Distroless FIPS-compliant Istio

At Solo.io, we work with a lot of customers or software providers that provide products to their customers that have compliance obligations around FIPS (Federal Information Processing Standards). These are typically customers in the US Government, but not exclusively. FIPS is a set of rules about how cryptographic modules are implemented and apply to any […]

Christian Posta | February 23, 2021
Read More

Configuring CORS and JWT in Istio for secure, cross-origin requests

As more and more organizations leveraging Istio service mesh turn to Solo.io for production support, FIPS compliance, and architecture/operations best practices, we start to see patterns emerge and common questions arise. When we see enough of those questions, we try to share when we have a few moments to write. In this blog post, I’ll show […]

Christian Posta | February 2, 2021
Read More

Making Web Assembly a first-class citizen on Gloo Mesh Enterprise Beta

WebAssembly (abbreviated Wasm) is a binary instruction format for a stack-based virtual machine. Wasm is designed as a portable compilation target for programming languages, enabling deployment on the web for client and server applications. At Solo.io, we are very excited about Web Assembly as a way to extend an Envoy-based data plane in frameworks like API Gateways (Gloo) and Service Meshes (Istio, AppMesh, […]

Denis Jannot | December 15, 2020
Read More

Gloo Mesh Enterprise Beta Release

From day one, our mission with Gloo Mesh has been to provide a service mesh command center that will give users indispensable features to manage a “glooed” together mix of environments, and today I am excited to announce that Gloo Mesh Enterprise is now available in Beta. We are asking the Gloo community and customers […]

Chris Gaun | December 15, 2020
Read More

Multi-cluster Istio on EKS-D and AWS EKS

AWS recently announced EKS Distro which allows you to run self-managed and on-premises Kubernetes clusters using the same Kubernetes binaries that run on AWS EKS. With this consistent foundation for running containers comes the need for a consistent foundation for automating the networking of those containers, specifically the security, traffic, and extensibility policies. Istio is a […]

Christian Posta | December 7, 2020
Read More

The evolution of VM support in Istio 1.8 (with video)

Istio releases a new minor version every quarter, and most recently the community released 1.8.0. VM support for Istio has been progressing along across the last few releases. For example, in  Istio 1.6 the WorkloadEntry resource was introduced. This allowed the mesh operator to specify VM instances and their IPs as part of the mesh. […]

Christian Posta | November 25, 2020
Read More

Multi-Cluster Service Mesh Role-Based-Access-Control

In the previous posts, we covered how Gloo Mesh (previous known as Service Mesh Hub) makes it easy to federate the identity across clusters to allow cross-cluster communication, failover and access control based on policies. RBAC in Kubernetes In large organizations, several teams are using the same Kubernetes cluster. They use Kubernetes RBAC to define who can […]

Denis Jannot | November 12, 2020
Read More

Service Mesh Hub v0.9.1 – Expanded OSM support, AWS App Mesh progress, plus more config and troubleshooting features

Service Mesh Hub is a Kubernetes-native management plane that enables configuration and operational management of multiple clusters of the same service meshes and multiple clusters of heterogeneous service meshes through a unified API. Since the 0.7.2 release in September we’ve shipped more features and fixes leading to the latest release, version 0.9.1 New Features in […]

Solo.io Engineering | October 28, 2020
Read More

Multi-cluster global access control for Kubernetes and Service Mesh

In this blog series, we will dig into specific challenge areas for multi-cluster Kubernetes and service mesh architecture, considerations and approaches in solving them. In a previous blog post we covered Identity Federation for Multi-Cluster Kubernetes and Service Mesh which is the foundation for multi-cluster global access control. We explained how to setup each Istio cluster with a different […]

Denis Jannot | October 19, 2020
Read More

Zero Trust Application Networking with Envoy Proxy

Security is an evergreen requirement for any system, and in recent years, the concept of Zero Trust has gained in popularity as a different security model to protect organizations and their IT portfolio from the increasing business risk of security incidents. Traditional security practices and tools are designed to secure the perimeter and by default […]

Betty Junod | October 12, 2020
Read More

Cross-cluster service communication with service mesh

In this blog series, we will dig into specific challenge areas for multi-cluster Kubernetes and service mesh architecture, considerations and approaches in solving them. The previous blog post covered Identity Federation for Multi-Cluster Kubernetes and Service Mesh which is the foundation for cross-cluster service communication. Istio is the most popular Service Mesh technology and is designed to handle […]

Denis Jannot | October 6, 2020
Read More

Identity Federation for Multi-Cluster Kubernetes and Service Mesh

In this blog series, we will dig into specific challenge areas for multi-cluster Kubernetes and service mesh architecture, considerations and approaches in solving them. The previous blog posts focused on aspects of Failover and Fallback routing from a service mesh perspective and in comparison (and combined with) multi-cluster API gateway instances. In this blog post we start looking at […]

Denis Jannot | September 22, 2020
Read More