Complete Istio Service Mesh (1.8) Masterclass + Aws Eks 2021

Learn Istio Service Mesh using Handson (Gateway, Canary Traffic Shifting, Fault Injection, Circuit Breaker, JWT, Egress)

What you'll learn
how to control ingress traffic using Gateway, VirtualService, DestinationRules
how to configure SSL Termination at AWS ELB created by Istio ingress gateway using k8s service YAML
how to configure canary rollouts/weight-based routing/traffic splitting using Virtual Service and Destination Rule
how to configure identity/header based routing
how to configure and test failure recovery features (injecting delay and abort, setting retries and timeout)
how to configure and test mirroring live traffic to different versions of app workloads
how to configure and test rate limiting and circuit breaker
how to verify default "permissive mode" of mutual TLS in service mesh, and how to enable STRICT mode of mutual TLS
how to set up end user authentication and authorization with JWT using Request Authentication and Authorization Policy
how to control egress traffic using Service Entry and Virtual Service
how to enable TLS Origination for egress traffic using Destination Rule
how to use Kiali dashboard to visualize mesh topology, logs, metrics, and YAML validation
Requirements
you have learned Kubernetes fundamentals (pod, service, deployment, ingress, configmap, role, etc)
you have development experience in Kubernetes YAML resources
you have experience using Minikube or AWS EKS or GKE
Mac or Linux highly recommended
Description
If I summarize this course in one sentence?Learn Istio Service Mesh in Kubernetes (demo is done using AWS EKS) using Handson concepts and labs (e.g. Gateway, Virtual Service, Destination Rule, Canary Rollout, Load Balancing Rules, Mirror Live Traffic, Fault Injection, Circuit Breaker, JWT Authentication and Authentication, TLS Origination, Kiali Dashboard, etc).☆Please check preview videos to see if this course is really for you☆Are you one of the below?You want to learn how to secure K8s in-cluster network with Istio Service MeshYou feel overwhelmed and don't know where to start with Istio Service Mesh in Kubernetes You used Nginx Ingress Controller but want to use production-ready Ingress ControllerYou used AWS ALB Ingress Controller but its limitation with ingress YAML pushed you away from using itYou want to learn service mesh so that you can control in-cluster traffic to microservice applicationsYou want to authenticate and authorize end users using JWT using IstioYou want to be able to configure SSL for AWS ELB using Istio Ingress Gateway Service YAMLYou want to learn how to monitor microservice app's distributed request tracing using Kiali and Jaeger dashboards Who should take this courseyou have learned Kubernetes fundamentals (pod, service, deployment, ingress, configmap, role, etc)you don't know how to go about learning Istio Service mesh in Kubernetesyou have development experience in Kubernetes YAML resourcesyou want to learn about production-level in-cluster security such as mutual TLS using Istio Service Mesh in Kubernetesyou want to learn ins and outs of Istio Service Mesh features (traffic control, security, observability) from a cloud DevOps working at an US company in SFwho should NOT need to take this courseyou already know a lot of Istio Service Mesh in Kubernetesyou are not planning on using Kuberenetesyou are not planning on working on security in Kuberenetes clusteryou have never used Kubernetes beforeIn this course, you will learn various aspects of Istio Service Mesh in Kubernetes such as:how to control Ingress Traffic using Gateway, VirtualService, DestinationRuleshow to configure SSL Termination at AWS ELB created by Istio ingress gateway using k8s service YAMLhow to configure canary rollouts/weight-based routing/traffic splitting using Virtual Service and Destination Rulehow to configure identity/header based routinghow to configure and test failure recovery features (injecting delay and abort, setting retries and timeout)how to configure and test mirroring live traffic to different versions of app workloadshow to configure and test rate limiting and circuit breakerhow to verify default "permissive mode" of mutual TLS in service mesh, and how to enable STRICT mode of mutual TLShow to set up end user authentication and authorization with JWT using Request Authentication and Authorization Policyhow to control egress traffic using Service Entry and Virtual Servicehow to enable TLS Origination for egress traffic using Destination Rulehow to use Kiali dashboard to visualize mesh topology, logs, metrics, and YAML validation5 Reasons why you should take this course:1. Instructed by a cloud DevOps engineer (with CKA and certified AWS DevOps pro) working at US company in SFI have been pretty handson with Istio Service Mesh, Kubernetes, AWS, AWS EKS with 6.5+ industry experience in both North America and Europe.2. Abstract Istio Concepts Explained with DiagramsIstio is pretty complex, and its operational complexities are pretty high. That means, a learning curve is also high.Especially with Istio, its documentation page offers LITTLE to NO diagrams explaining relationships between `Gateway`, `Virtual Service`, `Destination Rule`, `Service Entry`, etc. So I created a whole bunch of diagrams from high level architectures to low level YAML resources for Istio features such as canary rollout/traffic splitting, JWT Authentication and Authorization, and much more. You will have the most VISUAL-oriented learning experience you can EVER find on the Internet for Istio.3. Updated Knowledge about Istio Service Mesh v1.6~ in 2020Some of the Istio Architecture and Componets are outdated. I will demonstrate 2020-updated version of resources and concepts.4. Tons of handson!I won't bore you with dry lectures. Instead every concepts are paired with handson demo.5. Entire course under FIVE HOURSI tried to make this course compact and concise so students can learn the concepts and handson skills in shorted amount of time, because I know a life of software engineer is already pretty busy :)My background & Education & Career experienceCloud DevOps Software Engineer with 6.5+ years experienceBachelor of Science in Computing Science from a Canadian universityKnows Java, C#, C++, Bash, Python, JavaScript, Terraform, IaCExpert in AWS (holds AWS DevOps Professional certification) and Kubernetes (holds Certified Kubernetes Administrator, CKA)I will see you inside!

