Announcing Tetrate Agent Operations Director for GenAI Runtime Visibility and Governance

Learn more
< Back

Announcing: Onboard EC2/ECS Workloads Onto Your Service Mesh with Tetrate Istio Subscription

Tetrate
Announcing%3A%20Onboard%20EC2%2FECS%20Workloads%20Onto%20Your%20Service%20Mesh%20with%20Tetrate%20Istio%20Subscription

In the rapidly evolving cloud-native landscape, businesses are continuously adopting microservices architectures to build scalable, resilient, and flexible applications. Amazon EC2 and ECS remain some of the most widely used infrastructure services, playing a crucial role in managing these workloads. However, as microservices applications grow in complexity, managing service-to-service communication, traffic routing, security, and observability can become increasingly challenging.

Coming soon, Tetrate Istio Subscription (TIS) will introduce a powerful service mesh solution designed to simplify the onboarding of EC2 and ECS workloads into the service mesh. With TIS, you’ll be able to seamlessly integrate your EC2 and ECS workloads, enabling centralized management of service communication, automated security features like mutual TLS, and deep observability into service behavior—all without requiring significant changes to your application code.

Tetrate offers an enterprise-ready, 100% upstream distribution of Istio, Tetrate Istio Subscription (TIS). TIS is the easiest way to get started with Istio for production use cases. TIS+, a hosted Day 2 operations solution for Istio, adds a global service registry, unified Istio metrics dashboard, and self-service troubleshooting.

Learn more

EC2 Onboarding Architecture

The diagram in Figure 1 offers an overview of the full onboarding process flow:

Figure 1: Onboarding process flow.

The workload onboarding architecture takes advantage of the following components:

  • Workload Onboarding Operator: This component is installed into the Kubernetes cluster as part of the EC2 onboarding control plane.
  • Workload Onboarding Agent: The agent is installed in the EC2 next to the application workload.
  • Workload Onboarding Endpoint: The Workload Onboarding Agent connects to this component to register the workload in the mesh and obtain boot configuration for the Envoy sidecar.
  • Workload Groups: When a workload running outside of the Kubernetes cluster is onboarded into the mesh, it is configured to join a particular WorkloadGroup. The Istio WorkloadGroup resource holds the configuration shared by all the workloads that join it. In a way, an Istio WorkloadGroup resource is to individual workloads what a Kubernetes Deployment resource is to individual Pods. WorkloadGroup enables specifying the properties of a single workload for bootstrap and provides a template for WorkloadEntry, similar to how Deployment specifies properties of workloads via Pod templates. To be able to onboard individual workloads into a given Kubernetes cluster, you must first create a respective Istio WorkloadGroup in it.
  • Istio Sidecar: An Istio sidecar is deployed next to your workload. It’ll be responsible for all ingress and egress traffic of your application. Once a VM is onboarded, all of its application traffic is proxied by the Istio sidecar.

What’s Next

With TIS, onboarding EC2 and ECS workloads into your service mesh will soon be effortless. Once onboarded, these workloads will communicate seamlessly with other service mesh-based services using mTLS while benefiting from the full range of service mesh capabilities.

In an upcoming blog, we’ll walk you through the process of onboarding EC2 and ECS workloads into the TIS service mesh, from initial setup to leveraging Istio’s advanced features. Whether you’re just getting started with Istio or looking to enhance the capabilities of your applications, this guide will help you unlock the full potential of Istio to optimize performance, strengthen security, and streamline operations.

Stay tuned for more details on how TIS will transform the way you manage and secure your cloud-native applications!

Tetrate
Product background Product background for tablets
New to service mesh?

Get up to speed with free online courses at Tetrate Academy and quickly learn Istio and Envoy.

Learn more
Using Kubernetes?

Tetrate Enterprise Gateway for Envoy (TEG) is the easiest way to get started with Envoy Gateway for production use cases. Get the power of Envoy Proxy in an easy-to-consume package managed via the Kubernetes Gateway API.

Learn more
Getting started with Istio?

Tetrate Istio Subscription (TIS) is the most reliable path to production, providing a complete solution for running Istio and Envoy securely in mission-critical environments. It includes:

  • Tetrate Istio Distro – A 100% upstream distribution of Istio and Envoy.
  • Compliance-ready – FIPS-verified and FedRAMP-ready for high-security needs.
  • Enterprise-grade support – The ONLY enterprise support for 100% upstream Istio, ensuring no vendor lock-in.
    • Learn more
    Need global visibility for Istio?

    TIS+ is a hosted Day 2 operations solution for Istio designed to streamline workflows for platform and support teams. It offers:

  • A global service dashboard
  • Multi-cluster visibility
  • Service topology visualization
  • Workspace-based access control
    • Learn more
    Decorative CTA background pattern background background
    Tetrate logo in the CTA section Tetrate logo in the CTA section for mobile

    Ready to enhance your
    network
    with more
    intelligence?