Multi-cluster Istio on EKS-D and AWS EKS

AWS recently announced EKS Distro which allows you to run self-managed and on-premises Kubernetes clusters using the same Kubernetes binaries that run on AWS EKS. With this consistent foundation for running containers comes the need for a consistent foundation for automating the networking of those containers, specifically the security, traffic, and extensibility policies.

Istio is a service mesh that can be run on these clusters to provide that networking and security automation, but what is the right deployment model, and how can you operate it at scale?

We specifically built Gloo Mesh to solve this and other similar problems. Gloo Mesh is an enterprise grade build of Istio upstream (with builds for FIPS, or ARM, etc) with management plane functionality and a developer portal that can be layered on top.  With Gloo Mesh, you run independent Istio control planes in each cluster, and then use Gloo Mesh’s management plane to abstract away the location and security details into a single abstract Virtual Mesh. You then write your traffic policies, access control, and observability  rules against this abstraction. This model is meant to allow the operator to focus on what matters: the rules that govern traffic between services and abstract away present-state physical deployment and topology state.

In the following video demo, we take a quick look at AWS EKS and EKS-D and see how Gloo Mesh significantly improves the operability of your network across clusters.

If you’re looking for a supported Istio distribution for your environment, including the expertise to architect, scale, and operate a multi-cluster and multi-cloud,  checkout Gloo Mesh, reach out to us, or join our opensource community on Slack.