It’s been more than four years since Istio launched in May 2017, and while the project has had a strong following on GitHub and 10+ releases, its growing open-source ecosystem is still in its infancy.
You can use Istio to do multi-cluster management, API Gateway, and manage applications on Kubernetes or virtual machines. In my last blog, I talked about how service mesh is an integral part of cloud native applications. However, building infrastructure can be a big deal. There is no shortage of debate in the community about the practicability of service mesh and Istio– here’s a list of common questions and concerns, and how to address them.
I will answer each of these questions below.
A critical vulnerability (CVE-2021-44228, CVSS score 10) was identified in the Java logging library Apache Log4j 2. Apache Log4j2 2.14.1 and below are susceptible to a remote code execution vulnerability where a remote attacker can leverage this vulnerability to take full control of a vulnerable machine.
Apache Log4j is used in many Java-based applications, making this vulnerability potentially affecting lots of organizations. As we continue to gain a deeper understanding of the impact of this threat, we will publish technical information to help you detect, investigate, and mitigate attacks. We will provide updates with more information and protection details as they become available.
Update at 2021-12-14: New, related CVE-2021-45046 has been disclosed and mitigations are included in this post.
Three years in the making, Istio now has a powerful extension mechanism for adding custom and third-party Wasm modules to sidecars in the mesh. Tetrate engineers Takeshi Yoneda and Lizan Zhou have been instrumental in making this happen. This post will cover the basics of Wasm in Istio and why it matters followed by a short tutorial on building your own Wasm plugin and deploying it to the mesh.
Certifications go beyond helping you showcase your skills to potential employers. They are a great tool to keep learning new tech. This post looks at how certifications such as Istio certification and Kubernetes certification can help you in your journey.
Tetrate works with Amazon EKS and EKS Anywhere to bring seamless connectivity and management to Kubernetes applications both on-premises and in the cloud. One of Tetrate’s founding goals is to enable our customers to manage their applications everywhere––from edge to workload, between services and VMs, in datacenters and the cloud––and to do it securely, reliably, and scalably while providing a consistent experience to IT ops and developers across these environments.
That goal aligns perfectly with EKS Anywhere, Amazon’s new Kubernetes offering that reaches beyond AWS. Amazon Elastic Kubernetes Service (EKS) is a managed compute platform for containers that allows customers to avoid the undifferentiated heavy lifting involved in using roll-your-own Kubernetes to run modern applications on AWS. EKS Anywhere is a new deployment option for Amazon EKS that enables customers to easily create and operate Kubernetes clusters on-premises, including virtual machines (VMs) and bare metal servers. With EKS Anywhere, Amazon offers its customers a consistent Kubernetes experience both on-premises and in the cloud.
API gateways have been around for a long time as the entry point for clients to access the back-end, mainly to manage “north-south” traffic, In recent years, service mesh architectures have become popular, mainly for managing internal systems,(i.e. “east-west” traffic), while a service mesh like Istio also has built-in gateways that bring traffic inside and outside the system under unified control. This often creates confusion for first-time users of Istio. What is the relationship between the service mesh and the API gateway? How does Istio’s gateway work? What are the ways to expose the services in the Istio mesh? This article gives you the answer.
Envoy is the engine that keeps Istio running. If you’re familiar with Istio, you know that the collection of all Envoys in the Istio service mesh is also referred to as the data plane.
In this blog post, we’ll look at the fundamentals of Envoy: the building blocks of the proxy and, at a high level, how the proxy works. Understanding this will help you better understand how Istio works.
Software is moving towards microservices at full speed. Talking to enterprises in different verticals, industries, and sizes, it’s clear for us at Tetrate that the infrastructure of the future is highly modular, distributed, secure, manageable, and agnostic to lower layers of the stack.
WebAssembly (Wasm) has many applications in the cloud-native world today – WASI, edge cloud computing, Proxy-Wasm, and cloud-native runtime for serverless functions, to name a few. The question is, why has WebAssembly become so popular?
