Using Istio Service Mesh on k8s

2 Days
Online Duration
2 Days

Students are expected to have basic knowledge of Kubernetes. We advice students to follow our KUBERNETES course.

Though not required, it is helpful to have an understanding of Microservice architecture and patterns

Course Contents


  • Introduction to a Service Mesh
  • Introduce/recap Micro-services Architecture (MSA ) patterns (in particular the *sideecar**)
  • Discuss challenges in a service mesh
  • Understand the differences between an Enterprise Service Bus (ESB) and a Service Mesh
  • Introduce Istio
  • High-level architecture of Istio
  • Components of the data plane and control plane
  • Introduce the Envoy project and its use in Istio
  • Brief overview of installation and configuration techniques (e.g, Istioctl, Helm)
  • Install Istio using Istioctl

Traffic Management

  • Overview of traffic management with Istio
  • Controlling Ingress and Egress trafic
  • Configuring Gateways
  • Defining Virtual Services
  • Understand host and destination bindings
  • Controlling *HTTP** trafic (matching, rewriting, redirecting, …)
  • Testing resilience by using declarative faults
  • Using Destination rules
  • Flowing traffic to different versions (subsets)
  • Managing versions using mirroring
  • Explicitly adding Service Entries for outside traffic
  • Resilience service with Circuit Breakers


  • Understand the need for declarative security
  • List security tasks (identity, message privacy, message integrity, non-repudiation)
  • Understand Istio identity (users, services)
  • Add end-user authentication using JWT
  • Apply Mutual TLS (mTLS) for inter-service authentication
  • Managing certificates
  • mTLS Migration techniques
  • Using namespaces and label selectors to enforce policies
  • Define HTTP-based access-control
  • Using JWT to define end-user/external client access control


  • Overview of Istio's Observability options
  • Using Envoy's access logs
  • Introduce Metrics
  • Understand the different levels of metrics gathering (Envoy, Service and control plane)
  • Configuring service-level metrics
  • Using Prometheus and Grafana for metric visualisation
  • Trace request traffic through your mesh (Distributed traces)
  • Using Jaeger as a trace-backend (discuss other options)
For an onsite course please contact us