Istio Day 2023: A Question of Multi-Cluster Support
On November 6 of 2023 in Chicago, as part of KubeCon North America, Istio Day took place.
One of the sessions was an “Ask me anything” panel with Mitch Connors (Aviatrix), John Howard (Google), Lin Sun & Neeraj Poddar (Solo), and Eric Van Norman (IBM). The schedule for the event can be viewed here ›
I wasn’t there myself but given my interest in Service Mesh, I watched a recording of that panel discussion, and of other sessions besides.
I have always loved these types of panels, perhaps because they are not scripted; any attendee is free to raise a question or point of discussion, and the panel opines.
The focus of the panel was on Ambient mesh, a new sidecar-less design for Service Mesh that is being added to Istio.
Around the nine-minute mark (see below), a question was raised regarding multi-cluster support. After Lin Sun’s clear and to-the-point reply, Mitch Connors took the opportunity to explain the broader issue, and I’m glad he did, because I think that it’s a crucial issue for enterprises to understand as they consider adopting service mesh:
Mitch Connors replied:
Maybe the questions you’re asking need a solution outside the Istio project.
It’s important for a project like Istio, as it grows, to know what it is and what it isn’t. Looking back on our history, we came out as a way to manage multiple Envoy proxies.
Because Envoy was amazing, but no one in the world needs one. Everyone needs a fleet of Envoy proxies to really achieve most of the benefits they want to get from that technology.
And that’s what Istio does: it manages a fleet of Envoy proxies.
In multi-cluster, what you’re beginning to need is something to operate a fleet of Istio’s: a fleet of Istio control planes across tens, or dozens, or hundreds of clusters. There are projects out there that are starting to try to do that for you… but I wouldn’t expect to see a solution to that problem from within the Istio project.
We’re not experts on it. And you should find someone who is, to help you solve it.
—Mitch Connors
I couldn’t agree more:
- Istio is a solution for managing a fleet of Envoys.
- Enterprises are realizing they need something to operate a fleet of Istios.
- That problem requires a solution outside the Istio project.
Tetrate Service Bridge: a Solution for Managing a Fleet of Istios
What Mitch describes here bears a striking resemblance to Tetrate Service Bridge (TSB), Tetrate’s enterprise service mesh designed to manage a fleet of Istio control planes.
After Mitch’s reply, Neeraj Podar added:
Once you have a multi-cluster environment, there’s a lot more to it. You need:
- A single pane of glass for visibility. [check]
- A right conduit for telemetry. [check]
- A management solution, so [that] at scale, if you have hundreds of clusters, you can install and upgrade Istio uniformly. [check]
—Neeraj Podar
Tetrate foresaw this need and built TSB some years ago (version 1.0 was released in the Spring of 2021).
A Succinct Explanation
At Tetrate, as part of my role in training and education, I train our clients on TSB, and I couldn’t have explained TSB as simply and succinctly as both Mitch and Neeraj did in that panel: TSB is an enterprise service mesh, designed to manage a fleet of Istio control planes across dozens, or even hundreds of clusters. It provides a single pane of glass for visibility, conduits for telemetry, a management solution that can, at scale, allow you to install and upgrade Istio uniformly.
TSB has many more features besides, including built-in support for multi-tenancy, “edge” and “east-west” gateways to manage multi-cluster traffic, a game changer in terms of supporting high availability. Tetrate continues to refine TSB with each new release. Our latest release is version 1.8, and I invite you to take a look at it here.
We have a host of existing, large enterprise clients wielding multi-cluster, multi-tenant Istio-based service mesh with TSB.
In the coming weeks, look for a follow-on article, where I take a stab at explaining TSB myself, perhaps titled “Understanding Tetrate Service Bridge”, or maybe “The need for an enterprise service mesh.”
###
If you’re new to service mesh, Tetrate has a bunch of free online courses available at Tetrate Academy that will quickly get you up to speed with Istio and Envoy.
Are you using Kubernetes? Tetrate Enterprise Gateway for Envoy (TEG) is the easiest way to get started with Envoy Gateway for production use cases. Get the power of Envoy Proxy in an easy-to-consume package managed by the Kubernetes Gateway API. Learn more ›
Getting started with Istio? If you’re looking for the surest way to get to production with Istio, check out Tetrate Istio Subscription. Tetrate Istio Subscription has everything you need to run Istio and Envoy in highly regulated and mission-critical production environments. It includes Tetrate Istio Distro, a 100% upstream distribution of Istio and Envoy that is FIPS-verified and FedRAMP ready. For teams requiring open source Istio and Envoy without proprietary vendor dependencies, Tetrate offers the ONLY 100% upstream Istio enterprise support offering.
Get a Demo