Детальная информация
Khatri, Anjali. Mastering Service Mesh: Enhance, Secure, and Observe Cloud-Native Applications with Istio, Linkerd, and Consul. — Birmingham: Packt Publishing, Limited, [2020]. — 1 online resource (606 pages). — Section 4: Learning about Istio through Examples. — <URL:http://elib.fa.ru/ebsco/2416727.pdf>.
Дата создания записи
09.05.2020
Коллекции
Разрешенные действия
–
Действие 'Прочитать' будет доступно, если вы выполните вход в систему или будете работать с сайтом на компьютере в другой сети
Действие 'Загрузить' будет доступно, если вы выполните вход в систему или будете работать с сайтом на компьютере в другой сети
| Группа | Анонимные пользователи |
|---|---|
| Сеть | Интернет |
Service Mesh helps overcome the operational challenges of connecting, securing, controlling, and observing modern microservices deployment. This book shows you exactly how to use a Service Mesh architecture to manage and operationalize your microservices-based applications.
| Место доступа | Группа пользователей | Действие |
|---|---|---|
| Локальная сеть Финуниверситета | Все |
|
| Интернет | Читатели |
|
| Интернет | Анонимные пользователи |
|
- Cover
- Title Page
- Copyright and Credits
- About Packt
- Foreword
- Contributors
- Table of Contents
- Preface
- Section 1: Cloud-Native Application Management
- Chapter 1: Monolithic Versus Microservices
- Early computer machines
- Hardware virtualization
- Software virtualization
- Container orchestration
- Monolithic applications
- Brief history of SOA and ESB
- API Gateway
- Drawbacks of monolithic applications
- Brief history of SOA and ESB
- Microservices applications
- Early pioneers
- What is a microservice?
- Evolution of microservices
- Microservices architecture
- Benefits and drawbacks of microservices
- Future of microservices
- Summary
- Questions
- Further reading
- Early computer machines
- Chapter 2: Cloud-Native Applications
- An introduction to CNAs
- Container runtime
- Container orchestration platforms
- Cloud-native infrastructure
- Summary
- Questions
- Further reading
- Section 2: Architecture
- Chapter 3: Service Mesh Architecture
- Service mesh overview
- Who owns the service mesh?
- Basic and advanced service mesh capabilities
- Emerging trends
- Shifting Dev responsibilities to Ops
- Service mesh rules
- Observability
- Routing
- Automatic scaling
- Separation of duties
- Trust
- Automatic service registration and discovery
- Resiliency
- Service mesh architecture
- Summary
- Questions
- Further reading
- Service mesh overview
- Chapter 4: Service Mesh Providers
- Introducing service mesh providers
- Istio
- Linkerd
- Consul
- Other providers
- A quick comparison
- Support services
- Summary
- Questions
- Further reading
- Introducing service mesh providers
- Chapter 5: Service Mesh Interface and SPIFFE
- SMI
- SMI specifications
- SPIFFE
- Summary
- Questions
- Further reading
- SMI
- Section 3: Building a Kubernetes Environment
- Chapter 6: Building Your Own Kubernetes Environment
- Technical requirements
- Downloading your base VM
- Building an environment for Windows
- Downloading our virtualization software
- Setting the network address
- Performing finalization checks
- Building an environment for macOS
- Downloading our virtualization software
- Setting the network address
- Performing finalization checks
- Building an environment for Windows
- Performing prerequisite tasks
- Building Kubernetes using one VM
- Installing Kubernetes
- Running kubeadm
- Configuring kubectl
- Installing the Calico network for pods
- Creating an admin account
- Installing kubectl on client machines
- Performing finalization checks
- Installing Helm and Tiller
- Installing without security
- Installing with Transport Layer Security (TLS)
- Installing the Kubernetes dashboard
- Running the Kubernetes dashboard
- Get an authentication token
- Exploring the Kubernetes dashboard
- Additional steps
- Installing the Metrics Server
- Installing VMware Octant
- Installing Prometheus and Grafana
- Uninstalling Kubernetes and Docker
- Powering the VM up and down
- Summary
- Questions
- Further reading
- Section 4: Learning about Istio through Examples
- Chapter 7: Understanding the Istio Service Mesh
- Technical requirements
- Introducing the Istio service mesh
- Istio's architecture
- Control plane
- Galley
- Pilot
- Service discovery
- Traffic management
- Gateway
- Virtual service
- Routing rules
- Fault injection
- Abort rules
- Service entry
- Destination rule
- Load balancing
- Circuit breaker
- Blue/green deployment
- Canary deployment
- Namespace isolation
- Mixer
- Configuration of Mixer
- Attributes
- Handlers
- Rules
- Configuration of Mixer
- Citadel
- Certificate and key rotation
- Authentication
- Strong identity
- RBAC for a strong identity
- Authorization
- Enabling mTLS to secure service communication
- Secure N-to-N mapping of services
- Policies
- Implementing authentication
- Implementing authorization
- Data plane
- Sidecar proxy
- Istio's Envoy sidecar proxy
- What is Envoy?
