 Hello and welcome. My name is Ethan Suez. This is the CNCF on-demand webinar about the STO certification exam. Let's get started. My name is Ethan Suez. I work at a company by the name of Tetrate and the title of this talk again is about the STO certification exam, something that I was involved in helping bring about and so I'd like to give you an overview of that. So let's begin with just a simple question. I'm curious if you if you knew first of all that STO of course is a an open-source service mesh a project that was donated to the CNCF and It is today a graduated CNCF project. Did you know that not only is the STO project a graduated CNCF project? But that the CNCF also now has a formal certification exam for STO, and that's the subject of our talk So that exam is called the STO certified associate abbreviated or the acronym is the ICA and Personally to me taking the ICA exam is a natural next step in one certification journey So if you for example are already a Kubernetes professional and you maybe you're a developer and you've already certified and gotten a C CAD exam or platform operator or administrator who took the CKA You might consider as a next step looking at the service mesh Certification specifically the STO one ICA All right. So what are we gonna do in this talk? We're gonna obviously the focus is this ICA exam We're gonna take a look at that exam but the main objective is not to Not to teach you STO there's a far too little time in the Space that we have to do that but rather to put the certification exam on your radar and to tell you enough about it for you to be Educated enough to make a decision. That's something that you want to pursue and and then how to go about preparing This is really what we're going to cover. So it's not to teach you STO that will cover The resources that you need to that you can sort of lean on to prepare And so in that respect this talk is more of a meta talk. It's about this certification exam. It's not going to teach you STO All right, so what are we going to discuss more specifically? We're going to start with a little bit of the background history and answer the question How did this exam sort of come to be come about? It was contributed to the CNCF by my employer by tetrate and and I'm going to start by Asking a fairly high-level question, but I think an important one to pose is on the merits of certifications in general and From there, we're going to go straight into looking at the general information about the exam itself and And then we'll proceed to look at what are some of the logistics that you need to be aware of and some of the information again about the exam and then we We delve into the exact topics the domains and competencies as it's called that are covered in the exam So, you know exactly what topics what domains are essentially Things that you will encounter when you take the exam how to prepare for the exam we'll talk about the exam environment itself what it looks like and And then I've assembled a list of learning resources that I'm going to go over with you So that you know essentially where to go to to prepare or maybe I'll give you a strategy for We're learning Istio and preparing for the exam and and that involves breaking down the Istio reference documentation website And I will close with some tips and strategies for acing these them All right, so let's begin with the background in history The Announcement of this certification it was a fairly recent recent thing it happened I think in late September, but the exam wasn't available until November and you can look at some of the blogs that were Sort of published to announce the Istio certified associate exam This was the Linux foundations blog and my company that's right likewise also Blogged about our contribution of the certification exam to the CNCF And I will I'll make sure to share all of these links with you as well So there was an announcement, but how did it come to be what's interesting is that? It started long before it's already a couple years before Tetrate itself being a service mesh company having vested interest and contributing making active contributions to open source project on the CNCF including envoy and Istio Dedicated itself to Using a certification exam. It was originally called the sea at which stood for the certified Istio administrator by tetrate and essentially a number of events took place in the sort of natural evolution of the project I remember vividly it was I think in Istio con 2022 when I think it was Google or Eric Brewer that announced That the project would be donated to the CNCF and and it took several months or maybe a year until the project itself actually graduated and So at that point it became clear that you know if Istio itself is going to be a graduated CNCF project It only made sense for the there to exist a certification exam for Istio That also was sort of an industry standard and so we by we I mean my company and myself initiated talks with With the Linux foundation to contribute the exam and we went through a review process Where the members of the Istio project committee were involved and they reviewed the exam and made Suggestions feedback. They wanted to see certain changes and we went through a few cycles of essentially making changes in improvement until we reached a steady state and the exam was ready to sort of Ready to go so this culminated in the exam going live in November of 2023 So here we are just a couple of months later, but that we I've never really had a chance to really Sit down and properly give you a complete sort of overview of the exam. So here here we are and and that this is actually of a quite timely because you know Cube con EU is just around the corner is just maybe a week or so away And so I think this is a good time to do that So let's begin at a very high level with a general question on the merits of certification exams because that's that seems to be something that you have a variety of opinions about a lot of different people have different Things to say about about these things that maybe they're superfluous or maybe they're not representative