Mastering Service Mesh

▶Book Description
Although microservices-based applications support DevOps and continuous delivery, they can also add to the complexity of testing and observability. The implementation of a service mesh architecture, however, allows you to secure, manage, and scale your microservices more efficiently. With the help of practical examples, this book demonstrates how to install, configure, and deploy an efficient service mesh for microservices in a Kubernetes environment.

You'll get started with a hands-on introduction to the concepts of cloud-native application management and service mesh architecture, before learning how to build your own Kubernetes environment. While exploring later chapters, you'll get to grips with the three major service mesh providers: Istio, Linkerd, and Consul. You'll be able to identify their specific functionalities, from traffic management, security, and certificate authority through to sidecar injections and observability.

By the end of this book, you will have developed the skills you need to effectively manage modern microservices-based applications.

▶What You Will Learn
- Compare the functionalities of Istio, Linkerd, and Consul
- Become well-versed with service mesh control and data plane concepts
- Understand service mesh architecture with the help of hands-on examples
- Work through hands-on exercises in traffic management, security, policy, and observability
- Set up secure communication for microservices using a service mesh
- Explore service mesh features such as traffic management, service discovery, and resiliency

▶Key Features
- Manage your cloud-native applications easily using service mesh architecture
- Learn about Istio, Linkerd, and Consul – the three primary open source service mesh providers
- Explore tips, techniques, and best practices for building secure, high-performance microservices

▶Who This Book Is For
This book is for solution architects and network administrators, as well as DevOps and site reliability engineers who are new to the cloud-native framework. You will also find this book useful if you’re looking to build a career in DevOps, particularly in operations. Working knowledge of Kubernetes and building microservices that are cloud-native is necessary to get the most out of this book.

▶What this book covers
In this book, we are focusing on Istio, Linkerd, and Consul from the implementation perspective.

A service mesh implementation, such as Istio, takes away some of the responsibilities of developers and puts them in a dedicated layer so that they are consumable without writing any code. In other words, it frees up developers so that they can focus on business logic and places more responsibility in the hands of operational professionals.

This book is not about developing microservices, and so does not cover the persona of a developer.

- Chapter 1, Monolithic Versus Microservices, provides a high-level overview of monolithic versus microservices-based applications. The evolution of service-oriented architecture to microservices-based architecture became possible as a result of distributed computing through Kubernetes.

- Chapter 2, Cloud-Native Applications, provides an overview of building cloud-native applications using container-based environments to develop applications built with services that can scale independently. This chapter explains the ease of Development (Dev) using the polyglot app through containerization and the assumption of further responsibilities by Operations (Ops) due to the decoupling of services.

- Chapter 3, Service Mesh Architecture, covers the evolution of the term service mesh and its origin. It provides an overview of the service mesh as a decoupling agent between Dev (provider) and Ops (consumer) and explains basic and advanced service communication through smart endpoints and trust between microservices.

- Chapter 4, Service Mesh Providers, provides an overview of the three open source service mesh providers – Istio, Linkerd, and Consul.

- Chapter 5, Service Mesh Interface and SPIFFE, provides an introduction to the evolving service mesh interface specification. The SPIFFE specification offers secure naming for the services running in a Kubernetes environment.

- Chapter 6, Building Your Own Kubernetes Environment, explains how, in order to learn about service meshes with any of the three providers throughout this book, having a development environment is essential. There are choices when it comes to spinning a Kubernetes cluster in a public cloud, and that requires an upfront cost. This chapter provides a straightforward way to build your single-node Kubernetes environment so that you can practice the examples using your laptop or MacBook.

- Chapter 7, Understanding the Istio Service Mesh, shows the architecture of the Istio control plane and its features and functions.

- Chapter 8, Installing the Demo Application, shows how to install the demo application for Istio.

- Chapter 9, Installing Istio, shows the different ways of installing Istio using separate
profiles to suit the end goal of a service mesh.

- Chapter 10, Exploring Istio Traffic Management Capabilities, shows Istio's features of traffic routing from the perspectives of canary testing, A/B testing, traffic splitting, shaping, and conditional routing.

- Chapter 11, Exploring Istio Security Features, explores how to secure service-to-service communication using mTLS, securing gateways, and using Istio Citadel as a certificate authority.

- Chapter 12, Enabling Istio Policy Controls, explores of enabling network controls, rate limits, and the enforcement of quotas without having to change the application.

- Chapter 13, Exploring Istio Telemetry Features, looks at using observability features in Prometheus, Grafana, and Kiali to display collected metrics and service-to-service communication.

- Chapter 14, Understanding the Linkerd Service Mesh, shows the architecture of Linkerd from the control plane perspective to demonstrate its features and functions.

- Chapter 15, Installing Linkerd, shows how to install Linkerd in Kubernetes, how to set up a Linkerd demo emoji application, and how to inject a sidecar proxy.

- Chapter 16, Exploring the Reliability Features of Linkerd, goes through Linkerd traffic reliability features and covers load balancing, retries, traffic splitting, timeout circuit breaking, and dynamic request routing.

- Chapter 17, Exploring the Security Features of Linkerd, explains the process of setting up mTLS without any configuration by default and gradual installation as regards the certificate creation process.

- Chapter 18, Exploring the Observability Features of Linkerd, details the Linkerd dashboard and CLI, which provides some insights into the service mesh for live traffic, success rates, routes, and latencies.

- Chapter 19, Understanding the Consul Service Mesh, shows the architecture of Consul from the control plane perspective to demonstrate its features and functions.

- Chapter 20, Installing Consul, shows how to install Consul in Kubernetes and VMs/baremetal machines.

- Chapter 21, Exploring the Service Discovery Features of Consul, shows a demo application explaining Consul service discovery, key/value stores, ACLs, intentions, and monitoring/metrics collection. We explain the integration process of external services running in a non-Kubernetes environment.

- Chapter 22, Exploring Traffic Management in Consul, shows the integration of Consul using the open source project Ambassador. It shows traffic management capabilities such as rate limits, self-service routing, testing, and enabling end-to-end TLS through the use of an Envoy sidecar proxy.