Overview

Section 1: Introduction

Lecture 1 5 Reasons Why You Should Take This Course!

Lecture 2 Instructor's background & career experiences

Section 2: Intro to Istio Service Mesh

Lecture 3 Download Course Material

Lecture 4 What is Service Mesh

Lecture 5 Istio Service Mesh Architecture

Lecture 6 Istio Architecture Change After v1.5

Lecture 7 Why Istio

Lecture 8 (Optional if using Minikube or GKE) AWS Setup (Account, IAM user, Access Key)

Lecture 9 TIPS: How to Reduce AWS Billing & Setup Email Alerts

Lecture 10 Install CLIs (aws, aws-iam-authenticator, kubectl, eksctl)

Lecture 11 Create named AWS Profile in ~/.aws/credentials

Lecture 12 Create AWS EKS Cluster using eksctl

Section 3: Install istio

Lecture 13 Install Istioctl CLI

Lecture 14 Demo profile no longer installs Prometheus, Kiali, Jaeger from istio v1.7.0

Lecture 15 Deploy Istio Service Mesh to K8s cluster

Lecture 16 Enable Istio Sidecar Injection

Section 4: Monitoring

Lecture 17 Monitoring Overview

Lecture 18 Monitoring with Grafana and Prometheus

Section 5: Deploy and Expose Sample Apps (guestbook) using Service and Ingress

Lecture 19 Deploy Pods and Services and Access Externally (public AWS ELB)

Lecture 20 Deploy Nginx Ingress Controller using Helm Chart

Lecture 21 Create Ingress resource YAML

Lecture 22 Delete K8s Service of type LoadBalancer and AWS ELB

Lecture 23 Architecture Recap

Lecture 24 BONUS: Create Private Ingress Gateway

Section 6: Expose Apps using Istio Gateway and Virtual Service (vs Ingress Controller)

Lecture 25 What is Gateway

Lecture 26 Gateway YAML Anatomy

Lecture 27 What is Virtual Service

Lecture 28 Virtual Service YAML Anatomy

Lecture 29 Deploy Gateway and Virtual Service

Lecture 30 Uninstall Nginx Ingress Controller

Lecture 31 Deploy Bookinfo App

Section 7: Traffic Management

Lecture 32 Traffic Management Overview

Lecture 33 Weight Based Routing (Canary/Traffic Splitting) using Destination Rules

Lecture 34 Identity Based Routing using Virtual Service

Lecture 35 Query String Based Routing using Virtual Service

Lecture 36 URI Path Based Routing using Virtual Service

Lecture 37 Inject Fault (Latency Delay) using Virtual Service

Lecture 38 Configure Timeouts using Virtual Service

Lecture 39 Configure Retry using Virtual Service

Lecture 40 Mirror Live Traffic using Virtual Service

Lecture 41 Configure Custom Load Balancing Policy for Pods using Destination Rule

Lecture 42 Enable Sticky Session for Virtual Service Load Balancing

Lecture 43 Configure Rate Limiting

Lecture 44 Configure Circuit Breaker

Section 8: Security in Transit (TLS/HTTPS)

Lecture 45 Enable TLS Termination at Load Balancer.

Lecture 46 Enable HTTPS for Multiple Domains using SNI

Lecture 47 Verify Mutual TLS among pods in Service Mesh

Lecture 48 Enable STRICT Mutual TLS Globally (all namespaces)

Lecture 49 Enable STRICT Mutual TLS for Namespace

Lecture 50 Enable STRICT Mutual TLS for workloads in namespace

Lecture 51 Enable HTTP Redirect to HTTPS

Section 9: End-User Authentication and Authorization with JWT

Lecture 52 Enable End-User Authentication and Authorization with JWT

Lecture 53 Enable End-user Authentication with JWT per HTTP Path

Lecture 54 Enable End-user Authentication with JWT per HTTP Path and Host

Lecture 55 Enable JWT Authorization using HTTP Header Attribute

Lecture 56 Enable JWT Authorization using Source IP

Lecture 57 Delete AuthorizationPolicy Resource

Section 10: Egress Traffic Security and Traffic Control

Lecture 58 Egress Security Overview

Lecture 59 Register External URLs with Service Entry

Lecture 60 Set Timeouts for Egress Requests

Section 11: Observability and Monitoring

Lecture 61 Observability

Lecture 62 Jaeger Dashboard for Request Tracing

Lecture 63 Kiali Dashboard

You want to learn how to secure K8s in-cluster network with Istio Service Mesh,You feel overwhelmed and don't know where to start with Istio Service Mesh in Kubernetes,You used Nginx Ingress Controller but want to use production-ready Ingress Controller,You used AWS ALB Ingress Controller but its limitation with ingress YAML pushed you away from using it,You want to learn service mesh so that you can control in-cluster traffic to microservice applications,You want to authenticate and authorize end users using JWT using Istio,You want to be able to configure SSL for AWS ELB using Istio Ingress Gateway Service YAML,You want to learn how to monitor microservice app's distributed request tracing using Kiali and Jaeger dashboards