Complete Istio Service Mesh (1.8) Masterclass + Aws Eks 2021
Complete Istio Service Mesh (1.8) Masterclass + Aws Eks 2021
Last updated 12/2021
MP4 | Video: h264, 1280x720 | Audio: AAC, 44.1 KHz
Language: English | Size: 2.49 GB | Duration: 5h 27m
Last updated 12/2021
MP4 | Video: h264, 1280x720 | Audio: AAC, 44.1 KHz
Language: English | Size: 2.49 GB | Duration: 5h 27m
Learn Istio Service Mesh using Handson (Gateway, Canary Traffic Shifting, Fault Injection, Circuit Breaker, JWT, Egress)
What you'll learn
how to control ingress traffic using Gateway, VirtualService, DestinationRules
how to configure SSL Termination at AWS ELB created by Istio ingress gateway using k8s service YAML
how to configure canary rollouts/weight-based routing/traffic splitting using Virtual Service and Destination Rule
how to configure identity/header based routing
how to configure and test failure recovery features (injecting delay and abort, setting retries and timeout)
how to configure and test mirroring live traffic to different versions of app workloads
how to configure and test rate limiting and circuit breaker
how to verify default "permissive mode" of mutual TLS in service mesh, and how to enable STRICT mode of mutual TLS
how to set up end user authentication and authorization with JWT using Request Authentication and Authorization Policy
how to control egress traffic using Service Entry and Virtual Service
how to enable TLS Origination for egress traffic using Destination Rule
how to use Kiali dashboard to visualize mesh topology, logs, metrics, and YAML validation
Requirements
you have learned Kubernetes fundamentals (pod, service, deployment, ingress, configmap, role, etc)
you have development experience in Kubernetes YAML resources
you have experience using Minikube or AWS EKS or GKE
Mac or Linux highly recommended
Description
If I summarize this course in one sentence?Learn Istio Service Mesh in Kubernetes (demo is done using AWS EKS) using Handson concepts and labs (e.g. Gateway, Virtual Service, Destination Rule, Canary Rollout, Load Balancing Rules, Mirror Live Traffic, Fault Injection, Circuit Breaker, JWT Authentication and Authentication, TLS Origination, Kiali Dashboard, etc).☆Please check preview videos to see if this course is really for you☆Are you one of the below?You want to learn how to secure K8s in-cluster network with Istio Service MeshYou feel overwhelmed and don't know where to start with Istio Service Mesh in Kubernetes You used Nginx Ingress Controller but want to use production-ready Ingress ControllerYou used AWS ALB Ingress Controller but its limitation with ingress YAML pushed you away from using itYou want to learn service mesh so that you can control in-cluster traffic to microservice applicationsYou want to authenticate and authorize end users using JWT using IstioYou want to be able to configure SSL for AWS ELB using Istio Ingress Gateway Service YAMLYou want to learn how to monitor microservice app's distributed request tracing using Kiali and Jaeger dashboards Who should take this courseyou have learned Kubernetes fundamentals (pod, service, deployment, ingress, configmap, role, etc)you don't know how to go about learning Istio Service mesh in Kubernetesyou have development experience in Kubernetes YAML resourcesyou want to learn about production-level in-cluster security such as mutual TLS using Istio Service Mesh in Kubernetesyou want to learn ins and outs of Istio Service Mesh features (traffic control, security, observability) from a cloud DevOps working at an US company in SFwho should NOT need to take this courseyou already know a lot of Istio Service Mesh in Kubernetesyou are not planning on using Kuberenetesyou are not planning on working on security in Kuberenetes clusteryou have never used Kubernetes beforeIn this course, you will learn various aspects of Istio Service Mesh in Kubernetes such as:how to control Ingress Traffic using Gateway, VirtualService, DestinationRuleshow to configure SSL Termination at AWS ELB created by Istio ingress gateway using k8s service YAMLhow to configure canary rollouts/weight-based routing/traffic splitting using Virtual Service and Destination Rulehow to configure identity/header based routinghow to configure and test failure recovery features (injecting delay and abort, setting retries and timeout)how to configure and test mirroring live traffic to different versions of app workloadshow to configure and test rate limiting and circuit breakerhow to verify default "permissive mode" of mutual TLS in service mesh, and how to enable STRICT mode of mutual TLShow to set up end user authentication and authorization with JWT using Request Authentication and Authorization Policyhow to control egress traffic using Service Entry and Virtual Servicehow to enable TLS Origination for egress traffic using Destination Rulehow to use Kiali dashboard to visualize mesh topology, logs, metrics, and YAML validation5 Reasons why you should take this course:1. Instructed by a cloud DevOps engineer (with CKA and certified AWS DevOps pro) working at US company in SFI have been pretty handson with Istio Service Mesh, Kubernetes, AWS, AWS EKS with 6.5+ industry experience in both North America and Europe.2. Abstract Istio Concepts Explained with DiagramsIstio is pretty complex, and its operational complexities are pretty high. That means, a learning curve is also high.Especially with Istio, its documentation page offers LITTLE to NO diagrams explaining relationships between `Gateway`, `Virtual Service`, `Destination Rule`, `Service Entry`, etc. So I created a whole bunch of diagrams from high level architectures to low level YAML resources for Istio features such as canary rollout/traffic splitting, JWT Authentication and Authorization, and much more. You will have the most VISUAL-oriented learning experience you can EVER find on the Internet for Istio.3. Updated Knowledge about Istio Service Mesh v1.6~ in 2020Some of the Istio Architecture and Componets are outdated. I will demonstrate 2020-updated version of resources and concepts.4. Tons of handson!I won't bore you with dry lectures. Instead every concepts are paired with handson demo.5. Entire course under FIVE HOURSI tried to make this course compact and concise so students can learn the concepts and handson skills in shorted amount of time, because I know a life of software engineer is already pretty busy :)My background & Education & Career experienceCloud DevOps Software Engineer with 6.5+ years experienceBachelor of Science in Computing Science from a Canadian universityKnows Java, C#, C++, Bash, Python, JavaScript, Terraform, IaCExpert in AWS (holds AWS DevOps Professional certification) and Kubernetes (holds Certified Kubernetes Administrator, CKA)I will see you inside!
