Enterprise-ready Service Mesh Built on Istio, Envoy

Announcements, Istio, Open Source, Service Mesh, Tetrate

Tetrate launches Industry-first exam for Certified Istio Administrator

Enterprises are increasing their investments in digital transformation and in hiring the right talent to accelerate the journey. According to the 2020 open source jobs report from Linux Foundation, 52% of hiring managers are more likely to hire someone with a certification, up from 47% two years ago. Not so surprisingly, 93% of hiring managers report difficulty finding sufficient talent. Tetrate today announced the public availability of its exam for Certified Istio Administrator by Tetrate (CIAT) that evaluates skill, knowledge, and ability to perform Istio service mesh installation and configuration as well as configure traffic management, resilience and fault injection, and use security features of the Istio service mesh. This follows the February launch of the free training and certification course on Istio Fundamentals. Over 600 IT professionals have taken the training since then.

Case studies, Security, Service Mesh, Tetrate, Tetrate Service Bridge

Case Study: How FICO Got Encryption and PCI Compliance with Istio Service Mesh

Service mesh architecture provides a rich set of features for controlling and securing communications among services. Encryption in transit is a feature that will be critical for financial institutions and other industries working within regulatory frameworks, including PCI, HIPAA, and others.

Envoy proxy & GetEnvoy

How to get started with Envoy extensions: Wasm and GetEnvoy

New tooling is now available to make it easier for developers to create custom extensions for the Envoy proxy.

In this interview (also available as a Make it Mesh podcast), Tetrate Engineer Yaroslav Skopets, an Envoy contributor and GetEnvoy maintainer, explains how WebAssembly (Wasm) makes Envoy extensibility more accessible, and how developers can quickly get started with Tetrate’s open source GetEnvoy extensibility toolkit.

Envoy proxy & GetEnvoy, Istio, Open Source, Security

Istio and Envoy Security Advisories

September 29, 2020 — The Envoy Product Security Team (PST) announced the availability of a security fix and a series of patches for Envoy versions 1.12,1.13, 1.14 and 1.15 to address two high-risk vulnerabilities related to header values and HTTP URL paths. In response to CVE-2020-25017. Additionally the Istio community recommends users to upgrade to 1.6.11+ for 1.6.x deployments or 1.7.3 or later for 1.7.x deployments.

Envoy proxy & GetEnvoy, Istio, Open Source

Istio Service Mesh: 10 Takeaways from Tetrate’s 09/2020 AMA session

Istio founders and contributors Zack Butcher, Sven Mawson, and Liam White discussed all things Istio– covering the latest Istio 1.7 release, what’s to come in 1.8, and practical advice for end users of Istio and the Envoy proxy in Tetrate’s September Istio AMA session.

Istio, Open Source, Tetrate

Istio: Bringing VMs into the Mesh (with Cynthia Coan)

The release of Istio 1.7 was highly anticipated by the service mesh community and end-users because it addresses a problem that Tetrate was founded to solve: Bringing VMs into the mesh.

Istio, Open Source

Here’s how to use Istio with other Nginx ingress proxies

Can I use Istio with Other Ingress Proxies?

It’s been a common problem that we’ve been asked to address, and something that pops up frequently. Can I use Istio with other ingress proxies? In a word? Yes.

CVE Fixes, Envoy proxy & GetEnvoy, Istio, Open Source, Security

Upgrade: Istio and Envoy CVE security fixes

Users of Istio and Envoy are strongly encouraged to upgrade to Istio 1.4.6 and Envoy 1.13.1 or 1.12.3 to address four newly discovered security vulnerabilities. The Envoy update is also available via GetEnvoy.io.

CVE-2020-8659 (CVSS score 7.5, High): Excessive CPU and/or memory usage when proxying HTTP/1.1 Envoy version 1.13.0 or earlier may consume excessive amounts of memory when proxying HTTP/1.1 requests or responses with many small (e.g., 1 byte) chunks.

Events, Security

Identity management and access control for multi-cloud: NIST-Tetrate conference takeaways

The Identity Management & Access Control for Multi-Cloud Conference co-hosted this January by Tetrate and NIST drew 300 attendees to Maryland and and some 600 more participants online. A major takeaway: a Zero Trust Architecture needs service mesh technologies (Istio and Envoy) and Next Generation Access Control (NGAC).

Istio, Open Source, Security

Podcast: How did Autotrader UK got mTLS and more from Istio

TC Currie sat down with Autotrader UK’s Karl Stoney– a DevOps thought leader– to discuss what led them to Istio.

Karl explains that the main reason for the move had been their wish for transparent, mutual TLS, which they wanted to implement without modification to existing apps. He explains that they understood the best way to do this was using a sidecar model, and began their transformation with the use of Google’s managed Kubernetes offering ‘GKE’ when the conversations then pointed to Istio.