Expert Kubernetes & ISTIO: Service Mesh
Transcript of Expert Kubernetes & ISTIO: Service Mesh
Course Introduction
Expert Kubernetes & ISTIO: Service Mesh
Mode of Training: Online Training
Name of Trainer: Mr. Khaja
QUALITY THOUGHT * www.youtube.com/c/LearningThoughts * www.qualitythought.in
* #209,Nilgiri Block, Aditya Enclave, Ameerpet * 1
Expert Kubernetes & ISTIO: Service Mesh
Kubernetes Networking Networking Introduction
Networking History
OSI model
TCP/IP
Application
Transport
Network
Internet Protocol
Link Layer
Linux Networking
Basics
The Network Interface
The Bridge Interface
Packet Handling in the Kernel
Netfilter
Conntrack
Routing
High Level Routing
iptables
IPVS
eBPF
Network Troubleshooting Tools
Security Warning
Ping
Traceroute
Dig
Telnet
Nmap
Netstat
Netcat
openssl
Curl
Container Networking Basics
ph: 99637 99240 Email: [email protected]
QUALITY THOUGHT * www.youtube.com/c/LearningThoughts * www.qualitythought.in
* #209,Nilgiri Block, Aditya Enclave, Ameerpet * [email protected] 2
Docker Networking Model
Overlay Networking
Container Network Interface
Container connectivity
Container to Container
Container to Container Separate Hosts
Exploring Advanced Networking
Understanding the Kubernetes networking model
Intra-pod communication (container to container)
Inter-pod communication (pod to pod)
Pod-to-service communication
External access
Kubernetes networking versus Docker networking
Lookup and discovery
Self-registration
Services and endpoints
Loosely coupled connectivity with queues
Loosely coupled connectivity with data stores
Kubernetes ingress
Kubernetes network plugins
Basic Linux networking
IP addresses and ports
Network namespaces
Subnets, netmasks, and CIDRs
Virtual Ethernet devices
Bridges
Routing
Maximum transmission unit
Pod networking
Kubenet
Container networking interface
Kubernetes networking solutions
Bridging on bare metal clusters
Contiv
Open vSwitch
Nuage networks VCS
Flannel
Calico
Romana
Weave Net
ph: 99637 99240 Email: [email protected]
QUALITY THOUGHT * www.youtube.com/c/LearningThoughts * www.qualitythought.in
* #209,Nilgiri Block, Aditya Enclave, Ameerpet * [email protected] 3
Using network policies effectively
Understanding the Kubernetes network policy design
Network policies and CNI plugins
Configuring network policies
Implementing network policies
Load balancing options
External load balancer
Configuring an external load balancer
Finding the load balancer IP addresses
Preserving client IP addresses
Understanding even external load balancing
Service load balancing
Ingress
HAProxy
MetalLB
Keepalived VIP
Traefic
Kubernetes Patterns Foundational Patterns
Predictable Demands
Declarative Deployment
Health Probe
Managed Lifecycle
Automated Placement
Behavioral Patterns
Batch Job
Periodic Job
Daemon Service
Singleton Service
Stateful Service
Service Discovery
Self Awarness
Structural Patterns
Init Container
Sidecar
Adapter
Ambassador
ph: 99637 99240 Email: [email protected]
QUALITY THOUGHT * www.youtube.com/c/LearningThoughts * www.qualitythought.in
* #209,Nilgiri Block, Aditya Enclave, Ameerpet * [email protected] 4
Configuration Patterns
EnvVar Configuration
Configuration Resource
Immutable Configuration
Configuration Template
Advanced Patterns
Controller
Operator
Elastic Scale
Image Builder
Securing Kubernetes Understanding Kubernetes security challenges
Node Challenges
Network Challenges
Image Challenges
Configuration and deployment challenges
Pod and container challenges
Hardening Kubernetes
Understanding Service Accounts in Kubernetes
How does Kubernetes manage Service Accounts?
