Connect Your Services Seamlessly with Amazon EKS Anywhere and Istio
Amazon EKS Anywhere provides a new deployment option that enables users to easily create and operate Kubernetes clusters on-premises, while also connecting VMs and bare metal. Amazon EKS Anywhere opens up possibilities for a bunch of hybrid cloud use cases such as workload migration from on-premises to public cloud, application modernization, bursting, and data sovereignty.
Service connectivity challenges with EKS Anywhere
Regardless of where you are running your workloads, you will need to solve the service connectivity challenges whether they are within your EKS-Anywhere cluster on-premises, across your clusters, or among your private and public clouds. Some challenges are:
- You have data-centric workloads that must remain in your data center due to legal requirements or you want to utilize on-premises compute capacity that you already purchased while you have some stateless cloud native workloads running in EKS. How do you secure the communications from services running on EKS Anywhere with services running on EKS using a zero trust security model?
- You want to migrate your service from on-premises with EKS Anywhere to EKS running on AWS cloud infrastructure. As part of the migration, you will have your service running on both EKS Anywhere and EKS for a period of time. You want to precisely control how to shift traffic for your service running on EKS Anywhere or EKS, and gradually shift set percentages of traffic to your service running on EKS as you become comfortable that they are working as expected.
- You have seasonal workloads that need to handle 10x higher transaction volumes for days or weeks. You want to burst into the public cloud seamlessly for days or weeks as needed, but not pay for the additional 10x resources when they are not being used. You want to connect the services securely, but also you need to balance the load based on the service health and be able to fail over to the next available service instances.
Gloo Mesh brings EKS Anywhere and Istio together
A service mesh is designed to solve the above service connectivity challenges for you so that you can focus on the business logic of your service, independent of what programming languages you use for your service. Istio is the most dominant service mesh in production per the CNCF survey in late 2020, and leverages Envoy as a sidecar proxy.
Gloo Mesh provides an enhanced and opinionated abstraction over open source Istio and AWS App Mesh. Gloo Mesh focuses on security, ease of use, with powerful best practices built-in, simplified multicluster operation, and global failover routing for your services across clusters no matter where you run your services: on EKS-Anywhere, EKS, VMs, or bare metal. Gloo Mesh Gateway is built natively on top of Istio and provides API gateway functionalities such as integrated external authentication and authorization, rate limiting, web application firewall, and goes well beyond what a basic Istio ingress gateway provides. The diagram below shows one possible architecture to run Istio, Envoy, Gloo Mesh on EKS Anywhere and AWS cloud infrastructure, replacing Istio’s ingress gateway with Gloo Mesh Gateway whenever you need the advanced API gateway functionalities.
Read about popular use cases for EKS Anywhere, Istio and Envoy in Ram’s technical blog on using EKS-A and Istio service mesh together.
Deploying an Envoy Proxy API gateway with EKS Anywhere
Service meshes sound great but what if you are not ready to put a sidecar onto each of your services? This is normal and we can help you with an Envoy Proxy-based modern API gateway. If you are looking for an Envoy-based API gateway on EKS-Anywhere that can handle advanced traffic routing, rate limiting, external authentication/authorization, web application firewall, or connecting to AWS Lambda services on AWS Cloud, Gloo Edge has you covered!
Check out our EKS-A and Envoy Proxy technical blog to learn how to get started on EKS-Anywhere and leverage Gloo Edge connect your services seamlessly with an Envoy API gateway.
Wrapping Up
We are extremely excited about joining forces with Amazon EKS Anywhere to help you solve your service connectivity challenges between EKS Anywhere and EKS in the cloud. Goo Mesh and Gloo Edge are validated and fully supported on EKS Anywhere and EKS, and we are pleased to be a Discovery Partner in the Amazon Partner Network (APN). We have captured our Istio and Envoy expertise in these Gloo products working with many customers including some of the largest Istio implementations around the globe, and we want to bring that expertise to you to help you solve your service connectivity challenges seamlessly built on top of Istio and Envoy so that you can focus on your business logic and what matters most to you.
If you’d like to learn more about how Solo can help with EKS Anywhere and Istio + Envoy Proxy, visit our Talk to an Expert page!
You can also read more on the AWS News Blog (Jeff Barr blog) and see the EKS-A Partners page.
Read our other blogs about how Solo works with Amazon EKS Anywhere:
