Announcing Tetrate Istio Subscription! 100% Upstream Istio, FIPS-Verified

Read More close
Tetrate Enterprise ready service mesh
Get Demo
Pricing

Frequently Asked Questions

What’s the difference between Tetrate products and Istio?

What is CISA’s Zero Trust Maturity Model (ZTMM)?

What are the five pillars of CISA’s Zero Trust Maturity Model (ZTMM)?

 What is CISA’s Zero Trust Maturity Model (ZTMM)

What are the five pillars of CISA’s Zero Trust Maturity Model (ZTMM)?

What are the pillars of Forrester’s Zero Trust model?

What is Threat Modeling?

What is a Software-defined-perimeter (SDP) with Zero Trust?

Why is application security important?

What is Kubernetes Security?

What is Ambient Mesh?

What is Zero Trust Architecture (ZTA)?

How does Tetrate compare to Solo.io?

What is Tetrate Service Express (TSE)?

Does Tetrate Service Express (TSE) integrate with Amazon EKS?

Do Tetrate products support multiple cloud deployments?

Are Tetrate products open source?

Do Tetrate products support non-Kubernetes workloads?

Why do I need Tetrate in addition to open source Istio?

Do Tetrate products run in the cloud and on premises?

Why do I need multitenancy in a service mesh?

How do I protect production from unauthorized access in a dynamic compute environment like Kubernetes?

How can I implement mTLS across my entire infrastructure, including between Kubernetes and VMs?

Will Tetrate Service Bridge work with my existing public key infrastructure?

How do I ensure and prove consistent application of authorization policy across all of my deployments?

How does Tetrate Service Bridge transparently shift traffic to public cloud services from my on-premises, self-managed infrastructure?

How does Tetrate Service Bridge help optimize locality and minimize egress?

How can I safely roll out my microservices implementation and roll back to the VM implementation if it’s not working?

How can I mitigate the damage of infrastructure outages by giving my developers tools to failover and build HA applications?

How does Tetrate Service Bridge help me keep my service mesh up to date without causing outages?

How do I enable my developers to build reliable applications using mesh primitives?

What is the difference between Tetrate Service Bridge and Tetrate Service Express?

What is an API?

What is an API gateway?

What does Kubernetes do?

What is ingress and egress in Kubernetes?

What does “proxied” mean?

What is ProxyPass?

What is a gateway in microservices?

What is ABAC?

What does a service mesh do?

What is Istio?

What is Envoy Proxy?

What are the core principles of the zero trust model?

What are the benefits of choosing a zero trust architecture?

What is ingress and egress in Kubernetes?

In Kubernetes, ingress and egress are two terms used to describe how traffic enters and exits a cluster.

Basic Kubernetes ingress. Ingress refers to the process of routing external traffic into the Kubernetes cluster. In other words, it is the entry point for incoming traffic to the services running within the cluster. Kubernetes provides a basic Ingress resource that allows you to define rules for how traffic should be routed from external sources to your services. An Ingress controller is responsible for implementing these rules. 

Basic Kubernetes egress. Egress refers to the process of traffic leaving the Kubernetes cluster and going to an external destination. This traffic can be initiated from within the cluster by a pod or service. Kubernetes provides an Egress resource that allows you to define rules for how traffic should be routed from your services to external destinations.

Full-featured Kubernetes ingress. Implementations of the new Kubernetes Gateway API such as Envoy Gateway offer full-featured application gateway functionality for traffic ingress to Kubernetes clusters.


Advanced Kubernetes ingress and egress with a service mesh. Service meshes like Istio provide advanced ingress and egress capabilities. Istio provides a Kubernetes ingress gateway, which is a load balancer that manages incoming traffic from outside the cluster. The ingress gateway can be configured to route traffic to the appropriate microservice based on the incoming request’s URL or headers.


Istio also provides an egress gateway, which is a load balancer that manages outgoing traffic from the Kubernetes cluster. The egress gateway can be used to route traffic to external services or APIs, as well as to apply security policies and enforce rate limiting.

Additionally, Istio provides features for managing traffic routing and load balancing between microservices within a Kubernetes cluster. It can automatically route traffic between services based on various factors, such as round-robin or weighted load balancing, client affinity, or custom routing rules.

Enterprise solutions like Tetrate Service Bridge offer a global application connectivity and security platform for an entire fleet of applications across clusters, clouds, and on-premises.

For more information, read our Learning Center article on Istio