Accessing the API server
Authenticating users
Authorizing requests
Using admission control plugins
Securing Pods
Using a private image repository
Image Pull Secrets
Specifying a security context
Protecting your cluster with AppArmor
Pod security policies
Authorizing Pod security policies via RBAC
Managing network policies
Using secrets
Running a multi-user cluster
ph: 99637 99240 Email: [email protected]
QUALITY THOUGHT * www.youtube.com/c/LearningThoughts * www.qualitythought.in
* #209,Nilgiri Block, Aditya Enclave, Ameerpet * [email protected] 5
Kubernetes Monitoring Understanding Observability
Logging
Metrics
Distributed tracing
Application error reporting
Dashboards and visualization
Alerting
Logging with Kubernetes
Container logs
Kubernetes component logs
Centralized Logging
Using Fluentd for log collection
Collecting metrics with Kubernetes
Monitoring with the metrics server
Exploring cluster with Kubernetes Dashboard
The rise of Prometheus
Installing Prometheus
Interacting with Prometheus
Incorporating kube-state-metrics
Utilizing the node exporter
Incorporating the custom metrics
Alerting with Alert Manager
Visualizing metrics with Grafana
Considering Loki
Distributed tracing with Jaeger
What is Open Tracing?
Introducing Jaeger
Jaeger architecture
Installing Jaeger
Troubleshooting problems
ph: 99637 99240 Email: [email protected]
QUALITY THOUGHT * www.youtube.com/c/LearningThoughts * www.qualitythought.in
* #209,Nilgiri Block, Aditya Enclave, Ameerpet * [email protected] 6
Extending Kubernetes Working with Kubernetes API
Understanding OpenAPI
Setting up a proxy
Exploring the Kubernetes API directly
Creating a Pod via the Kubernetes API
Accessing the Kubernetes API via the Python client
Extending the Kubernetes API
Understanding Kubernetes extension points and patterns
Introducing custom resources
Developing custom resource definitions
Integrating custom resources
Understanding AP server aggregation
Utilizing the service catalog.
Writing Kubernetes plugins
Writing a Custom Scheduler
Writing Kubectl plugins
Employing Access control webhooks
Service Mesh using Istio What Is a Service Mesh?
Fundamentals
Sailing into a Service Mesh
Client Libraries: The First Service Meshes?
Why Do You Need One?
Don’t We Already Have This in Our Container Platforms?
Landscape and Ecosystem
Landscape
Ecosystem
The Critical, Fallible Network
The Value of a Service Mesh
ph: 99637 99240 Email: [email protected]
QUALITY THOUGHT * www.youtube.com/c/LearningThoughts * www.qualitythought.in
* #209,Nilgiri Block, Aditya Enclave, Ameerpet * [email protected] 7
The Istio Service Mesh
The Origin of Istio
The Current State of Istio
Cadence
Releases
Feature Status
Future
What Istio Isn’t
It’s Not Just About Microservices
Deploying Istio
Preparing Your Environment for Istio
Docker Desktop as the Installation Environment
Configuring Docker Desktop
Installing Istio
Istio Installation Options
Registering Istio’s Custom Resources
Installing Istio Control-Plane Components
Deploying the Sample Application
Deploying the Sample App with Automatic Sidecar Injection
Networking with the Sample App
Uninstalling Istio
Helm-Based Installations
Install Helm
Install with Helm Template
Confirming a Helm-Based Installation
Uninstalling a Helm-Based Installation
Other Environments
Cloud Native Approach to Uniform Observability
What Does It Mean to Be Cloud Native?
What Is Observability?
Uniform Observability with a Service Mesh
Istio
Service Mesh Architecture
Planes
Istio Control-Plane Components
Service Proxy
Istio Data-Plane Components
Gateways
Extensibility
ph: 99637 99240 Email: [email protected]
QUALITY THOUGHT * www.youtube.com/c/LearningThoughts * www.qualitythought.in
* #209,Nilgiri Block, Aditya Enclave, Ameerpet * [email protected] 8
Customizable Sidecars
Extensible Adapters
Scale and Performance
Deployment Models
Deploying Istio
Preparing Your Environment for Istio
Installing Istio
Helm-Based Installations
Service Proxy
What Is a Service Proxy?