of Sort of the challenges of a role of a software engineer in a particular context or what have you and that perhaps I think was more true several years ago Before sort of the advent of this sort of performance based exam, which I think became rather clear with with Kubernetes as Kubernetes sort of came to be and One of the sort of ancillary efforts with with the technology was the creation of a certification exam That was taken very seriously and it was designed to be performance based and by performance based What we mean is essentially you are presented with challenges that you have to solve in a particular Amount of time Which is much more representative of the types of things you would do in in your role as a software engineer and so It it worked better and it became a we all know that it was quite successful The certification exams was so it's something that a large number of members of the sort of tech community Decided to approach and to challenge themselves and take and and it had beneficial side effects, which I love right? It was effective and in almost building community around the popular open-source technology Everyone felt maybe inclusive everyone felt that they were sort of gone through the same sort of pains to achieve Certification we know there are a number of different types. There's a CKA and CCAD and CKS and others besides And so it also maybe served to break down certain silos between organizations or what have you which was a good thing Um We can think of certification also as a forcing function to learning new technology now This can be taken perhaps a little bit too far, but I like the idea in general So we we don't want to go so far as to get to what I like to call an anti pattern Right this where we might consider taking a certification exam for the sake of getting that badge Sometimes that can be luring, but it's got to be of course relevant to the work that we do and And the other thing to say is that maybe we shouldn't start with certification right certification is more of a rubber stamp after the fact Right so assuming we've had in our job in our role opportunities to build practical experience with the technology It might be a natural next step to opt to proceed and take a certification exam So that to me is sort of the right approach. You want to sort of lean on your experience Rather than, you know, try to cram and treat this like maybe a final exam in college or what have you're in school All right, so let's let's take a look at this is to certified associate And asked answers questions about it. Who's it for what is the exam format? We can go and actually visit the landing page. There it is. It's your certified associate the ICA There's that badge you can see all kinds of information about it But the what really jumps out that you at first is are these three boxes here? Which try to answer some of the main questions that someone might have when they're first looking at this landing page? Who is this exam for? What is this certification about and What does it demonstrate and the answers there are that the ICA is a certification design for engineers So that's a very very broad statement where it doesn't specify what type of engineers see ICD practitioners So I like that practitioners, but I'm not sure exactly what To me see ICD and automation are sort of obviously very important things But maybe orthogonal to the concepts of service mesh Or anyone with special interest in Istio. So that's that's a good catch-all phrase I like that very much and there are many reasons why you might have special interest in Istio as a developer as a platform operator as Someone on an engineering team who wants to maybe solve a real problem in the organization About the exam the ICA will confirm Foundational knowledge of Istio principles terminology best practices and demonstrate ability to set up and configure Istio So that's all very very good. The what it demonstrates is what every certification exam in my mind Demonstrate that's a solid understanding of the principles of the technology in question in this case. It's Istio and And that's all well and good And there's more information here the domains and competencies are listed We'll take a very close look at that in a moment and there's some documents here that are very important to sort of peruse and read through Such as FAQ or the candidate handbook which answer a variety of questions, which we'll get to in turn So I mentioned the exam is a performance based exam. That means it's hands-on. It's not the multiple choice exam you're actually challenged you have to solve very specific problems your given tasks that you have to sort of implement You might have troubleshooting questions as well. It's very similar in that sense to the Kubernetes certifications Okay, so the it's interesting to also point out that it's a sort of collection of cloud native certifications is emerging And I like to think of the Kubernetes certifications as being sort of a foundation because many of these cloud native technologies build on Kubernetes so they see the landing page here for the cloud native certifications Includes the CK a the CCAD and so on but there you'll see the for example if you're specializing in observability Prometheus certified associated is another certification that you can take the Istio certified associated mentioned here and their additional ones And I suspect this list will grow over time And so I guess the only comment that I have in that regard is the fact that there there is sort of a specialization then from Kubernetes to something else like for example, Mithias in terms of a certification track and as far as The ICA itself along sort of that that sort of Branch of evolution, which I'm imagining in my head right now The ICA is in Istio I consider as an extension of Kubernetes and so it sort of makes sense to sort of do things in that order I'd get the Kubernetes certification first and Istio one subsequently Now if we look at this page, there is a section on prerequisites Somewhere down here. There we are Requisites and I was a little surprised when I first noticed that it