Understanding the Kubernetes network policy design

Network policies and CNI plugins

Configuring network policies

Implementing network policies

Load balancing options

External load balancer

Configuring an external load balancer

Finding the load balancer IP addresses

Preserving client IP addresses

Understanding even external load balancing

Service load balancing

Ingress

HAProxy

MetalLB

Keepalived VIP

Traefic

Kubernetes Patterns Foundational Patterns

Predictable Demands

Declarative Deployment

Health Probe

Managed Lifecycle

Automated Placement

Behavioral Patterns

Batch Job

Periodic Job

Daemon Service

Singleton Service

Stateful Service

Service Discovery

Self Awarness

Structural Patterns

Init Container

Sidecar

Adapter

Ambassador




Configuration Patterns

EnvVar Configuration

Configuration Resource

Immutable Configuration

Configuration Template

Advanced Patterns

Controller

Operator

Elastic Scale

Image Builder

Securing Kubernetes Understanding Kubernetes security challenges

Node Challenges

Network Challenges

Image Challenges

Configuration and deployment challenges

Pod and container challenges

Hardening Kubernetes

Understanding Service Accounts in Kubernetes

How does Kubernetes manage Service Accounts?

Accessing the API server

Authenticating users

Authorizing requests

Using admission control plugins

Securing Pods

Using a private image repository

Image Pull Secrets

Specifying a security context

Protecting your cluster with AppArmor

Pod security policies

Authorizing Pod security policies via RBAC

Managing network policies

Using secrets

Running a multi-user cluster




Kubernetes Monitoring Understanding Observability

Logging

Metrics

Distributed tracing

Application error reporting

Dashboards and visualization

Alerting

Logging with Kubernetes

Container logs

Kubernetes component logs

Centralized Logging

Using Fluentd for log collection

Collecting metrics with Kubernetes

Monitoring with the metrics server

Exploring cluster with Kubernetes Dashboard

The rise of Prometheus

Installing Prometheus

Interacting with Prometheus

Incorporating kube-state-metrics

Utilizing the node exporter

Incorporating the custom metrics

Alerting with Alert Manager

Visualizing metrics with Grafana

Considering Loki

Distributed tracing with Jaeger

What is Open Tracing?

Introducing Jaeger

Jaeger architecture

Installing Jaeger

Troubleshooting problems




Extending Kubernetes Working with Kubernetes API

Understanding OpenAPI

Setting up a proxy

Exploring the Kubernetes API directly

Creating a Pod via the Kubernetes API

Accessing the Kubernetes API via the Python client

Extending the Kubernetes API

Understanding Kubernetes extension points and patterns

Introducing custom resources

Developing custom resource definitions

Integrating custom resources

Understanding AP server aggregation

Utilizing the service catalog.

Writing Kubernetes plugins

Writing a Custom Scheduler

Writing Kubectl plugins

Employing Access control webhooks

Service Mesh using Istio What Is a Service Mesh?

Fundamentals

Sailing into a Service Mesh

Client Libraries: The First Service Meshes?

Why Do You Need One?

Don’t We Already Have This in Our Container Platforms?

Landscape and Ecosystem

Landscape

Ecosystem

The Critical, Fallible Network

The Value of a Service Mesh




The Istio Service Mesh

The Origin of Istio

The Current State of Istio

Cadence

Releases

Feature Status

Future

What Istio Isn’t

It’s Not Just About Microservices

Deploying Istio

Preparing Your Environment for Istio

Docker Desktop as the Installation Environment

Configuring Docker Desktop

Installing Istio

Istio Installation Options

Registering Istio’s Custom Resources

Installing Istio Control-Plane Components

Deploying the Sample Application

Deploying the Sample App with Automatic Sidecar Injection

Networking with the Sample App

Uninstalling Istio

Helm-Based Installations

Install Helm

Install with Helm Template

Confirming a Helm-Based Installation

Uninstalling a Helm-Based Installation

Other Environments

Cloud Native Approach to Uniform Observability

What Does It Mean to Be Cloud Native?

What Is Observability?

Uniform Observability with a Service Mesh

Istio

Service Mesh Architecture

Planes

Istio Control-Plane Components

Service Proxy

Istio Data-Plane Components

Gateways

Extensibility




Customizable Sidecars

Extensible Adapters

Scale and Performance

Deployment Models

Deploying Istio

Preparing Your Environment for Istio

Installing Istio

Helm-Based Installations

Service Proxy

What Is a Service Proxy?

