While the open source Istio may help solve a number of issues for managing microservices and providing security, the service mesh also poses some of its own problems, from difficulty during installation to handling day two operations, such as upgrades and configuring certificate managers. Tetrate, the premium service mesh provider, has decided to tackle these difficulties with this month’s launch of GetIstio, a commercial service mesh based on Istio and Envoy proxy.
First and foremost, GetIstio is an open source distribution of upstream Istio that helps users easily install Istio using the GetIstio command-line interface (CLI). It has been tested against Amazon Web Services‘ Elastic Kubernetes Service, Azure Cloud Service (AKS), and Google Kubernetes Engine (GKE).
When users install Istio using GetIstio, they get a hardened image of Istio with continued support that is easier to install, manage, and upgrade, the company claimed. Part of that “continued support” comes by making sure Istio keeps running despite upgrades to Kubernetes that might otherwise impact compatibility, explained Tetrate CEO Varun Talwar.
“The thing is, these are not static projects, right? Neither Kubernetes, nor Istio, nor Envoy,” said Talwar. “Every three months, you typically have new releases from these projects, so the confidence you want to give to users is that, if you are using GetIstio, then we’ll take care of your upgrades in your environment.”
As a new release comes out from Istio, GetIstio plans to provide a new version, tested against each of its three supported cloud providers, within days, ensuring that the version works with all supported prior versions of Kubernetes as well.
“Even if the initial day zero is okay, typically what happens is you upgraded your Kubernetes and something broke Istio,” said Talwar. “That pain is what we want to take away.”
Beyond handling installation and upgrades, the GetIstio CLI also allows for switching between multiple versions of the
istioctl configuration utilities, help with handling certificate management by using a number of cloud provider certificate management systems to create Istio CA certificates for signing Service-Mesh managed workloads, and also provides end users with a Federal Information Processing Systems (FIPS) compliant version of Istio.
Installing and upgrading Istio, however, isn’t the only thing Tetrate is taking aim at with GetIstio. The company is also offering a free, self-paced course called Learn Istio Fundamentals that is part of a larger effort the company is launching around building community, which it says it hopes will bring together Istio and Envoy users and technology partners to share problems and solutions with each other.
“It is about enabling other products that are relevant for them to build integrations with Istio, so the community at large can benefit,” explained Prasad Radhakrishnan, a general manager at Tetrate. “We are just trying to foster an environment where they can come and collaborate with us. If there is a certificate manager or store — a product and vendor — and they want to play with the Istio ecosystem, how do we guide them? How do we help them? Yes, there is a set of documentation and an API is available, but can we do something more here to accelerate their integration efforts?”
Tetrate is a sponsor of The New Stack.