Bloomberg and Tetrate partner on Envoy-powered AI Gateway.

Learn more about the collaboration › close
Tetrate Enterprise ready service mesh
Get Demo
Pricing

Frequently Asked Questions

Service Mesh Solutions

What Is a Kubernetes Ingress Controller

How Kubernetes Ingress Works

What Is Kubernetes Ingress Used For?

What Is a CVE (Common Vulnerability and Exposure)?

What Are the Benefits of CVES?

How Does Tetrate Fix Cves?

What Is CVSS?

What Are the Limitations of CVE?

What’s the Difference Between Tetrate Products and Istio?

What Is the Difference Between CVE and CVSS?

What Is a Cybersecurity Vulnerability?

What Is a Cybersecurity Exposure?

What Is Sidecarless?

Istio Ambient Mode vs. Ambient Mesh

What Is Cisa’s Zero Trust Maturity Model (ZTMM)?

What Are the Five Pillars of Cisa’s Zero Trust Maturity Model (ZTMM)?

 What is CISA’s Zero Trust Maturity Model (ZTMM)

What are the five pillars of CISA’s Zero Trust Maturity Model (ZTMM)?

What Are the Pillars of Forrester’s Zero Trust Model?

What Is Threat Modeling?

What Is a Software-Defined-Perimeter (SDP) with Zero Trust?

Why Is Application Security Important?

What Is Kubernetes Security?

What is Ambient Mesh?

What Is Zero Trust Architecture (ZTA)?

What Is Tetrate Service Express (TSE)?

Does Tetrate Service Express (TSE) Integrate with Amazon Eks?

Do Tetrate Products Support Multiple Cloud Deployments?

Are Tetrate Products Open Source?

Do Tetrate Products Support Non-kubernetes Workloads?

Why Do I Need Tetrate in Addition to Open Source Istio?

Do Tetrate Products Run in the Cloud and on Premises?

Why Do I Need Multitenancy in a Service Mesh?

How Do I Protect Production from Unauthorized Access in a Dynamic Compute Environment like Kubernetes?

How Can I Implement Mtls Across My Entire Infrastructure, Including Between Kubernetes and Vms?

Will Tetrate Service Bridge Work with My Existing Public Key Infrastructure?

How Do I Ensure and Prove Consistent Application of Authorization Policy Across All of My Deployments?

How Does Tetrate Service Bridge Transparently Shift Traffic to Public Cloud Services from My On-Premises, Self-Managed Infrastructure?

How Does Tetrate Service Bridge Help Optimize Locality and Minimize Egress?

How Can I Safely Roll Out My Microservices Implementation and Roll Back to the VM Implementation if It’s Not Working?

How Can I Mitigate the Damage of Infrastructure Outages by Giving My Developers Tools to Failover and Build Ha Applications?

How Does Tetrate Service Bridge Help Me Keep My Service Mesh up to Date Without Causing Outages?

How Do I Enable My Developers to Build Reliable Applications Using Mesh Primitives?

What Is the Difference Between Tetrate Service Bridge and Tetrate Service Express?

What Is an API?

What Does Kubernetes Do?

What Does “Proxied” Mean?

What Is ProxyPass?

What Is a Gateway in Microservices?

What Is ABAC?

What Does a Service Mesh Do?

What Is Istio?

What is Envoy Proxy?

What Are the Core Principles of the Zero Trust Model?

What Are the Benefits of Choosing a Zero Trust Architecture?

What Is Kubernetes Ingress Used For?

Kubernetes Ingress is used to manage external access to the services within a Kubernetes cluster. Ingress delivery in Kubernetes has changed significantly over time, starting with the early Ingress API to today, where Envoy Gateway is the leading choice to deliver Ingress services via the Kubernetes Gateway API.

The Kubernetes Ingress API and the Kubernetes Gateway API both serve to manage and route external traffic to services within a Kubernetes cluster, but they have different scopes, capabilities, and design philosophies.

Kubernetes Ingress is used to manage external access to the services within a Kubernetes cluster. It acts as an entry point for external traffic, routing it to the appropriate services based on the configured rules. Here’s a breakdown of its main purposes:

HTTP and HTTPS Routing: Ingress allows you to define rules for routing HTTP and HTTPS traffic to different services based on hostnames or paths.

Load Balancing: It can distribute incoming traffic across multiple instances of a service, providing load balancing capabilities to ensure even distribution of traffic and high availability.

SSL/TLS Termination: Ingress can handle SSL/TLS termination, meaning it can manage HTTPS connections by handling SSL certificates and decrypting traffic before passing it to the backend services.

Name-Based Virtual Hosting: Ingress supports name-based virtual hosting, which allows you to direct traffic to different services based on the hostname specified in the request.

Centralized Traffic Management: It provides a centralized point for defining and managing how traffic should flow into your cluster, making it easier to handle complex routing and traffic management requirements.

The Kubernetes Gateway API, the successor to and superset of the older Ingress API, is used to provide a more flexible and extensible way to manage and control traffic routing within a Kubernetes cluster, compared to the traditional Ingress API. Here are the key purposes and features of the Gateway API:

Advanced Traffic Management: The Gateway API supports more advanced traffic routing and management capabilities, such as traffic splitting, retries, timeouts, and advanced load balancing strategies.

Separation of Concerns: It separates the concerns of configuring how traffic enters the cluster (Gateway resources) from how traffic is routed within the cluster (HTTPRoute, TCPRoute, etc.). This allows different teams to manage their specific aspects more effectively.

Flexibility and Extensibility: The Gateway API is designed to be more extensible, enabling the integration of various service mesh and networking implementations. It provides a more flexible architecture that can accommodate future enhancements and new use cases.

Role-Specific Resources: The Gateway API introduces role-specific resources, such as Gateways, GatewayClasses, and Routes. Gateways define where traffic enters the cluster, GatewayClasses define types of gateways, and Routes define how traffic should be routed to services.

Better Integration with Service Meshes: The API is designed to integrate well with service meshes, providing a unified way to manage ingress and egress traffic as well as service-to-service communication within the cluster.

Enhanced Security: The Gateway API provides more granular control over security policies, such as configuring TLS settings and defining security requirements for different types of traffic.

Learn More