said there are no prerequisites for this exam And that basically means I suspect that you don't really need to have say the CCAD or any of the Kubernetes Certifications in order to present yourself for for this certification exam But you should know that Istio obviously is an extension of Kubernetes that you're going to use Cube Godel a plenty so to speak as you take the exam And so an understanding of Kubernetes knowledge of Kubernetes and how to use that platform is indeed a prerequisite To to working with Istio and so that maybe goes without saying but I like to be explicit when I can All right, so a little bit of sort of information about this this exam. It's a two-hour duration Examination it costs $250 How to enroll is rather rather simple. There's a really big button here that you know, you can sort of essentially what Drill down into and fill out the form you need to obviously have a Linux foundation profile and And off you go Take for the the exam and what what does that give you that gives you a time window of 12 months in which you can schedule and take the exam a Passing score is 75% Which you know, I'd like to compare that to something else I know about I recall when I took the CCAD exam, I'm sure it's changed by now But back in the day it was I think a 66% with the passing score So two out of three questions right got you the certificate here It seems like a slightly higher hurdle three out of four. There's something to be mindful of But the saving grace there of course is like many other certification exams You get a free retake if you don't sit on the first try It's definitely challenging and So I you know as my personally recommend that you take the challenge very seriously you study for it and Try as much as possible to be so ready that there's no doubt that you'll pass it on the first try All right, many of these details you'll find on the FAQ which I mentioned is at the bottom of this page There is a an ICA frequently asked question link that you can sort of click on and will take you to to the document That answers a variety of questions Including the ones the answers to which are listed here on this page So let's move over to really the meat of it, which is you know what domains and competencies that you tested on right? And if you if you're already familiar with service mesh, which you should be if you're considering taking the exam You should have some some practical experience not with everything, but at least with some part of Istio Are these five main sections installation upgrade and configuration? traffic management resilience and fault injection security and Advanced scenarios And it's interesting to see the breakdown. It's not surprising actually traffic management is definitely one of those sort of major Capabilities associated with service management one of the main things we unlock the ability to do canary upgrades of our Applications is simplified through the traffic management capabilities in service mention Istio But there is you know, it's a single exam It's not that we don't have like you know an Istio administrator Istio developer, but you should know that Istio is a platform Harm has many associated personas, right? There are developers who deploy their workloads to the mesh and there are operators who install and configure and manage the The platform and that includes Istio and the mesh and they monitor the mesh and the developers monitor their apps running on the mesh So there are definitely multiple roles or security professionals involved with as a single exam And so that exam is going to include All facets of all three, right? There is administration installation and upgrade which is more of an operator task There is traffic management, which might be primarily a developer task but not exclusively so and You know securing workloads may be something a security professional might have more interest in So so it's all there Let's talk about the How this all breaks down now before we we get there You you may be asking the question, you know, what about the Kubernetes Gateway API? So if you're following the technology, you know what the Kubernetes Gateway API is the Kubernetes It's it's essentially an effort to create a sort of a new specification for configuring ingress which might Maybe ultimately be sort of the one to rule them all so to speak Maybe a unified de facto standard across multiple technologies on how to configure ingress routing and other Passets of traffic management. So you see here the main custom resources involved in the Kubernetes Gateway API And the reason I mentioned that is of course Istio today The ports both it's sort of original configuration of gateways and and and routing through a virtual service and this nation rule Whereas but it also supports this new gateway API. So the question is is it actually Going to be on the exam and is ambient mesh going to be covered, right? That's another good question And the answer is not in the current version of the exam So the current version of the exam it covers what I like to think of as sort of the traditional Istio, you know the sidecar based approach with the the original APIs and the custom resources which are by no means deprecated They are going to continue to be supported for a very long time to come but it's inevitable that ultimately Those features will be added to the certification exam in the future I personally am not involved in the sort of future planning of How the the exam will evolve and so I cannot give you a concrete date and when this actually will happen But of course, it'll have to happen in lockstep with the maturation of of these new features and maybe others besides Right, so let's talk about this the first Domain or competency Istio installation upgrade and configuration under each one as You know if you looked on again back on this page You can expand all of these and I want to take a closer look at each of the specific items Mentioned under each category So the first one we're told using the Istio CLI to install a basic cluster And so that's definitely something you should know if something is cited explicitly You can