Service Mesh helps overcome the operational challenges of connecting, securing, controlling, and observing modern microservices deployment. This book shows you exactly how to use a Service Mesh architecture to manage and operationalize your microservices-based applications.

• Cover
• Title Page
• Copyright and Credits
• About Packt
• Foreword
• Contributors
• Table of Contents
• Preface
• Section 1: Cloud-Native Application Management
• Chapter 1: Monolithic Versus Microservices
  • Early computer machines
    • Hardware virtualization
    • Software virtualization
    • Container orchestration
  • Monolithic applications
    • Brief history of SOA and ESB
      • API Gateway
    • Drawbacks of monolithic applications
  • Microservices applications
    • Early pioneers
    • What is a microservice?
    • Evolution of microservices
    • Microservices architecture
    • Benefits and drawbacks of microservices
    • Future of microservices
  • Summary
  • Questions
  • Further reading
• Chapter 2: Cloud-Native Applications
  • An introduction to CNAs
  • Container runtime
  • Container orchestration platforms
  • Cloud-native infrastructure
  • Summary
  • Questions
  • Further reading
• Section 2: Architecture
• Chapter 3: Service Mesh Architecture
  • Service mesh overview
    • Who owns the service mesh?
    • Basic and advanced service mesh capabilities
    • Emerging trends
  • Shifting Dev responsibilities to Ops
  • Service mesh rules
    • Observability
    • Routing
    • Automatic scaling
    • Separation of duties
    • Trust
    • Automatic service registration and discovery 
    • Resiliency
  • Service mesh architecture
  • Summary
  • Questions
  • Further reading
• Chapter 4: Service Mesh Providers
  • Introducing service mesh providers
    • Istio
    • Linkerd
    • Consul
    • Other providers
  • A quick comparison
  • Support services
  • Summary
  • Questions
  • Further reading
• Chapter 5: Service Mesh Interface and SPIFFE
  • SMI
    • SMI specifications
  • SPIFFE
  • Summary
  • Questions
  • Further reading
• Section 3: Building a Kubernetes Environment
• Chapter 6: Building Your Own Kubernetes Environment
  • Technical requirements
  • Downloading your base VM 
    • Building an environment for Windows
      • Downloading our virtualization software
      • Setting the network address 
      • Performing finalization checks
    • Building an environment for macOS
      • Downloading our virtualization software
      • Setting the network address
      • Performing finalization checks
  • Performing prerequisite tasks
  • Building Kubernetes using one VM
    • Installing Kubernetes
    • Running kubeadm
    • Configuring kubectl
    • Installing the Calico network for pods
    • Creating an admin account
    • Installing kubectl on client machines
    • Performing finalization checks
  • Installing Helm and Tiller
    • Installing without security
    • Installing with Transport Layer Security (TLS)
  • Installing the Kubernetes dashboard
    • Running the Kubernetes dashboard
    • Get an authentication token
    • Exploring the Kubernetes dashboard
  • Additional steps
    • Installing the Metrics Server 
    • Installing VMware Octant 
    • Installing Prometheus and Grafana 
    • Uninstalling Kubernetes and Docker
    • Powering the VM up and down
  • Summary
  • Questions
  • Further reading
• Section 4: Learning about Istio through Examples
• Chapter 7: Understanding the Istio Service Mesh
  • Technical requirements 
  • Introducing the Istio service mesh
    • Istio's architecture
  • Control plane
    • Galley
    • Pilot
      • Service discovery
      • Traffic management
      • Gateway
      • Virtual service
        • Routing rules
        • Fault injection
        • Abort rules
      • Service entry
      • Destination rule
        • Load balancing
        • Circuit breaker
        • Blue/green deployment
        • Canary deployment
      • Namespace isolation
    • Mixer
      • Configuration of Mixer
        • Attributes
        • Handlers
        • Rules
    • Citadel
      • Certificate and key rotation
      • Authentication  
      • Strong identity
        • RBAC for a strong identity
      • Authorization
      • Enabling  mTLS to secure service communication
      • Secure N-to-N mapping of services
      • Policies
        • Implementing authentication
      • Implementing authorization
  • Data plane
    • Sidecar proxy
    • Istio's Envoy sidecar proxy
      • What is Envoy?
