Istio Training 6 π¬ Rollout mTLS to your services
Paid
Members
Public
Rollout mTLS to your services Istio can automatically encrypt traffic between services in the mesh with mutual TLS. For this to happen, both sides of the connection must be in the mesh and configured for mTLS. By default, with no configuration specified, Istio will adopt a "permissive" policy which means
Istio Training 7 π¬ Controlling Configuration Scope
Paid
Members
Public
Controlling Configuration Scope By default Istio networking resources and services are visible to all services running in all namespaces that are part of the Istio service mesh. As you add more services to the mesh, the amount of sidecar proxy's configuration increases dramatically which will grow your sidecar proxy's memory
Istio Training 8 π¬ Debugging Istio Config
Paid
Members
Public
Debugging Istio Config The service mesh contains proxies that are on the request path between services. When anomalies are detected, it's typically because of a misconfiguration. In this lab, we explore tools to troubleshoot misconfiguration and get a better understanding of how to debug Istio. istioctl analyze The istioctl CLI
Istio Training 9 π¬Zero downtime upgrades
Paid
Members
Public
Zero downtime upgrades In this challenge, we will learn the proper method of upgrading Istio without your applications experiencing any downtime. This involves deploying a canary instance of the new Istio version, testing with a small workload first, and then gradually moving over all workloads while monitoring. This approach is
Istio Training 10 π¬Automating Config with ArgoCD and Argo Rollouts
Paid
Members
Public
Install and configure Argo Rollouts with IstioExit [https://play.instruqt.com/study-room/invites/ghe2rwkadr5z/soloio/tracks/operationalizing-istio] Start Automating Config with ArgoCD and Argo Rollouts ArgoCD ArgoCD is a collection of tools for keeping Kubernetes clusters in sync with sources of configuration (like Git repositories), and automating updates to configuration
Istio Training 11 π¬ Multi-tenancy
Paid
Members
Public
we will dive into namespace tenancy where 3 teams each have their own hostname, deployed workloads, and Istio configuration while sharing the same cluster. Multi-tenancy In Istio, a tenant is a group of users that share common access and priviledges for a set of deployed workloads. Tenants are like teams,
Istio Training 12 π¬ Certificate Rotation
Paid
Members
Public
Istio uses x509 certificates and SPIFFE to implement identity and uses this mechanism to accomplish two important security practices: implement authentication and encrypt the transport (TLS/mTLS). Certificate Rotation One important capability that Istio provides is workload identity. With workload identity, we can encode an identity into a verifiable document
Istio Training 13 π¬ Multi-cluster Istio
Paid
Members
Public
Install an Istio mesh across multiple Kubernetes clusters. Multi-cluster IstioIn this lab, we explore some of Istio's multi-cluster capabilities. Istio actually has a few different approaches to multi-cluster as you can see in the documentation but we recommend you chose an approach that favors running multiple control planes (starting with