sort of bet that it's going to be on the exam But that's not the converse is not necessarily true, right? There may be things on the exam which are not mentioned explicitly in this little sort of brief list of things you should know how to do So if we think about installation with Istio, you can install Istio on Kubernetes with The Istio cuddle CLI you can also do so with helmet So you should not do it both ways and you should know also how to upgrade right not just not just install We're told more specifically Customizing the Istio installation with the Istio operator API and so that's important and that can get you know If you're not familiar with that process a little overwhelming and that there's a lot of different things that can be configured So you should definitely familiarize yourself with the concept of this Istio operator API. That's the custom resource It has nothing to do with the operator per se There's no operator involved, but it's the custom resource that defines exactly the mesh Configuration and all of the components of Istio that you wish to install and what you want to configure Maybe you don't want to include an egress gateway only an English gateway or things of that nature or customize the resource requests or resource limits that maybe the Istio control plane is it's going to be Configured with so those are the things you need to know that third bullet item seems to me almost like a maybe a slight repetition Using overlays to manage Istio component settings You still do that with Istio operator API, so you need to know how to do that You know, you maybe asked something along the lines of install Istio on this Kubernetes cluster using a particular profile, but with some exceptions and so you need to know how to Craft a manifest that will define exactly the configuration you're asked to produce and then apply that as you install your Kubernetes cluster that your Istio service mesh on top of your All right, so I mentioned already the traffic management is really the sort of the The largest fraction in terms of weight that you know, you're the majority of questions Well, not majority but 40% of the questions are going to pertain to traffic management That's going to include of course first and foremost controlling network traffic flows within the service mesh You need to know how to do that. How do you configure routing? To maybe versions of services on specific conditions Maybe there are header matches things of that nature you need to be familiar with all of that That's that's really sort of front-end center for Istio You need to know and that perhaps goes without say, how do you configure sidecar injection? But when you think about that problem, there's There's multiple parts to it, right? There's manual Sidecar injection you need to know how that works Istio Cuddle Cuban Jack commands for example and then automated sidecar injection and within that Sort of area. There are different ways of doing that, right? You can define it at namespace level You need to know those conventions But you may also need to be familiar with how do you configure a single workload to Specify that it wants a sidecar injected there are specific labels that can be performed at the resolution of a single workload So you need to know that as well Using the gateway resource to configure ingress and egress traffic So of course configuring ingress and egress. It's part of traffic management. So you definitely need to know that There's lots of sort of knobs that you can configure when you configure a gateway what protocol what ports and other concerns Understanding how to use a service entry resource for adding entries to the service registry And that I what comes to mind there are multiple different use cases there but one that's From the center in my mind is when you define egress traffic You typically are also identifying some mesh external service through service entry. So you need to know how that works Need to define how to define traffic policies using a destination rule for this nationals again one of the primary Custom resources that Istio provides for defining traffic policy load balancing algorithms And other facets of traffic policy can be configured through that resource So you need to familiarize yourself with that And there's also never There's never an end to the list of things you need to know traffic mirroring is another Passet of traffic management. So you need to know how that works as well All right, so it's somewhat related to traffic management is resilience and fault injection You know, those are things such as Configuring circuit breakers and so you need to familiarize yourself with how that works There are different ways of you know, you can figure it with or without the concept of outlier detection This idea of quarantining a workload when when it errors for a period of time There's an ejection time thing so you need to familiarize yourself with that how you can figure that and other resilience features besides maybe simpler things like retries and timeouts and And I'm sure that list is not Exhausted so so definitely look at the resilience section in the documentation Part of resilience is testing your your system under different adverse conditions such as when there are errors or faults And you can inject faults with by programming those sidecars through Istio You need to familiarize yourself with how you can figure fault injection and that includes not just faults, but also delays In specific resources. So these sidecars can be Programs to introduce a an artificial delay for the sake of testing if the whole system Sort of how it behaves under adverse conditions Ah Security of course is a big topic That's a very important fan set of service mesh Perhaps the most important ones a lot of enterprises are adopting service mesh primarily for for security for zero trust So you need to understand the concepts and also how to apply them. So what you need to know under that sort of topic is Many of the Istio security features what comes to mind front and center is workload identity right peer authentication But there's also request