Which service mesh is the one for you?

cool eh?

This week I set out to write a post comparing Istio and Linkerd, and I told myself: I’m going to create tables comparing features, and it’s going to be great and people will love and the world will be happier for a few seconds. I promised myself It was going to be a fair comparison without bias from any end. …


Which service mesh is the one for you?

cool eh?

This week I set out to write a post comparing Istio and Linkerd, and I told myself: I’m going to create tables comparing features, and it’s going to be great and people will love and the world will be happier for a few seconds. I promised myself It was going to be a fair comparison without bias from any end. …


If the number of stars a project has on GitHub can say something about its popularity and pervasiveness, then Istio is certainly one of the most popular service mesh technologies available today, with 16k+ stars as of writing this blog. The popularity can also be seen by looking at the tools that integrate with Istio in many different areas.

To facilitate the adoption of service mesh technologies like Istio, we created a technology called SuperGloo, which borrows part of the name from the popular next-gen API gateway Gloo. …


Overview

Two vulnerabilities have been discovered in the Envoy proxy that can potentially allow unauthorized access to backend resources. They are classified as of high severity according to the CVSS methodology and immediate action is needed.

CVE-2019–9900 (CVSS score 8.3)

When parsing HTTP/1.x header values, Envoy 1.9 and before does not reject embedded zero characters (NUL, ASCII 0x0). This allows remote attackers crafting header values containing embedded NUL characters to potentially bypass header matching rules, gaining access to unauthorized resources.
GitHub issue — https://github.com/envoyproxy/envoy/issues/6434

Envoy was failing to comply with the HTTP 1.1 specification with regards to resetting or closing the connection on the presence…


Highlights

  • This week’s release summary includes an exciting feature: Upstream Groups. For details on how it works check the 5 Minutes with Gloo blog on UpstreamGroups
  • Subset Load Balancing — organize Kubernetes Pods in subsets to then route to the subsets, check the docs here.

Detailed Changelog

During the last week, we’ve had a total of 4 releases (v0.13.6, v0.13.7, v0.13.8, v0.13.9)

Fixes

Use updated envoy for upstream bug fix. (https://github.com/solo-io/gloo/issues/635)


If you’re familiar with Gloo, you might be aware that Gloo already supports splitting traffic into multiple destinations, which is especially useful for Canary Deployments and A/B tests, and that’s great! If you’re new to Gloo, I recommend this post on the Anatomy of a Virtual Service.

In this latest release of Gloo (v0.13.7), we added a new feature called Upstream Groups. It is a top-level object, that, as the name says, allows you to logically group upstreams, giving you the ability to address them as a group in distinct VirtualServices. …


A few weeks ago we automated our release logs, and with that, anyone can check our documentation to see what we released, the issues fixed, and the new features added.

Highlights

Starting this week we’ll have a weekly post on the most relevant features added and bugs fixed, so let’s get to this week’s news.

New Features

  • Improved Uninstall — it’s now a customizable and less invasive process, which allows you to preserve objects you already have on the namespace running Gloo.
  • You can now specify Multiple proxies in your Helm Chart.
  • You can configure Envoy Circuit Breakers with Gloo. …

In this installment of 5 minutes with Gloo, I’ll introduce you to the concept of a VirtualService. Understanding what a Gloo VirtualService is, and its role in traffic management, is crucial to making proper use of Gloo, the Next-Gen API Gateway.

What is a Virtual Service?

The VirtualService contains information to respond to three questions mainly:

Example:


Configuring Gloo and Envoy to use OIDC (OpenID Connect)

In this series of Blogs titled ‘5 minutes with Gloo’, we’ll introduce some of the Gloo and Gloo Enterprise functionality in a summarized form. It should only take you 5 minutes to understand the feature we’re presenting, and if you’re willing to try it yourself, it will undoubtedly be worth the extra time.

For this first post, we will explain how you can integrate Gloo with OIDC (OpenID Connect). It’s fair to say that the primary objective of OIDC is to verify the identity of a user. …


Squash 0.5 is out. This new release addresses enterprise debugging use cases making it the most pervasive debugging tool for cloud-native applications.

The ability to do live debugging of an application is an essential piece in the development process. It bothers me, and I often have a hard time understanding how developers can purely rely on log statements to identify if a piece of code is behaving as intended. Adding log statements to the code you write is probably a no brainer, but it should by no means be the primary tool of a productive debugging session.

Applications should be developed in an environment very similar to the ones they will run when in production. …

Diógenes Rettori

Executive Director at JPMorgan Chase & Co. Cloud Architecture

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store