WebAssembly (Wasm)
Istio, Tetrate, Wasm

Importance of Wasm in Istio

WasmPlugin API has recently been added to the Istio project as a new and improved mechanism for extensibility. Here at Tetrate, we’ve recently conducted a successful workshop called Istio Wasm workshop. Click here to watch the recording of the workshop and join the conversation on Slack.

We talked about WebAssembly and its importance in Istio and Envoy projects, and went through multiple practical labs using Proxy-Wasm Go SDK and func-e.

Read More
Announcements, Envoy Proxy & GetEnvoy, Service Mesh, Wasm

Launching Envoy Fundamentals, a training course to enable faster adoption of Envoy Proxy

Also published on: CNCF

Envoy Proxy, an open-source edge and service proxy, is a vital part of today’s modern, cloud-native application and is used in production by large companies like Booking.com, Pinterest, and Airbnb(Source). Tetrate, a top contributor to Envoy, has developed Envoy Fundamentals, free training with a completion certificate, to help enterprises adopt the technology faster. It will enable DevOps users, SREs, developers, and other community members to learn Envoy easily with concept text, practical labs, and quizzes. Tetrate is also the creator of the popular Istio Fundamentals training course and the open-source project Func-e, which makes it easier to adopt Envoy. 

Read More
Istio, Kubernetes, Service Mesh

Service Mesh in 2021: the ecosystem is emerging

As the service mesh architecture concept gains traction and the scenarios for its applications emerge, there is no shortage of discussions about it in the community. I have worked on service mesh with the community for 4 years now, and will summarize the development of service mesh in 2021 from this perspective. Since Istio is the most popular service mesh, this article will focus on the technical and ecological aspects of Istio.

Read More
Zero Trust network for Microservices
Istio, Kubernetes, NGAC, Security, Tetrate Service Bridge, Zero Trust

Implement Zero Trust Network for Microservices using TSB

Today, every major organization is going through a massive digital transformation, adopting cloud, mobile, microservices, and container technologies to deliver services efficiently, meet critical business demands, and catch up with market expectations. Organizations’ Platform and DevOps teams have to model distributed and multi-cloud applications and services accessible from anywhere and anytime to be agile. This has given rise to two significant trends within the organizations:

  1. As a growing number of organizations adopt multi-cloud, they deploy their applications into the public cloud (Google, Amazon, Azure, etc.), which means that the data is out of their perceived safety of on-prem data centers.
  2. Organizations use microservices and distributed architecture to achieve agility and scale. 
Read More
Istio, Kubernetes, Open Source

The debate in the community about Istio and service mesh

You can use Istio to do multi-cluster management, API Gateway, and manage applications on Kubernetes or virtual machines. In my last blog, I talked about how service mesh is an integral part of cloud native applications. However, building infrastructure can be a big deal. There is no shortage of debate in the community about the practicability of service mesh and Istio– here’s a list of common questions and concerns, and how to address them.

  • Is anyone using Istio in production?
  • What is the impact on application performance due to the many resources consumed by injecting sidecar into the pod?
  • Istio supports a limited number of protocols; is it scalable?
  • Will Istio be manageable? – Or is it too complex, old services too costly to migrate, and the learning curve too steep?

I will answer each of these questions below.

Read More
Apache SkyWalking, CVE Fixes, Tetrate

TSB Log4j Security Announcement

Summary

A critical vulnerability (CVE-2021-44228, CVSS score 10) was identified in the Java logging library Apache Log4j 2. Apache Log4j2 2.14.1 and below are susceptible to a remote code execution vulnerability where a remote attacker can leverage this vulnerability to take full control of a vulnerable machine.

Apache Log4j is used in many Java-based applications, making this vulnerability potentially affecting lots of organizations. As we continue to gain a deeper understanding of the impact of this threat, we will publish technical information to help you detect, investigate, and mitigate attacks. We will provide updates with more information and protection details as they become available.

Update at 2021-12-14: New, related CVE-2021-45046 has been disclosed and mitigations are included in this post.

Read More
WebAssembly
Envoy Proxy & GetEnvoy, Istio, Kubernetes, Tetrate, Wasm

New in Istio 1.12: Wasm-based extensions and ecosystem

New WebAssembly infrastructure in Istio makes it easy to inject additional functionality into mesh deployments

Three years in the making, Istio now has a powerful extension mechanism for adding custom and third-party Wasm modules to sidecars in the mesh. Tetrate engineers Takeshi Yoneda and Lizan Zhou have been instrumental in making this happen. This post will cover the basics of Wasm in Istio and why it matters followed by a short tutorial on building your own Wasm plugin and deploying it to the mesh.

Read More