DO328: Building Resilient Microservices with Istio and Red Hat OpenShift Service Mesh

As part of this exam, you should be able to perform these tasks:

• Understand and work with Red Hat Openshift Service Mesh Custom Resources
• Deploy and configure applications on Service Mesh:
  • Install sidecar manually in pod applications
  • Automatic sidecar injection using annotations
  • Understand the configuration of network policies (Mesh members, external services, etc.)
• Work with request routing and traffic management.
  • Be able to configure static and dynamic request routing to different versions of an application
• Understand the deployment/release pattern strategies that Red Hat OpenShift Service Mesh® can help with, providing more complex operational functionality, including A/B testing and canary releases
• Configure and manage advanced routing techniques to control the flow and API calls between services
  • Traffic shifting migration within the mesh producing between different services A/B testing, canary rollouts, and staged rollouts with percentage-based traffic splits, and dark launches for a selective group of users
  • Take profit of the traffic mirroring capabilities to bring changes to the microservices. Be able to produce shadowing launches copying the live traffic
• Send the inbound and outbound traffic from and to the mesh, managing the ingress and egress traffic control policies
  • Define and control gateway entry points into the mess for the incoming traffic allowing pass requests through the services
  • Enable controlled access to external publicly accessible services from within the istio cluster
• Be able to configure the network resilience and the fault tolerance dynamically at runtime to ensure the failing nodes and prevent localized failures from cascading
  • Control the waiting time for replies defining timeouts
  • Enhance service availability specifying the number of request attempts with retry strategies
  • Limit for calls within a service and prevent access to an overloaded or failing host applying a circuit breaker mechanism
  • Specify the connection and ejection pool policies configuring the load balancing destination rules
• Work and configure Service Mesh policy checks
  • Define enforcement features through policies, configure local and global rate limiting, and define access quotas
  • Enable and configure the authorization for denial and allow policies applied to a workload
• Understand and configure the workload-to-workload communication using the implemented architecture for authentication and authorization security in Service Mesh
  • Provide service-to-service communication with secure naming authorization
  • Tunnel the service-to-service communication using mutual TLS communication.
  • Map the identity of the service name with secure naming
  • Define peer authentication policies to enforce the mutual TLS mode
  • Define the required end-user authentication policy check.  Define and configure access authorization rules for service and end-user to workload communications
• Understand and work with the fault injection mechanisms to introduce errors and chaos testing into the system to test the failure recovery capacity of the applications
  • Inject timing failures producing delays to mimic increased network latency or overloaded services
  • Produce crash failures with error response injections and TCP connection failures