Enterprises are increasing their investments in digital transformation and in hiring the right talent to accelerate the journey. According to the 2020 open source jobs report from Linux Foundation, 52% of hiring managers are more likely to hire someone with a certification, up from 47% two years ago. Not so surprisingly, 93% of hiring managers report difficulty finding sufficient talent. Tetrate today announced the public availability of its exam for Certified Istio Administrator by Tetrate (CIAT) that evaluates skill, knowledge, and ability to perform Istio service mesh installation and configuration as well as configure traffic management, resilience and fault injection, and use security features of the Istio service mesh. This follows the February launch of the free training and certification course on Istio Fundamentals. Over 600 IT professionals have taken the training since then.
Service mesh architecture provides a rich set of features for controlling and securing communications among services. Encryption in transit is a feature that will be critical for financial institutions and other industries working within regulatory frameworks, including PCI, HIPAA, and others.
New tooling is now available to make it easier for developers to create custom extensions for the Envoy proxy.
In this interview (also available as a Make it Mesh podcast), Tetrate Engineer Yaroslav Skopets, an Envoy contributor and GetEnvoy maintainer, explains how WebAssembly (Wasm) makes Envoy extensibility more accessible, and how developers can quickly get started with Tetrate’s open source GetEnvoy extensibility toolkit.
September 29, 2020 — The Envoy Product Security Team (PST) announced the availability of a security fix and a series of patches for Envoy versions 1.12,1.13, 1.14 and 1.15 to address two high-risk vulnerabilities related to header values and HTTP URL paths. In response to CVE-2020-25017. Additionally the Istio community recommends users to upgrade to 1.6.11+ for 1.6.x deployments or 1.7.3 or later for 1.7.x deployments.
Istio founders and contributors Zack Butcher, Sven Mawson, and Liam White discussed all things Istio– covering the latest Istio 1.7 release, what’s to come in 1.8, and practical advice for end users of Istio and the Envoy proxy in Tetrate’s September Istio AMA session.
The release of Istio 1.7 was highly anticipated by the service mesh community and end-users because it addresses a problem that Tetrate was founded to solve: Bringing VMs into the mesh.
Can I use Istio with Other Ingress Proxies?
It’s been a common problem that we’ve been asked to address, and something that pops up frequently. Can I use Istio with other ingress proxies? In a word? Yes.
Users of Istio and Envoy are strongly encouraged to upgrade to Istio 1.4.6 and Envoy 1.13.1 or 1.12.3 to address four newly discovered security vulnerabilities. The Envoy update is also available via GetEnvoy.io.
CVE-2020-8659 (CVSS score 7.5, High): Excessive CPU and/or memory usage when proxying HTTP/1.1 Envoy version 1.13.0 or earlier may consume excessive amounts of memory when proxying HTTP/1.1 requests or responses with many small (e.g., 1 byte) chunks.
The Identity Management & Access Control for Multi-Cloud Conference co-hosted this January by Tetrate and NIST drew 300 attendees to Maryland and and some 600 more participants online. A major takeaway: a Zero Trust Architecture needs service mesh technologies (Istio and Envoy) and Next Generation Access Control (NGAC).
TC Currie sat down with Autotrader UK’s Karl Stoney– a DevOps thought leader– to discuss what led them to Istio.
Karl explains that the main reason for the move had been their wish for transparent, mutual TLS, which they wanted to implement without modification to existing apps. He explains that they understood the best way to do this was using a sidecar model, and began their transformation with the use of Google’s managed Kubernetes offering ‘GKE’ when the conversations then pointed to Istio.