      • Envoy architecture
      • Deployment
  • Observability
  • Summary
  • Questions
  • Further reading
• Chapter 8: Installing a Demo Application
  • Technical requirements
  • Exploring Istio's BookInfo application
    • BookInfo application architecture
    • Deploying the Bookinfo application in Kubernetes
    • Enabling a DNS search for Kubernetes services in a VM
  • Understanding the BookInfo application
    • Exploring the BookInfo application in a Kubernetes environment
  • Summary
  • Questions
  • Further reading
• Chapter 9: Installing Istio
  • Technical requirements
  • Getting ready
  • Performing pre-installation tasks
    • Downloading the source code
    • Validating the environment before installation
    • Choosing an installation profile
  • Installing Istio
    • Installing Istio using the helm template
    • Installing Istio using Helm and Tiller
    • Installing Istio using a demo profile
  • Verifying our installation
  • Installing a load balancer
  • Enabling Istio
    • Enabling Istio for an existing application
    • Enabling Istio for new applications
  • Setting up horizontal pod scaling
  • Summary
  • Questions
  • Further reading
• Chapter 10: Exploring Istio Traffic Management Capabilities
  • Technical requirements
  • Traffic management
    • Creating an Istio gateway
      • Finding the Ingress gateway IP address
    • Creating a virtual service
      • Running using pod's transient IP address
      • Running using a service IP address
      • Running using Node Port
    • Creating a destination rule
  • Traffic shifting
    • Identity-based traffic routing
    • Canary deployments
  • Fault injection
    • Injecting HTTP delay faults
    • Injecting HTTP abort faults
    • Request timeouts
  • Circuit breaker
  • Managing traffic
    • Managing Ingress traffic patterns
    • Managing Egress traffic patterns
      • Blocking access to external services
      • Allowing access to external services
      • Routing rules for external services
  • Traffic mirroring
  • Cleaning up
  • Summary
  • Questions
  • Further reading
• Chapter 11: Exploring Istio Security Features
  • Technical requirements
  • Overview of Istio's security
  • Authentication
    • Testing the httpbin service
    • Generating keys and certificates
      • Installing the step CLI
      • Generating private key, server, and root certificates
    • Mapping IP addresses to hostname
    • Configuring an Ingress gateway using SDS
      • Creating secrets using key and certificate
      • Enabling httpbin for simple TLS
      • Enabling bookinfo for simple TLS
      • Rotating virtual service keys and certificates
      • Enabling an Ingress gateway for httpbin using mutual TLS
      • Verifying the TLS configuration
      • Node agent to rotate certificates and keys for services
    • Enabling mutual TLS within the mesh
      • Converting into strict mutual TLS
        • Redefining destination rules
        • Enabling mTLS at the namespace level
        • Verifying the TLS configuration
  • Authorization
    • Namespace-level authorization
    • Service-level authorization at the individual level
    • Service-level authorization for databases
  • Advanced capabilities
  • Summary
  • Questions
  • Further reading
• Chapter 12: Enabling Istio Policy Controls
  • Technical requirements
  • Introduction to policy controls
  • Enabling rate limits
    • Defining quota and assigning to services
    • Defining rate limits
    • Defining quota rules
  • Controlling access to a service
    • Denying access
    • Creating attribute-based white/blacklists
    • Creating an IP-based white/blacklist
  • Summary
  • Questions
  • Further reading
• Chapter 13: Exploring Istio Telemetry Features
  • Technical requirements
  • Telemetry and observability
  • Configuring UI access
  • Collecting built-in metrics
  • Collecting new metrics
  • Database metrics
  • Distributed tracing
    • Trace sampling
    • Tracing backends
      • Adapters for the backend
  • Exploring prometheus 
    • Sidecar proxy metrics
    • Prometheus query
    • Prometheus target collection health
    • Prometheus configuration
  • Visualizing metrics through Grafana
  • Service mesh observability through Kiali
  • Tracing with Jaeger
  • Cleaning up
  • Summary
  • Questions
  • Further reading
• Section 5: Learning about Linkerd through Examples
• Chapter 14: Understanding the Linkerd Service Mesh
