Istio in Action
Christian E. Posta and Rinor Maloku
  • MEAP began September 2018
  • Publication in Early 2021 (estimated)
  • ISBN 9781617295829
  • 375 pages (estimated)
  • printed in black & white

The definitive guide to understand Istio and when it's worth using it.

Andrea Cosentino
Many enterprise applications intertwine code that defines an app’s behavior with code that defines its network communication and other non-functional concerns. The “service mesh” pattern, implemented by platforms like Istio, helps you push operational issues into the infrastructure so the application code is easier to understand, maintain, and adapt. Istio in Action teaches you how to implement a full-featured Istio-based service mesh to manage a microservices application. With the skills you learn in this comprehensive tutorial, you’ll be able to delegate the complex infrastructure of your cloud-native applications to Istio!

About the Technology

Cloud-native applications can include thousands of clustered containers, distributed components, and complex interactions. To build them effectively, developers need a new approach to infrastructural concerns like monitoring, storage, scaling, orchestration, and security. The Istio platform offers a configurable infrastructure layer called a service mesh that reliably and efficiently manages day-to-day concerns like service discovery, load balancing, encryption, authentication and authorization, circuit breakers, and more. Open source and cloud-ready, Istio is a welcome upgrade from manually managed microservices infrastructure.

About the book

Istio in Action is a comprehensive guide to handling authentication, routing, retrying, load balancing, collecting data, security, and other common network-related tasks using the Istio service mesh platform. With author Christian Posta’s expert guidance, you’ll experiment with a basic service mesh as you explore the features of Envoy, Istio’s service proxy. With helpful diagrams and hands-on examples, you’ll learn how to use this open-source service mesh to control routing, secure container applications, and monitor network traffic. You’ll also bring Istio to legacy systems without changes to your applications and discover how to use Istio in a multi-cloud world with the data layer deployed on a cluster like Kubernetes.
Table of Contents detailed table of contents