authentication user identity and on top of those authentication mechanisms are Authorization policies you need to know how to configure authorization policies for traffic HCP or TCP traffic You need to know how to configure mutual TLS in your mesh or and at different scopes of resolution and that's another thing that maybe that so far we haven't mentioned this Concept that in Istio many of the things you can figure many of these policies, but the traffic policies or security policies Can be applied mesh wide they can be applied only within a namespace or you can use the concept of a workload selector to actually define The scope of application of that policy and so you need to familiarize yourself with the concept of workload selector It features in multiple places And then finally advanced scenarios is Essentially a variety of niche topics such as the one shown here how to on board non-cubinage Workloads on to the mesh you need to be familiar with with what that's all about You need to be familiar with the workload entry and workload group resource and and other aspects of this procedure Although I suspect that in two hours and given that this is 13 percent of The weight for the exam that actually onboarding a VM is probably you can safely think is going to be our scope But you need to also you may be asked ask That is a subset of the full of the full challenge So so do not ignore that And then I think the one that comes to mind the most importantly about under advanced scenarios are situations where you have to Troubleshoot something that's not working properly So imagine a scenario where you're told that in some namespace there are maybe some workloads There are supposed to be running that are not running or maybe they're running correctly Something is wrong and you have to sort of find out why so that means you do need to understand How do you diagnose how do you inspect how do you interrogate a system? Using the cube cut will see a lie the issue cut will see a lie to determine the current state of the system And then to get to the bottom of the issue and then figure out how to resolve the issue All right, let's turn our attention to how to prepare Now this When I drafted this I asked myself the question is is that too obvious, you know I guess we each have you know a particular strategy and none of them are wrong. This is just a suggestion It's not something you should do in my mind. I would begin by Of course using the topics that we just Looked at as sort of a list a laundry list of things that we need to know right and so we need we can use that as a way of baselining our competency identifying which Areas we're barely Comfortable with or familiar with which areas where they may be gaps where we don't know much about that area And and then to proceed to methodically methodically learn each each topic or each domain And that implies visiting every topic in the documentation and making sure we understand the concepts But also build experience with each and that means working through how to write specific tasks in the documentation will help you with that And again, I like to stress. Don't just read do explorations proactive exploration So you stand up a cluster you install this to you install this to you in different ways figure out, you know The different commands of these to CLI that might support You know, maybe a generating a manifest on your behalf perhaps things of that nature Be familiarize yourself with the contents of the issue distribution. There's a lot of things you can do there And then finally interacts with the community that you know studying is to also means getting on the slack channel and asking questions There and getting to know people All right about the examined environment, you know imagine, you know besides, you know, the parts that are more Administrative such as you know signing up scheduling Showing up getting a good night's sleepy the night before and going through the whole proctoring process You know, the number of rules you can't have you can't have much information on your desk You need to show the proctor that you have essentially a clean working area To ensure that you're doing this fair and square but once you're given access to the environment what you're sort of Encounter there is essentially an operating system a virtual machine that you're accessing through probably through a web browser it's going to be a the boon to operating system so be familiar with Linux and Cube Kotlin is to your car. We're going to be pre-installed There will be on the file system a copy of the Istio distribution currently the current version of the exam is running Istio version 118 which is not too dated. I think that was released in the fall of 2023 And you're given a choice of two editors primarily Vim and VS code so we pick your poison there in terms of which one you prefer and You are Instructed for each challenge to perform your work in a specific Kubernetes context and so that's important You need to be aware, you know, that you select the right context before you begin your work I mean if you make an error there that could be rather costly, right because the the solution will not be in the correct environment All right a very important point It's an open book exam just like the Kubernetes certifications That means you have access to the Istio reference documentation while you're taking the exam and that's crucial that makes There are a number of implication From this decision It means you don't have to memorize all that YAML and I don't think you should ever Have to memorize that YAML but that means it also means that you should be familiar with the different custom resources Know which custom resource you need to apply Generally have an understanding of the types of things you figure with each custom resource Those things are things you should know in advance become familiar with and get really comfortable with that It means you need to know where to find information and how to quickly look that up because again remember in two hours You may be confronted with I don't know exactly how many challenges But I'm sure it's going to