Keep up with the latest from us
It’s been a common problem that we’ve been asked to address, and something that pops up frequently. Can I use Istio with other ingress proxies? In a word? Yes.
Users of Istio and Envoy are strongly encouraged to upgrade to Istio 1.4.6 and Envoy 1.13.1 or 1.12.3 to address four newly discovered security vulnerabilities. The Envoy update is also available via GetEnvoy.io.
CVE-2020-8659 (CVSS score 7.5, High): Excessive CPU and/or memory usage when proxying HTTP/1.1 Envoy version 1.13.0 or earlier may consume excessive amounts of memory when proxying HTTP/1.1 requests or responses with many small (e.g., 1 byte) chunks.
The Identity Management & Access Control for Multi-Cloud Conference co-hosted this January by Tetrate and NIST drew 300 attendees to Maryland and and some 600 more participants online. A major takeaway: a Zero Trust Architecture needs service mesh technologies (Istio and Envoy) and Next Generation Access Control (NGAC).
TC Currie sat down with Autotrader UK’s Karl Stoney– a DevOps thought leader– to discuss what led them to Istio.
Karl explains that the main reason for the move had been their wish for transparent, mutual TLS, which they wanted to implement without modification to existing apps. He explains that they understood the best way to do this was using a sidecar model, and began their transformation with the use of Google’s managed Kubernetes offering ‘GKE’ when the conversations then pointed to Istio.
The co-creators of Istio– Louis Ryan of Google and Tetrate’s Varun Talwar– talk with TC Currie on the history of Istio, how it came to exist in its current form and the collaboration between Google, IBM and Lyft that got the project off the ground. They address how the project was designed to allow businesses to solve observability issues, routing problems, security, and policy concerns all in one place.
All right. Thanks for joining me in this talk. My name is Venil Noronha and I worked with the VMware open source technology center. I have a fun job that is to contribute upstream to Istio and Envoy full time. Today we’ll have a look at rest API in some problems associated with rest APIs and how gRPC solves these problems. And finally we’ll have a look at how we can take the gRPC experience to applications running on a web browsers with the help of gRPC web and Istio.
Cameron Moreau and Tian Wang from Pivotal spoke at Tetrate’s inaugural Service Mesh Day 2019 in San Francisco on the workings, pain points, and future of auth.
Ferraiolo gave an in-depth presentation on Next Generation Access Control (NGAC), an ANSI/INCITS standard that boldly goes where no RBAC or ABAC has gone before. NGAC enables diverse access control policies to be specified and enforced in combinations. And while NGAC can be deployed in various environments, Tetrate’s Ignasi Barrera joined Ferraiolo to demonstrate its implementation in a service mesh where it’s capable of providing a complete authorization framework.
David Ferraiolo of NIST and Tetrate’s Ignasi Barrera presented on Next Generation Access Control at Tetrate’s Service Mesh Day 2019 in San Francisco.
Service mesh: Where do I get started? And what’s the overhead?
Speaking at service mesh workshops over the past year, these are the two questions that Lee Calcote, senior director of technology strategy at SolarWinds, heard over and over again.
At KubeCon Barcelona this May 20-23, 2019, 7,700 attendees gathered to discuss emerging trends in cloud native computing, microservices architectures and container orchestration. Tetrate, which offers enterprise-ready service mesh solutions for networking and observability, was proud to send four of its engineers to participate in five of the scheduled sessions.
Lizan Zhou, who is both a founding engineer at Tetrate and a senior maintainer of Envoy, led both an “Intro to Envoy” session…
…and a “Deep Dive into Envoy” focused on extensability.