- Envoy architecture
- Deployment
- Observability
- Summary
- Questions
- Further reading
- Chapter 8: Installing a Demo Application
- Technical requirements
- Exploring Istio's BookInfo application
- BookInfo application architecture
- Deploying the Bookinfo application in Kubernetes
- Enabling a DNS search for Kubernetes services in a VM
- Understanding the BookInfo application
- Exploring the BookInfo application in a Kubernetes environment
- Summary
- Questions
- Further reading
- Chapter 9: Installing Istio
- Technical requirements
- Getting ready
- Performing pre-installation tasks
- Downloading the source code
- Validating the environment before installation
- Choosing an installation profile
- Installing Istio
- Installing Istio using the helm template
- Installing Istio using Helm and Tiller
- Installing Istio using a demo profile
- Verifying our installation
- Installing a load balancer
- Enabling Istio
- Enabling Istio for an existing application
- Enabling Istio for new applications
- Setting up horizontal pod scaling
- Summary
- Questions
- Further reading
- Chapter 10: Exploring Istio Traffic Management Capabilities
- Technical requirements
- Traffic management
- Creating an Istio gateway
- Finding the Ingress gateway IP address
- Creating a virtual service
- Running using pod's transient IP address
- Running using a service IP address
- Running using Node Port
- Creating a destination rule
- Creating an Istio gateway
- Traffic shifting
- Identity-based traffic routing
- Canary deployments
- Fault injection
- Injecting HTTP delay faults
- Injecting HTTP abort faults
- Request timeouts
- Circuit breaker
- Managing traffic
- Managing Ingress traffic patterns
- Managing Egress traffic patterns
- Blocking access to external services
- Allowing access to external services
- Routing rules for external services
- Traffic mirroring
- Cleaning up
- Summary
- Questions
- Further reading
- Chapter 11: Exploring Istio Security Features
- Technical requirements
- Overview of Istio's security
- Authentication
- Testing the httpbin service
- Generating keys and certificates
- Installing the step CLI
- Generating private key, server, and root certificates
- Mapping IP addresses to hostname
- Configuring an Ingress gateway using SDS
- Creating secrets using key and certificate
- Enabling httpbin for simple TLS
- Enabling bookinfo for simple TLS
- Rotating virtual service keys and certificates
- Enabling an Ingress gateway for httpbin using mutual TLS
- Verifying the TLS configuration
- Node agent to rotate certificates and keys for services
- Enabling mutual TLS within the mesh
- Converting into strict mutual TLS
- Redefining destination rules
- Enabling mTLS at the namespace level
- Verifying the TLS configuration
- Converting into strict mutual TLS
- Authorization
- Namespace-level authorization
- Service-level authorization at the individual level
- Service-level authorization for databases
- Advanced capabilities
- Summary
- Questions
- Further reading
- Chapter 12: Enabling Istio Policy Controls
- Technical requirements
- Introduction to policy controls
- Enabling rate limits
- Defining quota and assigning to services
- Defining rate limits
- Defining quota rules
- Controlling access to a service
- Denying access
- Creating attribute-based white/blacklists
- Creating an IP-based white/blacklist
- Summary
- Questions
- Further reading
- Chapter 13: Exploring Istio Telemetry Features
- Technical requirements
- Telemetry and observability
- Configuring UI access
- Collecting built-in metrics
- Collecting new metrics
- Database metrics
- Distributed tracing
- Trace sampling
- Tracing backends
- Adapters for the backend
- Exploring prometheus
- Sidecar proxy metrics
- Prometheus query
- Prometheus target collection health
- Prometheus configuration
- Visualizing metrics through Grafana
- Service mesh observability through Kiali
- Tracing with Jaeger
- Cleaning up
- Summary
- Questions
- Further reading
- Section 5: Learning about Linkerd through Examples
- Chapter 14: Understanding the Linkerd Service Mesh