be testing your ability to complete all the challenges in a limited amount of time All right, let's turn our attention to learning resources I'm going to close a couple of these tabs if you don't mind and First and foremost the Istio reference documentation It should be your main reference for preparing and everything you should need to know should be there This is the Istio reference documentation. We'll we'll go through it in detail in just a little bit In addition to the Istio reference Documentation a good way to start maybe with Istio fundamentals Which is a course that we offer of we by we I mean tetrate on our Academy portal on the trade Academy you will find This Istio fundamentals course. It's a great course. It's by no means The only resource you should consult if you want to pass the certification exam, but it's a great way to sort of ramp up And then there are workshops that we we publish so the Istio zero the 60 workshop is a popular one Here is the sort of the the landing page what it looks like in a variety of of labs such as installing Istio learning about sidecar injection service discovery and Deploying applications to your mesh configuring ingress and so on so a lot a lot of good stuff in there as well And that workshop is also available in an environment called killer Coda If you're familiar with killer Coda the advantage there is you don't have to stand up your own Kubernetes cluster in order to To start playing with the technology it's all sort of built in behind the scenes in the browser here You can see this Istio zero the 60 workshop is essentially being provisioned in real time for me in in my browser and so I just follow through the instructions and I can Run commands and and this is my shell and I can do work here. This is great What else there's also a recording of Myself and a colleague running through the Istio zero the 60 workshop on Tetris Academy And so you can essentially go there and go to the on-demand workshop section and under there You will find a recording of running through the entire workshop. So that's that's also a resource that I recommend And there are more learning resources. There is a Linux Foundation course on edX. It's called introduction to Istio It looks something like this and this is substantial. There's a lot that this course covers As you can see here. It actually is estimated. There's a 10 week self-paced course. It's free and so I highly recommend it This is again something that myself and and my colleague Peter Sort of put together a little over a year ago, but still very relevant for the certification exam There is of course the book I like to think of multiple different media different ways of learning So if you prefer books of the Istio in action book from Manning by Christian Pasta is It's definitely an excellent one. It's again, you know books Don't don't get updated as often as maybe digital media, but it's still a very good one in my opinion And and there's plenty of content in video format on YouTube For example, that trade has published in the past a couple of series one called Istio weekly Techbox is another one. Those are YouTube playlists that you can visit just to give you a little flavor of what they look like Here's the Techbox and different episodes that took place largely in 2022, but still largely relevant On on Istio another topic. So not all these episodes apply, but but many of them might actually help you And the same goes for the Istio weekly playlist that you see here a variety of episodes that you can that's centered on Istio that you can review on your own time All right The one that I like to call out which I think is most important because it's an open book exam And this is the website you will have access to while you're taking the exam And so the Istio documentation website, let's break it down Let's cover how the content is organized where to find information how to navigate the site Where to find examples that can serve as templates or starting points for a challenge on the exam And then how to look up the reference information for a custom resource, right? If you want to find out what the name of a particular field is that's very important need to be able to to look that up very quickly and use it as a reference for Configuring maybe the installation of Istio and other other search matters So let's let's jump over here real quick and again many of these are in self-explanatory So I'm not gonna spend too much time here Obviously there's a section on concepts here which explained the talk about the different facets of service mesh that you know In terms of observability security extensibility and traffic management it's interesting the play between Reading which is a passive activity largely and exploring which is not a activity But they complement one another oftentimes you start with the concepts But then you put it on hold and then you try something out And then you go back to the concepts and lo and behold something that starts to make more sense now because you have some Some practical experience with it as well So the practical tasks you'll find under setup and under that now setup scopes It's sort of its jurisdiction is really the installation is there's a getting started lab That's probably where you want to start if you've never really played with Istio before How do you install Istio on different Kubernetes clusters? So there are different recipes here for a variety of different target Kubernetes clusters and and You can see here also Installation related topics and upgrade related topics. So installing with a coc line installing with helm Installing multi cluster. That's probably something that's out of scope for the certification exam So that's where you'll find a lot of that information and then upgrades canary upgrades versus in-place upgrades You should understand the difference and and know how to perform each one and there are additional guides here a lot of Information is buried under this site. So you need to take spend time with it now many of the how-to's are Are performed in the context of a deployed application So the sample the canonical