Cognitive Class

Beyond the Basics: Istio and IBM Cloud Kubernetes Service

Start managing your microservices with Istio on IBM Cloud Kubernetes Service. This course shows you how to better control traffic to services, observe service health, and secure the service mesh.

Start the Free Course

About this course

Istio is an open platform to connect, secure, and manage a network of microservices, also known as a service mesh, on cloud platforms such as Kubernetes in IBM Cloud Kubernetes Service. With Istio, You can manage network traffic, load balance across microservices, enforce access policies, verify service identity on the service mesh, and more.

In this course, you learn how to install Istio alongside microservices for a simple mock app called Guestbook. When you deploy Guestbook's microservices into an IBM Cloud Kubernetes Service cluster where Istio is installed, you inject the Istio Envoy sidecar proxies in the pods of each microservice.

Note: Some configurations and features of the Istio platform are still under development and are subject to change based on user feedback. Allow a few months for stabilization before you use Istio in production.

What will I get after passing this course?

  • You will receive a completion certificate.

Course syllabus

  • Set up your environment
    • Install command line utilities
    • Deploy the Guestbook app with Istio Proxy
    • Install the Guestbook app with manual sidecar injection
    • Add the Watson Tone Analyzer service
  • Lab 1: Observe service telemetry - metrics and tracing
    • Challenges with microservices
    • Configure Istio to receive telemetry data
    • View guestbook telemetry data
    • Tying spans together
  • Lab 2: Expose the service mesh with the Istio Ingress controller
    • Istio Ingress controller
    • Expose the Guestbook app with Ingress
    • Optional: Set up the Istio Ingress controller to work with the IBM Cloud Container Service
  • Lab 3: Manage traffic
    • Rules to manage traffic
    • Guestbook app
    • Perform A/B testing with Istio
    • Incrementally roll out changes with canary deployments
    • Circuit breakers and destination rules
  • Lab 4: Secure your services
    • Mutual authentication with Transport Layer Security (mTLS)
    • Set up Istio Certificate Authority (CA)
    • Disabling authentication
  • Lab 5: Enforce policies for microservices
    • Service isolation with the denier adapter
    • Create a policy that denies access to services
  • Final exam


You should have a basic understanding of containers, microservices, Istio, and IBM Cloud Kubernetes Service. If you have no experience with those, take the following courses:

  • Getting Started with Containers on IBM Cloud
  • Getting Started with Microservices with Istio and IBM Cloud Kubernetes Service

You must have a Trial, Pay-As-You-Go, or Subscription IBM Cloud account to complete this course.

Use Kubernetes 1.9.x or later because earlier versions might require changes in manifests.

You must have already created a cluster in IBM Cloud Kubernetes Service.


Course Instructors

Lin Sun

Lin Sun

STSM and Master Inventor, Istio

Nilesh Patel

Nilesh Patel

Offering Manager for IBM Cloud Kubernetes Service and Istio

Etai Lev-Ran

Etai Lev-Ran

IBM Microservices Development

Frank Budinsky

Frank Budinsky

Cloud Foundation Services CTO Team, IBM Watson and Cloud Platform

Greg Hanson

Greg Hanson

Software Engineer - Cloud System Software Scalibilty and Performance

Course Staff

Michelle Carey

Michelle Carey

IBM Courseware Developer

Frequently Asked Questions

What web browser should I use?

The Open edX platform works best with current versions of Chrome, Firefox or Safari, or with Internet Explorer version 9 and above.

See our list of supported browsers for the most up-to-date information.

Digital Developer Conference: Hybrid Cloud. On Sep 22 & 24, start your journey to OpenShift certification.Register for free