Red Hat OpenShift Service Mesh Advanced

In this course, students learn how to manage manage complex microservice architected applications using a service mesh.

DURATION: 24 hours.
MODALITY: ILT
PROFICIENCY LEVEL: Advanced
PRODUCT: Red Hat Service Mesh

Description

In this course, students will build upon Foundational knowledge of Red Hat OpenShift Service Mesh. All learning objectives of this course will be achieved by applying service mesh functionality to a real-world micro-service architected application. This course will introduce students to the use of securing inter-service communication via the mutual TLS functionality of the product. In addition, students will utilize the multi-tenancy capabilities of the product deployed on a single OpenShift cluster. Performance testing on the service mesh tenants will be conducted and results will be analyzed. Finally, students will plugin a 3scale adapter to the control plane of the Service Mesh product so as to apply API policies to both inbound traffic as well as traffic between services in the mesh. As part of this last exercise, students will observe analytics and tracing of traffic in and throughout the service mesh.

Agenda

Each course module listed below will consist of a slide presentation and one or more corresponding hands-on labs.

01_Multi_Tenancy
1. Istio & Jaeger - Introduction and Overview
2. Labs
  1. 01_1_Assets_Lab
    
    Access to OCP environment
    
    Review Service Mesh operator, istio-cni plugin and CRDs
    
    Review Service Mesh control plane
    
    Introduce Emergency Response demo
  2. 01_2_Multi_Tenancy_Lab
    
    Understand importance of Service Mesh multi-tenancy
    
    Understand ServiceMeshMemberRoll
    
    Understand Envoy Data Plane
3. Slides: Red Hat Service Mesh Engineering Design Decisions (Kevin Connor)
02_Security
1. Slides: Service Mesh Security
2. Labs:
  1. 02_1_Secure_mTLS_Lab
03_Reliability
1. Slides: ???
2. Labs:
  1. 03_1_Reliability_Lab (jeff)
    
    Add retries to PAM invocations postgresql
    
    Add circuit-breaker to clients invoking PAM postgresql
04_Observability
1. Slides ???
2. Labs
  1. 04_1_Distributed_Tracing_Lab (bernard)
  2. 04_2_Prometheus_AlertManager_Lab (bernard)
  3. 04_3_Kiali_Service_Graph_Lab (???? …. Bernard)
05_Mixer_Adapters
1. Slides (Jeff)
2. Labs
  1. 05_1_API_Mgmt_Adapter_Lab
06_Production Considerations
1. Slides: Production_Considerations_and_Load_Testing (Kevin Connor)
2. Labs:
  1. 06_Chaos_Engineering_Lab (bernard)
07_Homework
1. 07_1_Homework_Lab (jeff)

Pre-reqs

Service Mesh Foundations

Lab Environment (jeff)

OCP 4.2
1. Provisioned from labs.opentlc.com → OCP4 Workshop Deployer
2. Instructor uses MachineSet API to scale to appropriately sized cluster
  1. Emergency Response (16GB RAM) + Istio Control Plane (6GB RAM) = 22GB RAM per student
3. Service Mesh Control Plane
  1. Instructor layers 1 Service Mesh Control Plane per student
  2. user[1-100] has view access to service mesh control plane
  3. admin[1-100] has admin access to service mesh control plane (but is not a cluster admin)
4. RH-SSO
  1. Used as Identity Provider (via OIDC) for the following:
    
    OCP 4
    
    3scale
    
    Emergency Response Demo ??
5. 3scale Control Plane
  1. Insructor provisions 1 3scale Control Plane
  2. Instructor creates 1 tenant per student
    
    user[1-100] is an API provider for their tenant
    
    admin[1-100] is a admin of their tenant
6. Instructor layers 1 Emergency Response Demo per student
  1. Both uer[1-100] and admin[1-100] have admin access to this emergency-response-demo namespace
Client tooling (on student laptop)
1. Browser
2. oc 4.2 utility
3. istioctl

Reference

Service Mesh Technical Competency Model

Versions

0.0.1 - Feb 05, 2020 - Pilot release 0.0.2 - Apr 28, 2020 - Editor updates 1.0.0 - Aug 13, 2020 - Full Release 1.0.1 - Sep 24, 2020 - minor update