Using Istio Service Mesh on k8s

Part of our "Kubernetes & MSA" courses

2 days

Course Overview

This course explains how to use the Istio ServiceMesh for routing and managing and network traffic, enforce security and how to observe telemetry.

Course Prerequisites

Students are expected to have basic knowledge of Kubernetes. We advice students to follow our KUBERNETES course. Though not required, it is helpful to have an understanding of Microservice architecture and patterns



  • Introduction to a Service Mesh
  • Introduce/recap Micro-services Architecture (MSA ) patterns (in particular the *sideecar**)
  • Discuss challenges in a service mesh
  • Understand the differences between an Enterprise Service Bus (ESB) and a Service Mesh
  • Introduce Istio
  • High-level architecture of Istio
  • Components of the data plane and control plane
  • Introduce the Envoy project and its use in Istio
  • Brief overview of installation and configuration techniques (e.g, Istioctl, Helm)
  • Install Istio using Istioctl

Traffic Management

  • Overview of traffic management with Istio
  • Controlling Ingress and Egress trafic
  • Configuring Gateways
  • Defining Virtual Services
  • Understand host and destination bindings
  • Controlling *HTTP** trafic (matching, rewriting, redirecting, …)
  • Testing resilience by using declarative faults
  • Using Destination rules
  • Flowing traffic to different versions (subsets)
  • Managing versions using mirroring
  • Explicitly adding Service Entries for outside traffic
  • Resilience service with Circuit Breakers


  • Understand the need for declarative security
  • List security tasks (identity, message privacy, message integrity, non-repudiation)
  • Understand Istio identity (users, services)
  • Add end-user authentication using JWT
  • Apply Mutual TLS (mTLS) for inter-service authentication
  • Managing certificates
  • mTLS Migration techniques
  • Using namespaces and label selectors to enforce policies
  • Define HTTP-based access-control
  • Using JWT to define end-user/external client access control


  • Overview of Istio's Observability options
  • Using Envoy's access logs
  • Introduce Metrics
  • Understand the different levels of metrics gathering (Envoy, Service and control plane)
  • Configuring service-level metrics
  • Using Prometheus and Grafana for metric visualisation
  • Trace request traffic through your mesh (Distributed traces)
  • Using Jaeger as a trace-backend (discuss other options)

Public Events

Currently we have no public courses planned for Using Istio Service Mesh on k8s

Private Events

Do you have a team that needs a Using Istio Service Mesh on k8s course?

Contact Us

Send us a message

This Using Istio Service Mesh on k8s course looks very interesting, I do however have a question