Beyond the Basics: Istio and IBM Cloud Kubernetes Service

Login to enroll
  • Course Number
  • Classes Start
    July 3, 2018
  • Estimated Effort
  • Audience
  • Course Level
  • Language
  • Learning Path
  • Badge Earned
  • Tell Your Friends


Istio is an open platform to connect, secure, and manage a network of microservices, also known as a service mesh, on cloud platforms such as Kubernetes in IBM Cloud Kubernetes Service. With Istio, You can manage network traffic, load balance across microservices, enforce access policies, verify service identity on the service mesh, and more.

In this course, you learn how to install Istio alongside microservices for a simple mock app called Guestbook. When you deploy Guestbook's microservices into an IBM Cloud Kubernetes Service cluster where Istio is installed, you inject the Istio Envoy sidecar proxies in the pods of each microservice.

Note: Some configurations and features of the Istio platform are still under development and are subject to change based on user feedback. Allow a few months for stabilization before you use Istio in production.


  • You will receive a completion certificate.


  • Set up your environment
    • Install command line utilities
    • Deploy the Guestbook app with Istio Proxy
    • Install the Guestbook app with manual sidecar injection
    • Add the Watson Tone Analyzer service
  • Lab 1: Observe service telemetry - metrics and tracing
    • Challenges with microservices
    • Configure Istio to receive telemetry data
    • View guestbook telemetry data
    • Tying spans together
  • Lab 2: Expose the service mesh with the Istio Ingress controller
    • Istio Ingress controller
    • Expose the Guestbook app with Ingress
    • Optional: Set up the Istio Ingress controller to work with the IBM Cloud Container Service
  • Lab 3: Manage traffic
    • Rules to manage traffic
    • Guestbook app
    • Perform A/B testing with Istio
    • Incrementally roll out changes with canary deployments
    • Circuit breakers and destination rules
  • Lab 4: Secure your services
    • Mutual authentication with Transport Layer Security (mTLS)
    • Set up Istio Certificate Authority (CA)
    • Disabling authentication
  • Lab 5: Enforce policies for microservices
    • Service isolation with the denier adapter
    • Create a policy that denies access to services
  • Final exam


You should have a basic understanding of containers, microservices, Istio, and IBM Cloud Kubernetes Service. If you have no experience with those, take the following courses:

  • Getting Started with Containers on IBM Cloud
  • Getting Started with Microservices with Istio and IBM Cloud Kubernetes Service

You must have a Trial, Pay-As-You-Go, or Subscription IBM Cloud account to complete this course.

Use Kubernetes 1.9.x or later because earlier versions might require changes in manifests.

You must have already created a cluster in IBM Cloud Kubernetes Service.


Lin Sun

Lin Sun

STSM and Master Inventor, Istio


Nilesh Patel

Nilesh Patel

Offering Manager for IBM Cloud Kubernetes Service and Istio


Etai Lev-Ran

Etai Lev-Ran

IBM Microservices Development


Frank Budinsky

Frank Budinsky

Cloud Foundation Services CTO Team, IBM Watson and Cloud Platform


Greg Hanson

Greg Hanson

Software Engineer - Cloud System Software Scalibilty and Performance


Michelle Carey

Michelle Carey

IBM Courseware Developer


What web browser should I use?

The Open edX platform works best with current versions of Chrome, Firefox or Safari, or with Internet Explorer version 9 and above.

See our list of supported browsers for the most up-to-date information.