sample application for Istio is oftentimes is one called book info here So it's worthwhile spending some time to familiarize yourself with this book info application It's a polyglot, you know sort of for microservices and And then the tasks section is where you'll find a variety quite a variety of how-to's in each category So how do you route requests? How do you do fault injection? We talked about in traffic mirroring circuit breaking It's all there for you to sort of spend time with and discover that definitely Workthrough as many of these how-to's that are correspond to the list from the list of domains and competencies listed on the exam There are other concepts Ingress of course the egress are very important ones and you should cover those as well in a different configuration modes I'd ingress gateways with Your gateways or insecure gateways depending, you know different protocols TLS or mutual TLS Familiarize yourself with that and egress is also equally important. You can bet that both will be included on the exam And then again, there are tasks that you can perform that pertain to security So those will all be under each corresponding section And then finally under here there are two more sections one is in operations a Section related dedicated specifically to a different types of operations tasks And so and this is a not necessarily how-to's they could be more conceptual like the architecture article here And then at the very bottom is the reference So if you want to learn how to configure things and different types of custom resources for example a destination rule You'll find it here, but my main advice is while you're taking the exam and you're maybe instructed to Create a destination rule or what have you The easiest way to get to that resource is through the search bar and The old I mean the easiest the fastest way right so for example, if you're told create a virtual service The first thing you want to do is maybe go and visit the virtual service reference page and it's typically the you know the first result and the search results and And as you should know the format how these pages are organized typically There's going to be a description of the resource and what it's responsible for types of things you can figure And then it's followed by examples But below the examples and you'll have a full Description of all of the fields that make up that custom resource and that's sort of a you know nested data structure So you need to be familiar with how to sort of navigate that as well How to configure the different fields, you know the HTTP listeners or HTTP routes in this case I'm looking at a virtual service not a gateway And then you can also navigate through that through Through the sort of the outline here table of contents on the right-hand side So if you want to configure retries here's an example if you're told in the exam that you need to configure retries This might be a good starting point. You can click on this sort of copy Hover over here and click on copy and then you'll be able to paste that in to maybe a file in your text editor And and then make the appropriate modifications As stipulated by the the task in question that you're sort of confronting while you're taking the exam All right, let's talk about some tips and test-taking strategies. So And these teams How we would say that these seem like they're It goes without saying that you should pay attention to the instructions But that's I say this from my own personal experience I sometimes overlook a detail or something I'm supposed to do and then that lands me in hot water So it's easy to make a mistake. That's the point. I'm trying to make here It's not a bad thing to reread the instructions. Maybe And not just at the beginning maybe after you completed the challenge to make sure that you've actually done it Right practice practice is really the to me The oil that lubricates that makes everything work quite you'll get better at things things will become second nature You will have internalized certain concepts and you won't have to you won't be struggling as much Especially when you're taking the exam, you know, the one you want to enter the exam at a point where you're already familiar with these concepts And as you identify What you're asked to do you automatically your mind automatically maps it to something you've done before you know Exactly where to go to find your sort of starting point and know exactly how to proceed though practice is very important You'll get better and faster over time Look for ways of doing things that take less time. So over time you want to get better and faster again The reason I say faster again This is one of those contrived things in a certification exam that maybe on the job You know, you're not under a time pressure, but Well, you're taking the exam you definitely are and so you want to look for ways of doing things expediently and ways of doing things that reduce the chances of making mistakes for example leveraging command completion to Avoid making a typo when you're entering the name of a flag For example, or you think you remember the name of the flag correctly But it wasn't so and the command completion can actually tell you what the actual spelling of that particular flag name is so that's that's pretty important There's a gotchas category here. Well, you know, obviously I mentioned time pressure. It's a race against the clock You know, if the more challenging the faster you go, obviously, you don't want to go too fast. You want to check your work But that means the more time you have left over to go back and review the work that you've done Right and to make sure you didn't make a mistake somewhere So have a strategy obviously that the one big thing that we typically call out for any certification exam is don't spend too much time On any one question you should know in advance like probably says in the handbook How many roughly how many questions or challenges you you'll be faced with and so you can maybe make a calculation How much time you want to dedicate to each challenge and and be mindful of how much time you've spent