An iptables Primer

Envoy Proxy Overview

Envoy in Istio

Sidecar Injection

Manual Sidecar Injection

Ad Hoc Sidecarring

Automatic Sidecar Injection

Kubernetes Init Containers

Sidecar Resourcing

Envoy’s Functionality

Core Constructs

Certificates and Protecting Traffic

Security and Identity

Access Control

Authentication

Authorization

Identity

SPIFFE

Key Management Architecture

Citadel

Node Agents

Envoy

Pilot

mTLS




Configuring Istio Auth Policies

Pilot

Configuring Pilot

Mesh Configuration

Networking Configuration

Service Discovery

Configuration Serving

Debugging and Troubleshooting Pilot

istioctl

Troubleshooting Pilot

Tracing Configuration

Listeners

Routes

Clusters

Traffic Management

Understanding How Traffic Flows in Istio

Understanding Istio’s Networking APIs

ServiceEntry

DestinationRule

VirtualService

Gateway

Traffic Steering and Routing

Resiliency

Load-Balancing Strategy

Outlier Detection

Retries

Timeouts

Fault Injection

Ingress and Egress

Ingress

Egress




Mixer and Policies in the Mesh

Architecture

Enforcing Policy

Understanding How Mixer Policies Work

Reporting Telemetry

Attributes

Sending Reports

Checking Caches

Adapters

In-Process Adapters

Out-of-Process Adapters

Creating a Mixer Policy and Using Adapters

Mixer Configuration

Open Policy Agent Adapter

Prometheus Adapter

Telemetry

Adapter Models

Reporting Telemetry

Metrics

Configuring Mixer to Collect Metrics

Setting Up Metrics Collection and Querying for Metrics

Traces

Disabling Tracing

Logs

Metrics

Visualization

Debugging Istio

Introspecting Istio Components

Troubleshooting with a Management Plane

Parlaying with kubectl

Workload Preparedness

Application Configuration

Network Traffic and Ports

Services and Deployments

Pods




Istio Installation, Upgrade, and Uninstall

Installation

Upgrade

Uninstallation

Troubleshooting Mixer

Troubleshooting Pilot

Debugging Galley

Debugging Envoy

Envoy’s Administrative Console

503 or 404 Requests

Sidecar Injection

Version Compatibility

Real-World Considerations for Application Deployment

Control-Plane Considerations

Galley

Pilot

Mixer

Citadel

Case Study: Canary Deployment

Cross-Cluster Deployments

Types of Advanced Topologies

Single-Cluster Meshes

Multiple-Cluster Meshes

Use Cases

Choosing a Topology

Cross-Cluster or Multicluster?

Configuring Cross-Cluster

Configure DNS and Deploy Bookinfo




Linkerd Service Mesh Understanding the Linkerd Service Mesh

Introducing the Linkerd Service Mesh

Linkerd architecture

Linkerd proxy

Observability

Reliability

Security

Installing Linkerd

Exploring the Reliability Features of Linkerd

Exploring the Security Features of Linkerd

Exploring the Observability Features of Linkerd

Consul Service mesh Understanding the Consul Service Mesh

Introducing the Consul Service Mesh

Consul architecture

Consul control plane and data planes

Monitoring and visualization

Traffic management

Installing Consul

Exploring the Service Discovery Features of Consul

Exploring the Traffic Management Features of Consul




Jenkins X Introducing Jenkins X

What is Jenkins X?

Key Design Characteristics of Jenkins X

Overall Workflow

Understanding the Technologies

Technologies for working in the cloud

Guiding Principles for Running Well in the Cloud

Containers

Kubernetes

Technologies used in CI/CD pipelines

Jenkins

Jenkins 2

Jenkins X

(Serverless) Jenkins X

Getting Jenkins X Up and Running

Prerequisites

Getting a Cluster

Installing Jenkins X in the Cluster

Using Microsoft Azure Kubernetes Service

Using Amazon’s Elastic Kubernetes Services

The jx-requirements.yml File

Getting Up and Running with Projects

Creating a Quickstart Project

Making and Previewing Changes

Promoting your Project

Getting your App to Production


expert kubernetes & istio: service mesh

Documents