Michael Hofmann

Michael Hofmann

Ich bin freiberuflich als Berater, Coach, Referent und Autor tätig. Meine langjährigen Projekterfahrungen in den Bereichen Softwarearchitektur, Java Enterprise, DevOps und Cloud habe ich im deutschen und internationalen Umfeld gesammelt.

Service Mesh Overview: From Traffic Routing to Zero Trust

Abstract

This workshop provides an overview of the available functionalities of Istio. After a short introduction to Istio and its architecture, the various possible use cases of a service mesh are presented. The range extends from Istio’s ingress gateway to mTLS communication and traffic routing (including resilience, canary releasing, A/B testing, blue green deployment). Finally, we show the necessary steps to set up a zero trust cluster with Istio.

Participants will have access to the slides and code samples as well as the Kubernetes or Istio Yaml files used, as well as an Istio cheat sheet and a collection of Istio’s best practices.

Content

I. Fundamentals

  • Introduction to Service Mesh

II. Create a Service Mesh

  • Service configuration and deployment in Kubernetes
  • Basic Istio rules for traffic management (Gateway, VirtualService, DestinationRule)
  • Introduction Service Mesh Dashboard (Kiali)

III. Traffic Routing

  • Alternatives of resilience (Service Mesh vs. service implementation)
  • A/B testing with traffic shifting and traffic mirroring
  • Canary releasing
  • Istio’s Best Practices

IV. Zero Trust

  • Ingress Gateway with TLS termination
  • Activate mTLS for entire Service Mesh
  • End-User Authentication
  • Istio’s Security Best Practices

Target audience and prerequisites

  • Developers with interests in Microservices and maybe with first experiences in handling more services.
  • Architects who have to decide which tools and concepts they want to use to manage the challenges of a Service Mesh.
  • Security engineers who have high security requirements for their microservices in the cloud.

Procedure

All practical parts of the workshop will be shown by demos. Everybody who wants to work hands on can do this with the available code samples and scripts. The necessary installations will be presented two weeks before the workshop (laptop with kubectl, Docker Desktop, Istio). The workshop can be conducted on-site or remotely. Please get in touch for further questions.

Prepare for workshop

A detailed installation description for the audience can be found here: Prepare for workshop

Aktualisiert:

Ihnen gefällt vielleicht auch