  • Technical requirements
  • Introducing the Linkerd Service Mesh
  • Linkerd architecture
    • Control plane
      • Using the command-line interface (CLI)
    • Data plane
  • Linkerd proxy
    • Architecture
    • Configuring a service
    • Ingress controller
  • Observability
    • Grafana and Prometheus
    • Distributed tracing
    • Exporting metrics
    • Injecting the debugging sidecar
  • Reliability
    • Traffic split
    • Fault injection
    • Service profiles
    • Retries and timeouts
    • Load balancing
    • Protocols and the TCP proxy
  • Security
    • Automatic mTLS
  • Summary
  • Questions
  • Further reading
• Chapter 15: Installing Linkerd
  • Technical requirements
  • Installing the Linkerd CLI
  • Installing Linkerd
    • Validating the prerequisites
    • Installing the Linkerd control plane
    • Separating roles and responsibilities
      • Cluster administrator
      • Application administrator
  • Ingress gateway
  • Accessing the Linkerd dashboard
  • Deploying the Linkerd demo emoji app
    • Installing a demo application
    • Deploying the booksapp application
  • Summary
  • Questions
  • Further reading
• Chapter 16: Exploring the Reliability Features of Linkerd
  • Technical requirements
  • Overview of the reliability of Linkerd 
    • Configuring load balancing
    • Setting up a service profile
    • Retrying failed transactions
      • Retry budgets
    • Implementing timeouts
    • Troubleshooting error code
  • Summary
  • Questions
  • Further reading
• Chapter 17: Exploring the Security Features of Linkerd
  • Technical requirements
  • Setting up mTLS on Linkerd
    • Validating mTLS on Linkerd
    • Using trusted certificates for the control plane
      • Installing step certificates
      • Creating step root and intermediate certificates
      • Redeploying control plane using certificates
      • Regenerating and rotating identity certificates for microservices
    • Securing the ingress gateway
      • TLS termination
      • Testing the application in the browser
      • Testing the application through curl
  • Summary
  • Questions
  • Further reading
• Chapter 18: Exploring the Observability Features of Linkerd
  • Technical requirements
  • Gaining insight into the service mesh
    • Insights using CLI
    • Insight using Prometheus
    • Insights using Grafana
  • External Prometheus integration
  • Cleaning up
  • Summary
  • Questions
  • Further reading
• Section 6: Learning about Consul through Examples
• Chapter 19: Understanding the Consul Service Mesh
  • Technical requirements
  • Introducing the Consul service mesh
  • The Consul architecture
    • Data center 
    • Client/server
    • Protocols
      • RAFT
      • Consensus protocol
      • Gossip protocol
  • Consul's control and data planes
    • Configuring agents
    • Service discovery and definitions
    • Consul integration
  • Monitoring and visualization
    • Telegraf
    • Grafana
  • Traffic management
    • Service defaults
    • Traffic routing
    • Traffic split
    • Mesh gateway
  • Summary
  • Questions
  • Further reading
• Chapter 20: Installing Consul
  • Technical requirements
  • Installing Consul in a VM
  • Installing Consul in Kubernetes
    • Creating persistent volumes 
    • Downloading the Consul Helm chart
    • Installing Consul
    • Connecting Consul DNS to Kubernetes
    • Consul server in a VM
  • Summary
  • Questions
  • Further reading
• Chapter 21: Exploring the Service Discovery Features of Consul
  • Technical requirements
  • Installing a Consul demo application
    • Defining Ingress for the Consul dashboard
  • Service discovery
    • Using the Consul web console
  • Implementing mutual TLS
  • Exploring intentions
  • Exploring the Consul key-value store
  • Securing Consul services with ACL
  • Monitoring and metrics
  • Registering an external service
  • Summary
  • Questions
  • Further reading
• Chapter 22: Exploring Traffic Management in Consul
  • Technical requirements
  • Overview of traffic management in Consul 
    • Implementing L7 configuration
  • Deploying a demo application
  • Traffic management in Consul
    • Directing traffic to a default subset
    • Canary deployment
    • Round-robin traffic
    • Shifting traffic permanently
    • Path-based traffic routing
    • Checking Consul services
  • Mesh gateway
  • Summary
  • Questions
  • Further reading
• Assessment
• Other Books You May Enjoy
• Index