As part of this exam, you should be able to perform these tasks:
-
- Understand and work with Red Hat Openshift Service Mesh Custom Resources
- Deploy and configure applications on Service Mesh:
- Install sidecar manually in pod applications
- Automatic sidecar injection using annotations
- Understand the configuration of network policies (Mesh members, external services, etc.)
- Work with request routing and traffic management.
- Be able to configure static and dynamic request routing to different versions of an application
- Understand the deployment/release pattern strategies that Red Hat OpenShift Service Mesh® can help with, providing more complex operational functionality, including A/B testing and canary releases
- Configure and manage advanced routing techniques to control the flow and API calls between services
- Traffic shifting migration within the mesh producing between different services A/B testing, canary rollouts, and staged rollouts with percentage-based traffic splits, and dark launches for a selective group of users
- Take profit of the traffic mirroring capabilities to bring changes to the microservices. Be able to produce shadowing launches copying the live traffic
- Send the inbound and outbound traffic from and to the mesh, managing the ingress and egress traffic control policies
- Define and control gateway entry points into the mess for the incoming traffic allowing pass requests through the services
- Enable controlled access to external publicly accessible services from within the istio cluster
- Be able to configure the network resilience and the fault tolerance dynamically at runtime to ensure the failing nodes and prevent localized failures from cascading
- Control the waiting time for replies defining timeouts
- Enhance service availability specifying the number of request attempts with retry strategies
- Limit for calls within a service and prevent access to an overloaded or failing host applying a circuit breaker mechanism
- Specify the connection and ejection pool policies configuring the load balancing destination rules
- Work and configure Service Mesh policy checks
- Define enforcement features through policies, configure local and global rate limiting, and define access quotas
- Enable and configure the authorization for denial and allow policies applied to a workload
- Understand and configure the workload-to-workload communication using the implemented architecture for authentication and authorization security in Service Mesh
- Provide service-to-service communication with secure naming authorization
- Tunnel the service-to-service communication using mutual TLS communication.
- Map the identity of the service name with secure naming
- Define peer authentication policies to enforce the mutual TLS mode
- Define the required end-user authentication policy check. Define and configure access authorization rules for service and end-user to workload communications
- Understand and work with the fault injection mechanisms to introduce errors and chaos testing into the system to test the failure recovery capacity of the applications
- Inject timing failures producing delays to mimic increased network latency or overloaded services
- Produce crash failures with error response injections and TCP connection failures
