DevSecOps
Announcements, Kubernetes, Security, Service Mesh, Tetrate, Zero Trust

Why You Should Attend the ZTA and DevSecOps Conference with NIST and Tetrate

Tetrate and NIST are hosting their third annual ZTA conference, ZTA and DevSecOps for Cloud Native Applications (virtual), on Wednesday, Jan. 26th (training) and Thursday, Jan. 27th (sessions). The conference provides the most valuable opportunity this year for organizations to gather a practical understanding of how to secure critical infrastructure. You will learn how to put together a ZTA stack for end-user traffic from the ground up.

With the severity of data breaches escalating, including damage to critical US infrastructure, executive orders have been issued, calling for federal agencies to adopt Zero Trust Architecture (ZTA). The DevSecOps approach is seen as essential to achieving high operational assurance for microservices-based applications. But many organizations face challenges in implementation. NIST and Tetrate are presenting the third annual edition of this conference to dive deeply into this new architectural model, which yields enhanced security and other benefits. Their work to date has already yielded ZTA standards for cloud-native applications. 

Read More
Istio, Kubernetes, Service Mesh

Service Mesh in 2021: the ecosystem is emerging

As the service mesh architecture concept gains traction and the scenarios for its applications emerge, there is no shortage of discussions about it in the community. I have worked on service mesh with the community for 4 years now, and will summarize the development of service mesh in 2021 from this perspective. Since Istio is the most popular service mesh, this article will focus on the technical and ecological aspects of Istio.

Read More
AWS + Tetrate
Announcements, AWS, Istio, Kubernetes, Service Mesh, Tetrate Service Bridge

EKS is Anywhere and so is Tetrate

Tetrate works with Amazon EKS and EKS Anywhere to bring seamless connectivity and management to Kubernetes applications both on-premises and in the cloud. One of Tetrate’s founding goals is to enable our customers to manage their applications everywhere––from edge to workload, between services and VMs, in datacenters and the cloud––and to do it securely, reliably, and scalably while providing a consistent experience to IT ops and developers across these environments.

That goal aligns perfectly with EKS Anywhere, Amazon’s new Kubernetes offering that reaches beyond AWS. Amazon Elastic Kubernetes Service (EKS) is a managed compute platform for containers that allows customers to avoid the undifferentiated heavy lifting involved in using roll-your-own Kubernetes to run modern applications on AWS. EKS Anywhere is a new deployment option for Amazon EKS that enables customers to easily create and operate Kubernetes clusters on-premises, including virtual machines (VMs) and bare metal servers. With EKS Anywhere, Amazon offers its customers a consistent Kubernetes experience both on-premises and in the cloud.

Read More
API Gateway, Istio, Kubernetes, Service Mesh

Using Istio service mesh as API Gateway

API gateways have been around for a long time as the entry point for clients to access the back-end, mainly to manage “north-south” traffic, In recent years, service mesh architectures have become popular, mainly for managing internal systems,(i.e. “east-west” traffic), while a service mesh like Istio also has built-in gateways that bring traffic inside and outside the system under unified control. This often creates confusion for first-time users of Istio. What is the relationship between the service mesh and the API gateway? How does Istio’s gateway work? What are the ways to expose the services in the Istio mesh? This article gives you the answer.

Read More
Kubernetes, Service Mesh, Tetrate

Multicluster Management with Kubernetes and Istio

Do you have multiple Kubernetes clusters and a service mesh? Do your virtual machines and services in a Kubernetes cluster need to interact? This article will take you through the process and considerations of building a hybrid cloud using Kubernetes and an Istio Service Mesh. Together, Kubernetes and Istio can be used to bring hybrid workloads into a mesh and achieve interoperability for multicluster. But another layer of infrastructure — a management plane — is helpful for managing multicluster or multimesh deployments.

Read More
What is Istio operator?
Istio, Service Mesh

What is Istio operator?

For a long time, the primary tools for installing, upgrading, and managing Istio installations were Helm and Kubernetes CLI. Later, Istio 1.4 introduced a new method of installing Istio using the Istio CLI. 

Read More
Discovery selectors featured image
Istio, Service Mesh

Discovery selectors in Istio 1.10

Discovery selectors were one of the new features introduced in Istio 1.10. Discovery selectors allow us to control which namespaces Istio control plane watches and sends configuration updates for. By default, the Istio control plane watches and processes updates for all Kubernetes resources in a cluster. Istio configures Envoy proxies in the mesh to reach every workload in the mesh and accept traffic on all ports associated with the workloads.

Read More