Part 1

1 Introducing Istio Service Mesh

1.1 Optimize to go faster, safely

1.1.1 Microservices and APIs to build large systems

1.1.2 Automated testing

1.1.3 Containers

1.1.4 Continuous integration and Continuous Delivery

1.2 Challenges of going faster

1.2.1 Our cloud infrastructure is not reliable

1.2.2 Making service interaction resilient

1.2.3 Understanding what’s happening in real time

1.3 Solving these challenges with application libraries

1.3.1 Drawbacks to application-specific libraries

1.4 Pushing these concerns to the infrastructure

1.4.1 Don’t we already have this in our container platforms?

1.4.2 The application-aware service proxy

1.4.3 Meet Envoy proxy

1.5 What’s a service mesh?

1.6 Introducing Istio service mesh

1.6.1 How service mesh relates to Enterprise Service Bus

1.6.2 How service mesh relates to API gateway

1.6.3 Can I use Istio for non-microservices deployments?

1.6.4 What problems does service mesh NOT solve?

1.7 Summary

2 First steps with Istio

2.1 Deploying Istio on Kubernetes

2.1.1 Using Minikube for our samples

2.1.2 Getting the Istio distribution

2.1.3 Installing the Istio components into Kubernetes

2.2 Getting to know the Istio control plane

2.2.1 Istiod

2.2.2 Ingress and Egress gateway

2.3 Deploy your first application in the service mesh

2.4 Exploring the power of Istio with resilience, observability, and traffic control

2.4.1 Istio observability

2.4.2 Istio for resiliency

2.4.3 Istio for traffic routing

2.4.4 Clean up and prepare Istio for rest of the book

2.5 Summary

3 Istio’s data plane: Envoy Proxy

3.1 What is Envoy Proxy

3.1.1 Envoy’s core features

3.1.2 Envoy compared to other proxies

3.2 Configuring Envoy

3.2.1 Static configuration

3.2.2 Dynamic configuration

3.3 Envoy in action

3.3.1 Envoy’s Admin API

3.3.2 Envoy request retries

3.4 How Envoy fits with Istio

3.5 Summary

Part 2

4 Istio Gateway: getting traffic into your cluster

4.1 Traffic ingress concepts

4.1.1 Virtual IPs: simplifying service access

4.1.2 Virtual Hosting: multiple services from a single access point

4.2 Istio Gateway

4.2.1 Specifying Gateway resources

4.2.2 Gateway routing with Virtual Services

4.2.3 Overall view of traffic flow

4.2.4 Istio Gateway vs Kubernetes Ingress

4.3 Securing Gateway traffic

4.3.1 HTTP traffic with TLS

4.3.2 HTTP redirect to HTTPS

4.3.3 HTTP traffic with mutual TLS

4.3.4 Serving multiple virtual hosts with TLS

4.4 TCP traffic

4.4.1 Exposing TCP ports on the Istio Gateway

4.4.2 Traffic routing with SNI and TLS

4.5 Summary

5 Traffic control: fine-grained traffic routing

5.1 Reducing the risk of deploying new code

5.1.1 Deployment vs Release

5.2 Routing requests with Istio

5.2.1 Clean up our workspace

5.2.2 Deploy v1 of catalog service

5.2.3 Deploy v2 of catalog service

5.2.4 Route all traffic to v1 of catalog

5.2.5 Route specific requests to v2

5.3 Traffic shifting

5.4 Lowering risk even further: Traffic mirroring

5.5 Routing to services outside your cluster by using Istio’s service discovery

5.6 Summary

6 Resilience: Solving application-networking challenges

7 Observability with Istio: understanding the behavior of your services

7.1 What is observability?

7.1.1 Observability vs Monitoring

7.1.2 How Istio helps with observability

7.2 Collecting metrics from Istio data plane

7.2.1 Pushing Istio metrics into statsD

7.2.2 Pulling Istio Metrics into Prometheus

7.2.3 Visualize Istio metrics with Grafana

7.3 Creating new metrics to send to Prometheus through Istio-telemetry

7.4 Distributed tracing with OpenTracing

7.4.1 How does it work

7.4.2 Configuring Istio to perform distributed tracing

7.4.3 Viewing distributed tracing data

7.4.4 Limiting tracing apeture

7.5 Visualization with Kiali

7.6 Summary

8 Security

9 Policy

10 Chaos testing

Part 3

11 Debugging the service mesh

12 Scaling Istio in your organization

13 Using gateways across teams

14 Advanced clusters

15 Multi-cloud deployments

16 Advanced policy

17 Advanced security: Configure custom CA/cert managers


Appendix A: Installation options

Appendix B: Sidecar injection options

Appendix C: Control-plane lifecyle management

Appendix D: Istio compared to other service meshes

What's inside

  • Using Istio Pilot to configure service proxies
  • Features of the Envoy service proxy
  • Monitoring network traffic with Prometheus and Grafana
  • Applying Istio to legacy systems with no application changes
  • Using Istio with the data plane deployed on a cluster like Kubernetes

About the reader

For enterprise programmers familiar with containers, microservices, cloud deployment platforms, and text markup languages.

About the authors

Christian Posta is a Chief Architect of cloud applications at Red Hat, an author, a blogger, a speaker, and an open-source enthusiast and committer. He also puts his expertise to good use helping companies deploy their enterprise systems and microservices.

placing your order...

Don't refresh or navigate away from the page.
Manning Early Access Program (MEAP) Read chapters as they are written, get the finished eBook as soon as it’s ready, and receive the pBook long before it's in bookstores.
print book $29.99 $49.99 pBook + eBook + liveBook
Additional shipping charges may apply
Istio in Action (print book) added to cart
continue shopping
go to cart

eBook $24.99 $39.99 3 formats + liveBook
Istio in Action (eBook) added to cart
continue shopping
go to cart

Prices displayed in rupees will be charged in USD when you check out.

FREE domestic shipping on three or more pBooks