月度归档: 2022年7月

Istio In Action – part two

Posted on | by bob

Part two Securing, observing,and controlling your service’s network traffic

Chapter 4 Istio gateways: Getting traffic into a cluster

4.1 Traffic ingress concepts

4.1.1 Virtual IPs: Simplifying service access

4.1.2 Virtual hosting: Multiple services from a single access point

4.2 Istio ingress gateways

4.2.3 Overall view of traffic flow

4.3 Securing gateway traffic

4.3.3 HTTP traffic with mutual TLS

4.5 Operational tips

Chapter 5 Traffic control: Fine-grained traffic routing

5.1 Reducing the risk of deploying new code

5.1.1 Deployment vs. release

5.2 Routing requests with Istio

5.3 Traffic shifting

5.4 Reducing risk even further: Traffic mirroring

5.5 Routing to services outside your cluster by using Istio’s service discovery

In this chapter, we explored how to reduce the risk of deploying new code by using
traffic mirroring, traffic shifting, and traffic routing to slowly introduce changes to our
users.

In the next chapter, we look at making application interactions more resilient
by implementing timeouts, retries, and circuit breakers.

Istio In Action – part one

Posted on | by bob

Part 1 Understanding Istio

Chapter 1 Introducing the Istio service mesh

1.1 Challenges of going faster

1.1.1 Our cloud infrastructure is not reliable

1.2 Solving these challenges with application libraries

1.3 Pushing these concerns to the infrastructure

1.3.2 Meet the Envoy proxy

1.4 What’s a service mesh?

A service mesh is a distributed application infrastructure that is responsible for handling network traffic on behalf of the application in a transparent, out-of-process manner.

1.5 Introducing the Istio service mesh

1.5.1 How a service mesh relates to an enterprise service bus

1.5.2 How a service mesh relates to an API gateway

1.5.4 Where Istio fits in distributed architectures

Chapter 2 First steps with Istio

2.1 Deploying Istio on Kubernetes

kubectl get nodes

curl -L https://istio.io/downloadIstio | ISTIO_VERSION=1.13.0 sh -

istioctl x precheck

istioctl install --set profile=demo -y

kubectl get pod -n istio-system

istioctl verify-install

kubectl apply -f ./samples/addons

2.2 Getting to know the Istio control plane

2.2.1 Istiod

2.2.2 Ingress and egress gateway

2.3 Deploying your first application in the service mesh

2.4 Exploring the power of Istio with resilience,observability, and traffic control

2.4.2 Istio for resiliency

Chapter 3 Istio’s data plane: The Envoy proxy

3.1 What is the Envoy proxy?

3.1.1 Envoy’s core features

  • SERVICE DISCOVERY
  • LOAD BALANCING
  • TRAFFIC AND REQUEST ROUTING
  • TRAFFIC SHIFTING AND SHADOWING CAPABILITIES
  • NETWORK RESILIENCE
  • HTTP/2 AND GRPC
  • OBSERVABILITY WITH METRICS COLLECTION
  • OBSERVABILITY WITH DISTRIBUTED TRACING
  • AUTOMATIC TLS TERMINATION AND ORIGINATION
  • RATE LIMITING
  • EXTENDING ENVOY

3.3 Envoy in action

3.4 How Envoy fits with Istio