To give you the latest on the Istio service mesh, Tetrate hosted a live Ask Me Anything about Istio webinar on Dec. 16, 2021, with Istio engineers Zack Butcher, Weston Carlson, and Vikas Choudhary; Zack Butcher is an Istio contributor and member of its steering committee. These were our top takeaways.
1.8 is the last version of Istio to be released in 2020, it keeps following the trade winds and listen to the users’ feedback, which has the following major updates:
Tetrate’s partnership with AWS, with today’s announcement of Amazon EKS Distro (EKS-D), provides their joint customers with unified application connectivity and security across workloads, on-premises and on AWS cloud. EKS-D was unveiled at re:Invent 2020 as a Kubernetes offering that can run on-premises, in data centers owned or operated by customers. There are several benefits to EKS-D that we believe will be useful for customers in accelerating, streamlining, and unifying the efforts needed to modernize their applications and cloud migration.
The latest Istio releases have been widely anticipated by users who want to extend the service mesh to their legacy workloads. Istio 1.7 laid some of the groundwork to make VMs first-class citizens in the mesh by making VMs look more like a pod in Istio. With its latest 1.8 release, Istio has resolved a key problem with DNS in the service mesh that has stood in the way of expanding the mesh to VMs and enabling seamless multicluster access and has continued to build on the groundwork laid in 1.7 to make VMs easier to enroll in the mesh.
With the popularity of service mesh at an all time high, it is important to think about how it might affect your current architecture. You might think you have to completely rework your environment, that it might not be “mesh ready.” But in fact you can integrate a service mesh into your current stack and make it work for your organization.
Istio is a popular service mesh to connect, secure, control, and observe services. When it was first introduced as open source in 2017, Kubernetes was winning the container orchestration battle and Istio answered the needs of organizations moving to microservices. Although Istio claims to support heterogeneous environments such as Nomad, Consul, Eureka, Cloud Foundry, Mesos, etc., in reality, it has always worked best with Kubernetes — on which its service discovery is based.
Tetrate’s Zack Butcher’s recent AMA with the United States Air Force Chief Software Officer, Nicolas Chaillan highlighted some significant achievements as a result of the Department of Defense’s move to Open source technology and DevSecOps. Platform One is a group of Air Force software developers that build and secure technology tools used across the DoD, as part of the Enterprise DevSecOps Initiative. Tetrate is a partner DoD is working with, on their journey to modernization.
Security remains one of the primary drivers behind service mesh adoption today. In this virtual webinar to be held Oct. 21 at 11 a.m. (PDT), U.S. Air Force CSO Nicolas M. Chaillan will join Tetrate’s Zack Butcher to discuss “DevSecOps and IT Innovation with the Department of Defense.”
September 29, 2020 — The Envoy Product Security Team (PST) announced the availability of a security fix and a series of patches for Envoy versions 1.12,1.13, 1.14 and 1.15 to address two high-risk vulnerabilities related to header values and HTTP URL paths. In response to CVE-2020-25017. Additionally the Istio community recommends users to upgrade to 1.6.11+ for 1.6.x deployments or 1.7.3 or later for 1.7.x deployments.
Istio founders and contributors Zack Butcher, Sven Mawson, and Liam White discussed all things Istio– covering the latest Istio 1.7 release, what’s to come in 1.8, and practical advice for end users of Istio and the Envoy proxy in Tetrate’s September Istio AMA session.