So if you're for some reason taken along a wrong turn and you find yourself stuck Maybe put that challenge on hold and go to the next one. That's not a bad thing to do avoid careless mistakes and the way to do that is to have a checklist almost like you know Pilots have to make sure that they followed all the procedure that they didn't forget to, you know, switch some crucial knob or something Before they take off. So a checklist is good a recipe an algorithm. That's just another term for the same thing Review each question check that all tasks were performed. That's happened to me more than once I've you know, sort of I know this question I start working on it But I didn't realize there was a second part to it that I completely ignored and so I got 50% credit For example, you don't want that to happen to you check You didn't overlook anything that you didn't misspell something if you're told to create a resource named XYZ one two three Make sure it's named that and that there are no miss things that are misspelled The grading is probably going to look for the resource by that name. And if it doesn't find one, you might actually not get any points. That's not good Make sure that you dig your work against the right Kubernetes context or in the right namespace that could be really costly, right if you If you did all of this work in the wrong namespace and then you get zero points for it that you don't want that to happen Nobody likes that situation A little bit more advice And this is a good good news is you get partial grading, right? So the imagine a task for example that asks you to create a Some kind of a custom resource to configure routing in your mesh, right? It may be in virtual service come back over here. Maybe we look at one of these Maybe we have to configure multiple things like retries and timeouts or so What the good news here is when when you submit this resource when you apply to your company's cluster there are multiple things that Sort of the the system is going to check for that you created the resource that you configured Retries and then that you configured the right number of attempts perhaps or the right that you reference the right subset And each one of those has a weight, right? So if you got five of these seven things correct, you're going to get partial credit You're gonna get five out of seven You're not gonna get zero and that's that's a good thing to know about so again You want to make sure that you've answered all the questions that you've filled in the blanks correctly Everything is is accounted for and then you'll get the full credit and then Again, this is another thing that maybe goes without say but know your environment your working environment This is gonna be on a boom to machine be comfortable with your editor be comfortable with the the bash shell Be comfortable with cube cuddle with Istio cuddle Istio cuddle specifically has a lot of different It's like a Swiss army knife lots of different commands and some of them that maybe you don't need to use But if you're aware of them could actually save you a lot of time and so You know like one that comes to mind for example is Istio cuddle profile dump which will dump the full configuration for a particular Istio profile That could actually be useful for installation Maybe you want to you can use that as a starting point instead of drafting an Istio operator YAML file from scratch or Another one is the one I mentioned here the Istio cuddle X describe command which can essentially give the job of Sort of inspecting the configuration of your mesh to the Istio CLI and to report on the results as the means of Verifying that you've actually done your work correctly So you don't stop at submitting your custom resource to Kubernetes the cube cuddle apply run the Istio cuddle describe command And that will tell you whether routing is configured correctly You know maybe 50% to subset B1 and another 50% to subset B2 So that's that's another piece of advice I have for you know your editor. Well know how to work with YAML You know indentation can can really Not be your friend So again practice makes perfect spending more and more time with these types of resources knowing how to edit them efficiently Using the editor of choice the one that you're comfortable with is going to go a long way to Making your task a pleasure rather than torment. All right, so that's a lot of information. I've thrown at you I hope that you find this useful. I'd like to close by mentioning that coupon EU in Paris is upon us It's just you know, maybe a couple weeks away or less. We can actually go and visit the portal We'll know exactly if you're watching this on March 14th Yeah, the the conference is March 19th through the 22nd You can explore the schedule and my advice is look on the schedule for resources or resources sessions rather That have to do with learning right learning the different technologies that you're interested in You know, I'm specifically a preoccupied with service mesh, but you know anything that obviously is going to help you Make sort of your enterprise environment Better is is definitely on should be on the menu I'd like to call out that was told that there's going to be a cloud native learning lounge at the conference You can look for it on the conference schedule. I'm told that they're going to be subject matter experts in different cloud native Assets of cloud native or different project that you can consult with whether they're you know get help with training and certification So there might be and ask me anything session on the ICA exam So that's something that's maybe a propo and relevant that you might want to look for and and and mark for your schedule All right, and with that, let's conclude this webinar I hope that you know I have a full of an understanding of the ICA the Istio certified associate exam and that I've wedded your appetite in terms of making you maybe wants to Sort of complete your your training with service meshes and then at some point Enroll and take the certification exam So thank you for your time, and we'll see you maybe in the future webinar. Bye