Service Mesh with Istio Ambient Bootcamp: Manage Security and Traffic Routing

This bootcamp will demonstrate the security and traffic routing capabilities of a service mesh tool like Istio Ambient. Istio Ambient introduces a new service mesh architecture that eliminates the need for sidecars entirely. Following a brief introduction to service meshes, the security features and traffic routing capabilities will be presented and implemented at each stage.

The process begins with TLS/mTLS termination in the ingress gateway. From then on, all subsequent communication within the service mesh is secured using mTLS. Outgoing communication is also monitored and controlled by the egress gateway. Additionally, we demonstrate which request-based authorisation checks can be taken over by the service mesh.

The associated security best practices are listed and explained for each sub-aspect. Since incorrect security settings can have serious consequences, the options available for error analysis are presented for each security aspect.

On the second day of the bootcamp, we will combine multiple microservices with Istio Ambient to form a complex service mesh. Using concrete samples, we will learn how the necessary Istio rules interact with these services. Different real-world requirements, such as configuration, tracing, resilience and testing, will be shown in combination with best practices. Additionally, the bootcamp will demonstrate other features that Istio Ambient offers to prevent issues in the everyday use of distributed applications.

All participants will receive the slides and code samples, together with the relevant Kubernetes/Istio scripts. Special handouts will include an Istio cheat sheet and a collection of Istio best practices.

DevOpsCon:
Service Mesh with Istio Ambient Bootcamp: Manage Security and Traffic Routing (Day 1)
Service Mesh with Istio Ambient Bootcamp: Manage Security and Traffic Routing (Day 2)