Tetrate Blog | Service Mesh for Any Cloud and Any Environment

An Istio-based Traffic Management Use Case of eBay

As a centralized cloud platform, Kubernetes manages multiple heterogeneous applications, including online services, big data, and backend searches. The number of clusters reaches up to the hundreds. In large clusters, thousands of microservices and hundreds of thousands of pods are run in a single cluster. Needless to say, different types of applications have different traffic management needs. The question then arises: how do we address these different needs with a centralized model? In fact, this is the biggest challenge that eBay has been seeking to tackle for years.

AWS, Tetrate, Tetrate Service Bridge

TSB CI/CD Pipeline on Gitlab deploying application in AWS

As code gets signed off by a developer, it goes to the infrastructure teams that deploy it in the dev/test environment and then validate it via a number of tests. The developer’s skill set usually doesn’t include knowledge of Kubernetes, service mesh parameters, or Ingress gateways. Beyond knowledge, there is usually enterprise grade separation of roles: the developer shouldn’t have access to the network configuration, unnecessary monitoring tools, and certainly not security objects such as certificates.

Istio, Open Source, Tetrate

Using Traefik Ingress Controller with Istio Service Mesh

The Istio service mesh comes with its own ingress, but we see customers with requirements to use a non-Istio ingress all the time. Previously, we’ve covered integrating NGINX with Istio. Recently we’ve been working with customers that are using Traefik ingress. With some slight adjustments to the approach we suggested previously, we at Tetrate learned how to implement Traefik as the ingress gateway to your Istio Service Mesh. This article will show you how.

Apache SkyWalking, Envoy proxy & GetEnvoy, Open Source

Observe Service Mesh in VMs with SkyWalking and Envoy Access Log Service

Want to observe a service mesh that extends to virtual machines? A new analyzer in Apache SkyWalking — the APM system designed especially for microservices, cloud native and container-based architectures — leverages Envoy’s metadata exchange mechanism to work in Kubernetes, VM, or hybrid environments.

Alt: PKI certificate tree with a root, three intermediate signing CAs, and four leaf certificates (issued by various intermediates across the tree).

Istio, Open Source, Security

Trusting trust: Root Istio’s trust in your existing PKI

It comes up regularly when we talk to customers and users who want to get started with Istio. How can trust work for me? If Istio has its own Certificate Authority, and I have mine, how can I make sure that they trust each other?

Istio, Open Source, Tetrate

What’s new in Istio 1.9

On February 9, Istio announced the release of Istio 1.9. In this release, we can see the wider adoption of VMs into the service mesh, and even better VM support, cert issuance to VMs, and health checking for the workload entry. Istio’s latest releases, 1.7 and 1.8, made a lot of progress toward making VMs first-class workloads in the mesh, and cert issuance has been the final gap to close.

GetIstio, Open Source, Tetrate

Introducing GetIstio: the easiest way to get started with Istio

Istio is one of the most popular and fast-growing open source projects in the cloud native world; while this growth speaks volumes about the value users get from Istio, ease of getting started with and it’s rapid release cadence can be a challenge for many users. Combine that with managing several different versions of Istio clusters at the same time, manually configuring CA certificates for cloud platforms etc – it could get really daunting pretty quickly.

Apache SkyWalking application performance monitoring tool

Apache SkyWalking, Open Source, Tetrate

SkyWalking 8.4 provides infrastructure monitoring for VMs

Apache SkyWalking– the APM tool for distributed systems– has historically focused on providing observability around tracing and metrics, but service performance is often affected by the host. The newest release, SkyWalking 8.4.0, introduces a new feature for monitoring virtual machines. Users can easily detect possible problems from the dashboard– for example, when CPU usage is overloaded, when there’s not enough memory or disk space, or when the network status is unhealthy, etc.

NIST-Tetrate DevSecOps and Zero Trust Architecture for Multi-Cloud Environments conference Jan. 27, 2020

Open Source, Security, Service Mesh

DevSecOps, Service Mesh, and Zero Trust Architecture: A Recap of the 2021 NIST-Tetrate Conference

Tetrate and NIST co-hosted our second annual conference last week focusing on foundational approaches to security in the era of microservices: DevSecOps and Zero Trust Architecture in Multi-Cloud Environments. The one-day event took place virtually on Jan. 27, 2021. Here are some highlights!

Security, Tetrate

Offloading Authentication and Authorization from Application Code to a Service Mesh

In an upcoming National Institute of Standards and Technology (NIST) special publication I’ve co-authored with NIST’s Ramaswamy Chandramouli, we’ll be presenting recommendations around safely and securely offloading authentication and authorization from application code to a service mesh.