Overview
Section 1: Introduction
Lecture 1 5 Reasons Why You Should Take This Course!
Lecture 2 Instructor's background & career experiences
Section 2: Intro to Istio Service Mesh
Lecture 3 Download Course Material
Lecture 4 What is Service Mesh
Lecture 5 Istio Service Mesh Architecture
Lecture 6 Istio Architecture Change After v1.5
Lecture 7 Why Istio
Lecture 8 (Optional if using Minikube or GKE) AWS Setup (Account, IAM user, Access Key)
Lecture 9 TIPS: How to Reduce AWS Billing & Setup Email Alerts
Lecture 10 Install CLIs (aws, aws-iam-authenticator, kubectl, eksctl)
Lecture 11 Create named AWS Profile in ~/.aws/credentials
Lecture 12 Create AWS EKS Cluster using eksctl
Section 3: Install istio
Lecture 13 Install Istioctl CLI
Lecture 14 Demo profile no longer installs Prometheus, Kiali, Jaeger from istio v1.7.0
Lecture 15 Deploy Istio Service Mesh to K8s cluster
Lecture 16 Enable Istio Sidecar Injection
Section 4: Monitoring
Lecture 17 Monitoring Overview
Lecture 18 Monitoring with Grafana and Prometheus
Section 5: Deploy and Expose Sample Apps (guestbook) using Service and Ingress
Lecture 19 Deploy Pods and Services and Access Externally (public AWS ELB)
Lecture 20 Deploy Nginx Ingress Controller using Helm Chart
Lecture 21 Create Ingress resource YAML
Lecture 22 Delete K8s Service of type LoadBalancer and AWS ELB
Lecture 23 Architecture Recap
Lecture 24 BONUS: Create Private Ingress Gateway
Section 6: Expose Apps using Istio Gateway and Virtual Service (vs Ingress Controller)
Lecture 25 What is Gateway
Lecture 26 Gateway YAML Anatomy
Lecture 27 What is Virtual Service
Lecture 28 Virtual Service YAML Anatomy
Lecture 29 Deploy Gateway and Virtual Service
Lecture 30 Uninstall Nginx Ingress Controller
Lecture 31 Deploy Bookinfo App
Section 7: Traffic Management
Lecture 32 Traffic Management Overview
Lecture 33 Weight Based Routing (Canary/Traffic Splitting) using Destination Rules
Lecture 34 Identity Based Routing using Virtual Service
Lecture 35 Query String Based Routing using Virtual Service
Lecture 36 URI Path Based Routing using Virtual Service
Lecture 37 Inject Fault (Latency Delay) using Virtual Service
Lecture 38 Configure Timeouts using Virtual Service
Lecture 39 Configure Retry using Virtual Service
Lecture 40 Mirror Live Traffic using Virtual Service
Lecture 41 Configure Custom Load Balancing Policy for Pods using Destination Rule
Lecture 42 Enable Sticky Session for Virtual Service Load Balancing
Lecture 43 Configure Rate Limiting
Lecture 44 Configure Circuit Breaker
Section 8: Security in Transit (TLS/HTTPS)
Lecture 45 Enable TLS Termination at Load Balancer.
Lecture 46 Enable HTTPS for Multiple Domains using SNI
Lecture 47 Verify Mutual TLS among pods in Service Mesh
Lecture 48 Enable STRICT Mutual TLS Globally (all namespaces)
Lecture 49 Enable STRICT Mutual TLS for Namespace
Lecture 50 Enable STRICT Mutual TLS for workloads in namespace
Lecture 51 Enable HTTP Redirect to HTTPS
Section 9: End-User Authentication and Authorization with JWT
Lecture 52 Enable End-User Authentication and Authorization with JWT
Lecture 53 Enable End-user Authentication with JWT per HTTP Path
Lecture 54 Enable End-user Authentication with JWT per HTTP Path and Host
Lecture 55 Enable JWT Authorization using HTTP Header Attribute
Lecture 56 Enable JWT Authorization using Source IP
Lecture 57 Delete AuthorizationPolicy Resource
Section 10: Egress Traffic Security and Traffic Control
Lecture 58 Egress Security Overview
Lecture 59 Register External URLs with Service Entry
Lecture 60 Set Timeouts for Egress Requests
Section 11: Observability and Monitoring
Lecture 61 Observability
Lecture 62 Jaeger Dashboard for Request Tracing
Lecture 63 Kiali Dashboard
You want to learn how to secure K8s in-cluster network with Istio Service Mesh,You feel overwhelmed and don't know where to start with Istio Service Mesh in Kubernetes,You used Nginx Ingress Controller but want to use production-ready Ingress Controller,You used AWS ALB Ingress Controller but its limitation with ingress YAML pushed you away from using it,You want to learn service mesh so that you can control in-cluster traffic to microservice applications,You want to authenticate and authorize end users using JWT using Istio,You want to be able to configure SSL for AWS ELB using Istio Ingress Gateway Service YAML,You want to learn how to monitor microservice app's distributed request tracing using Kiali and Jaeger dashboards