The debate in the community about Istio and service mesh

You can use Istio to do multi-cluster management, API Gateway, and manage applications on Kubernetes or virtual machines. In my last blog, I talked about how service mesh is an integral part of cloud native applications. However, building infrastructure can be a big deal. There is no shortage of debate in the community about the practicability of service mesh and Istio– here’s a list of common questions and concerns, and how to address them.

Is anyone using Istio in production?

What is the impact on application performance due to the many resources consumed by injecting sidecar into the pod?

Istio supports a limited number of protocols; is it scalable?

Will Istio be manageable? – Or is it too complex, old services too costly to migrate, and the learning curve too steep?

I will answer each of these questions below.

Apache SkyWalking, CVE Fixes, Tetrate

TSB Log4j Security Announcement

Summary

A critical vulnerability (CVE-2021-44228, CVSS score 10) was identified in the Java logging library Apache Log4j 2. Apache Log4j2 2.14.1 and below are susceptible to a remote code execution vulnerability where a remote attacker can leverage this vulnerability to take full control of a vulnerable machine.

Apache Log4j is used in many Java-based applications, making this vulnerability potentially affecting lots of organizations. As we continue to gain a deeper understanding of the impact of this threat, we will publish technical information to help you detect, investigate, and mitigate attacks. We will provide updates with more information and protection details as they become available.

Update at 2021-12-14: New, related CVE-2021-45046 has been disclosed and mitigations are included in this post.

Kubernetes, Tetrate

New in Istio 1.12: Wasm-based extensions and ecosystem

New WebAssembly infrastructure in Istio makes it easy to inject additional functionality into mesh deployments

Three years in the making, Istio now has a powerful extension mechanism for adding custom and third-party Wasm modules to sidecars in the mesh. Tetrate engineers Takeshi Yoneda and Lizan Zhou have been instrumental in making this happen. This post will cover the basics of Wasm in Istio and why it matters followed by a short tutorial on building your own Wasm plugin and deploying it to the mesh.

Istio, Kubernetes, Tetrate

How Istio certification can give you a cloud-native edge

Certifications go beyond helping you showcase your skills to potential employers. They are a great tool to keep learning new tech. This post looks at how certifications such as Istio certification and Kubernetes certification can help you in your journey.

Announcements, Tetrate

Tetrate named 2021 Cool Vendor by Gartner

by JJ and Varun

We are excited to share that Tetrate is recognized by Gartner as a Cool Vendor in Cloud Computing. When we started Tetrate in 2018, we had the clear vision to productize and simplify application connectivity and security for cloud native apps and workloads. We were able to attract many talented engineers to lead, steer, and contribute to the Istio, Envoy, and Apache SkyWalking projects in open source. We had the right talent and technology ingredients to build a product that could comprehensively address application security, connectivity, observability, and reliability to enable uninterrupted end-user experience. We were all aligned on the product vision.

But from the beginning, we always knew that building a product for enterprise customers requires empathy. We partnered with our early customers to listen, learn, ideate, and iterate on product features and capabilities. We found that the real need was more than just a service mesh. The real need was to bridge legacy and modern, to pave a path to safely modernize. The real need was to bridge on-premises with on-cloud, to pave a path for seamless movement of workloads between them. The real need was to go beyond conventional perimeter security, to be able to secure all applications in a consistent way. These and many more learnings went into building Tetrate Service Bridge. That’s how it gets done at Tetrate, now and forever.

Jeff Bezos said it well,

“We innovate by starting with the customer and working backwards. That becomes the touchstone for how we invent.”

Gartner’s cool vendor recognition is an important milestone and a validation for Tetrate Service Bridge. It’s a milestone but not the destination. There is a lot to do and more to come. Thanks to Gartner for the recognition, and to our customers and partners. You can read the report to learn what Gartner has to say about Tetrate and our product. Our congratulations to the other companies and their products that were recognized as well!

Download the Gartner 2021 Cool Vendor report

Gartner Disclaimer

Gartner does not endorse any vendor, product or service depicted in our research publications, and does not advise technology users to select only those vendors with the highest ratings. Gartner research publications consist of the opinions of Gartner’s research organization and should not be construed as statements of fact. Gartner disclaims all warranties, expressed or implied, with respect to this research, including any warranties of merchantability or fitness for a particular purpose.

Announcements, AWS, Kubernetes, Tetrate

Tetrate now available in AWS Marketplace

For most organizations, modernizing enterprise applications is a journey. During this journey, it’s not uncommon for applications to migrate from datacenters to clouds, VMs to containers, with concerns and requirements spanning from edge to workload and everywhere in between––often all at the same time. Istio, the most widely deployed and de facto standard service mesh, helps enterprises manage application modernization along every step of that journey. And now, Tetrate Istio Subscription (TIS) is available for Amazon customers on the AWS Marketplace, making it the first hardened Istio subscription with enterprise support available there.

Kubernetes, Tetrate Service Bridge

Multi-site failover with Tetrate Service Bridge

Microservices bring many benefits to any organization’s software practice. It can be efficiency, speed of changes and improvements, granularity of control over application behavior, solid and stable end-user experience with multiple instances of the service running in parallel, and also global reach with ability to get services closer to the user geographical location and more.

Announcements, AWS, Istio, Kubernetes, Service Mesh, Tetrate Service Bridge

EKS is Anywhere and so is Tetrate

Tetrate works with Amazon EKS and EKS Anywhere to bring seamless connectivity and management to Kubernetes applications both on-premises and in the cloud. One of Tetrate’s founding goals is to enable our customers to manage their applications everywhere––from edge to workload, between services and VMs, in datacenters and the cloud––and to do it securely, reliably, and scalably while providing a consistent experience to IT ops and developers across these environments.

That goal aligns perfectly with EKS Anywhere, Amazon’s new Kubernetes offering that reaches beyond AWS. Amazon Elastic Kubernetes Service (EKS) is a managed compute platform for containers that allows customers to avoid the undifferentiated heavy lifting involved in using roll-your-own Kubernetes to run modern applications on AWS. EKS Anywhere is a new deployment option for Amazon EKS that enables customers to easily create and operate Kubernetes clusters on-premises, including virtual machines (VMs) and bare metal servers. With EKS Anywhere, Amazon offers its customers a consistent Kubernetes experience both on-premises and in the cloud.

API Gateway, Istio, Kubernetes, Service Mesh

Using Istio service mesh as API Gateway

API gateways have been around for a long time as the entry point for clients to access the back-end, mainly to manage “north-south” traffic, In recent years, service mesh architectures have become popular, mainly for managing internal systems,(i.e. “east-west” traffic), while a service mesh like Istio also has built-in gateways that bring traffic inside and outside the system under unified control. This often creates confusion for first-time users of Istio. What is the relationship between the service mesh and the API gateway? How does Istio’s gateway work? What are the ways to expose the services in the Istio mesh? This article gives you the answer.