As code gets signed off by a developer, it goes to the infrastructure teams that deploy it in the dev/test environment and then validate it via a number of tests. The developer’s skill set usually doesn’t include knowledge of Kubernetes, service mesh parameters, or Ingress gateways. Beyond knowledge, there is usually enterprise grade separation of roles: the developer shouldn’t have access to the network configuration, unnecessary monitoring tools, and certainly not security objects such as certificates.
The Istio service mesh comes with its own ingress, but we see customers with requirements to use a non-Istio ingress all the time. Previously, we’ve covered integrating NGINX with Istio. Recently we’ve been working with customers that are using Traefik ingress. With some slight adjustments to the approach we suggested previously, we at Tetrate learned how to implement Traefik as the ingress gateway to your Istio Service Mesh. This article will show you how.
September 29, 2020 — The Envoy Product Security Team (PST) announced the availability of a security fix and a series of patches for Envoy versions 1.12,1.13, 1.14 and 1.15 to address two high-risk vulnerabilities related to header values and HTTP URL paths. In response to CVE-2020-25017. Additionally the Istio community recommends users to upgrade to 1.6.11+ for 1.6.x deployments or 1.7.3 or later for 1.7.x deployments.