- Technical requirements
- Introducing the Linkerd Service Mesh
- Linkerd architecture
- Control plane
- Using the command-line interface (CLI)
- Data plane
- Control plane
- Linkerd proxy
- Architecture
- Configuring a service
- Ingress controller
- Observability
- Grafana and Prometheus
- Distributed tracing
- Exporting metrics
- Injecting the debugging sidecar
- Reliability
- Traffic split
- Fault injection
- Service profiles
- Retries and timeouts
- Load balancing
- Protocols and the TCP proxy
- Security
- Automatic mTLS
- Summary
- Questions
- Further reading
- Chapter 15: Installing Linkerd
- Technical requirements
- Installing the Linkerd CLI
- Installing Linkerd
- Validating the prerequisites
- Installing the Linkerd control plane
- Separating roles and responsibilities
- Cluster administrator
- Application administrator
- Ingress gateway
- Accessing the Linkerd dashboard
- Deploying the Linkerd demo emoji app
- Installing a demo application
- Deploying the booksapp application
- Summary
- Questions
- Further reading
- Chapter 16: Exploring the Reliability Features of Linkerd
- Technical requirements
- Overview of the reliability of Linkerd
- Configuring load balancing
- Setting up a service profile
- Retrying failed transactions
- Retry budgets
- Implementing timeouts
- Troubleshooting error code
- Summary
- Questions
- Further reading
- Chapter 17: Exploring the Security Features of Linkerd
- Technical requirements
- Setting up mTLS on Linkerd
- Validating mTLS on Linkerd
- Using trusted certificates for the control plane
- Installing step certificates
- Creating step root and intermediate certificates
- Redeploying control plane using certificates
- Regenerating and rotating identity certificates for microservices
- Securing the ingress gateway
- TLS termination
- Testing the application in the browser
- Testing the application through curl
- Summary
- Questions
- Further reading
- Chapter 18: Exploring the Observability Features of Linkerd
- Technical requirements
- Gaining insight into the service mesh
- Insights using CLI
- Insight using Prometheus
- Insights using Grafana
- External Prometheus integration
- Cleaning up
- Summary
- Questions
- Further reading
- Section 6: Learning about Consul through Examples
- Chapter 19: Understanding the Consul Service Mesh
- Technical requirements
- Introducing the Consul service mesh
- The Consul architecture
- Data center
- Client/server
- Protocols
- RAFT
- Consensus protocol
- Gossip protocol
- Consul's control and data planes
- Configuring agents
- Service discovery and definitions
- Consul integration
- Monitoring and visualization
- Telegraf
- Grafana
- Traffic management
- Service defaults
- Traffic routing
- Traffic split
- Mesh gateway
- Summary
- Questions
- Further reading
- Chapter 20: Installing Consul
- Technical requirements
- Installing Consul in a VM
- Installing Consul in Kubernetes
- Creating persistent volumes
- Downloading the Consul Helm chart
- Installing Consul
- Connecting Consul DNS to Kubernetes
- Consul server in a VM
- Summary
- Questions
- Further reading
- Chapter 21: Exploring the Service Discovery Features of Consul
- Technical requirements
- Installing a Consul demo application
- Defining Ingress for the Consul dashboard
- Service discovery
- Using the Consul web console
- Implementing mutual TLS
- Exploring intentions
- Exploring the Consul key-value store
- Securing Consul services with ACL
- Monitoring and metrics
- Registering an external service
- Summary
- Questions
- Further reading
- Chapter 22: Exploring Traffic Management in Consul
- Technical requirements
- Overview of traffic management in Consul
- Implementing L7 configuration
- Deploying a demo application
- Traffic management in Consul
- Directing traffic to a default subset
- Canary deployment
- Round-robin traffic
- Shifting traffic permanently
- Path-based traffic routing
- Checking Consul services
- Mesh gateway
- Summary
- Questions
- Further reading
- Assessment
- Other Books You May Enjoy
- Index
Количество обращений: 0
За последние 30 дней: 0