An iptables Primer
Envoy Proxy Overview
Envoy in Istio
Sidecar Injection
Manual Sidecar Injection
Ad Hoc Sidecarring
Automatic Sidecar Injection
Kubernetes Init Containers
Sidecar Resourcing
Envoy’s Functionality
Core Constructs
Certificates and Protecting Traffic
Security and Identity
Access Control
Authentication
Authorization
Identity
SPIFFE
Key Management Architecture
Citadel
Node Agents
Envoy
Pilot
mTLS
ph: 99637 99240 Email: [email protected]
QUALITY THOUGHT * www.youtube.com/c/LearningThoughts * www.qualitythought.in
* #209,Nilgiri Block, Aditya Enclave, Ameerpet * [email protected] 9
Configuring Istio Auth Policies
Pilot
Configuring Pilot
Mesh Configuration
Networking Configuration
Service Discovery
Configuration Serving
Debugging and Troubleshooting Pilot
istioctl
Troubleshooting Pilot
Tracing Configuration
Listeners
Routes
Clusters
Traffic Management
Understanding How Traffic Flows in Istio
Understanding Istio’s Networking APIs
ServiceEntry
DestinationRule
VirtualService
Gateway
Traffic Steering and Routing
Resiliency
Load-Balancing Strategy
Outlier Detection
Retries
Timeouts
Fault Injection
Ingress and Egress
Ingress
Egress
ph: 99637 99240 Email: [email protected]
QUALITY THOUGHT * www.youtube.com/c/LearningThoughts * www.qualitythought.in
* #209,Nilgiri Block, Aditya Enclave, Ameerpet * [email protected] 10
Mixer and Policies in the Mesh
Architecture
Enforcing Policy
Understanding How Mixer Policies Work
Reporting Telemetry
Attributes
Sending Reports
Checking Caches
Adapters
In-Process Adapters
Out-of-Process Adapters
Creating a Mixer Policy and Using Adapters
Mixer Configuration
Open Policy Agent Adapter
Prometheus Adapter
Telemetry
Adapter Models
Reporting Telemetry
Metrics
Configuring Mixer to Collect Metrics
Setting Up Metrics Collection and Querying for Metrics
Traces
Disabling Tracing
Logs
Metrics
Visualization
Debugging Istio
Introspecting Istio Components
Troubleshooting with a Management Plane
Parlaying with kubectl
Workload Preparedness
Application Configuration
Network Traffic and Ports
Services and Deployments
Pods
ph: 99637 99240 Email: [email protected]
QUALITY THOUGHT * www.youtube.com/c/LearningThoughts * www.qualitythought.in
* #209,Nilgiri Block, Aditya Enclave, Ameerpet * [email protected] 11
Istio Installation, Upgrade, and Uninstall
Installation
Upgrade
Uninstallation
Troubleshooting Mixer
Troubleshooting Pilot
Debugging Galley
Debugging Envoy
Envoy’s Administrative Console
503 or 404 Requests
Sidecar Injection
Version Compatibility
Real-World Considerations for Application Deployment
Control-Plane Considerations
Galley
Pilot
Mixer
Citadel
Case Study: Canary Deployment
Cross-Cluster Deployments
Types of Advanced Topologies
Single-Cluster Meshes
Multiple-Cluster Meshes
Use Cases
Choosing a Topology
Cross-Cluster or Multicluster?
Configuring Cross-Cluster
Configure DNS and Deploy Bookinfo
ph: 99637 99240 Email: [email protected]
QUALITY THOUGHT * www.youtube.com/c/LearningThoughts * www.qualitythought.in
* #209,Nilgiri Block, Aditya Enclave, Ameerpet * [email protected] 12
Linkerd Service Mesh Understanding the Linkerd Service Mesh
Introducing the Linkerd Service Mesh
Linkerd architecture
Linkerd proxy
Observability
Reliability
Security
Installing Linkerd
Exploring the Reliability Features of Linkerd
Exploring the Security Features of Linkerd
Exploring the Observability Features of Linkerd
Consul Service mesh Understanding the Consul Service Mesh
Introducing the Consul Service Mesh
Consul architecture
Consul control plane and data planes
Monitoring and visualization
Traffic management
Installing Consul
Exploring the Service Discovery Features of Consul
Exploring the Traffic Management Features of Consul
ph: 99637 99240 Email: [email protected]
QUALITY THOUGHT * www.youtube.com/c/LearningThoughts * www.qualitythought.in
* #209,Nilgiri Block, Aditya Enclave, Ameerpet * [email protected] 13
Jenkins X Introducing Jenkins X
What is Jenkins X?
Key Design Characteristics of Jenkins X
Overall Workflow
Understanding the Technologies
Technologies for working in the cloud
Guiding Principles for Running Well in the Cloud
Containers
Kubernetes
Technologies used in CI/CD pipelines
Jenkins
Jenkins 2
Jenkins X
(Serverless) Jenkins X
Getting Jenkins X Up and Running
Prerequisites
Getting a Cluster
Installing Jenkins X in the Cluster
Using Microsoft Azure Kubernetes Service
Using Amazon’s Elastic Kubernetes Services
The jx-requirements.yml File
Getting Up and Running with Projects
Creating a Quickstart Project
Making and Previewing Changes
Promoting your Project
Getting your App to Production
ph: 99637 99240 Email: [email protected]