AWS Marketplace

Simplify Service Mesh Deployment with Solo.io’s AWS Marketplace add-on for Amazon EKS

As organizations adopt microservices architectures, the need for service mesh solutions has grown. The open-source Istio project has emerged as a popular choice, benefiting from an active community driving rapid innovation and improvement. Istio’s extensible nature allows it to meet diverse enterprise requirements across areas like security, observability, and traffic management.

However, deploying and managing Istio can be complex and time-consuming, especially for those new to microservices infrastructure. Setting up Istio requires configuration, testing, and integration with existing tools and workflows. This overhead can distract application developers from focusing on core business logic and innovation.

To address this challenge, Amazon Web Services (AWS) has collaborated with Solo.io, a service mesh technology company. They offer Istio as a seamlessly integrated, preconfigured, and regularly updated AWS Marketplace add-on for Amazon Elastic Kubernetes Service (Amazon EKS). This offering simplifies the procurement, deployment, and maintenance of Istio, enabling you to leverage its powerful capabilities with minimal operational effort. This post discusses the advantages of this collaborative solution for managing microservices workloads on AWS using Istio.

Solo.io: Simplifying Infrastructure Components

Istio is designed to simplify infrastructure-related tasks for application developers, enabling secure deployment, reliable operation, and easy analysis of microservices-based applications. Key Istio capabilities include:

  • Distributing microservice load – Adjusts load on microservices based on factors like current utilization (featuring anomaly detection, circuit breakers, and rate-limiting) and the microservice version (supporting strategies such as blue/green deployments).
  • Securing microservice communication – Encrypts payloads before network transmission. Using enterprise public key infrastructure (PKI), only workloads within the same security domain can decrypt and access the data. Istio also employs short-lived certificates that can be configured to last only minutes, enhancing security through frequent automatic rotation.
  • Collecting metrics – Gathers detailed metrics from each microservice within the mesh, enabling enhanced network performance analysis.

Solo.io complements Istio through a range of products aimed at simplifying infrastructure components, allowing application developers to focus on business logic. The Gloo Mesh platform is designed to streamline Istio configurations for various infrastructure tasks across the microservices landscape, including:

  • Multicluster Application Configuration – Configurations are defined once and applied uniformly, regardless of the Kubernetes cluster hosting the application.
  • Automatic Service Discovery and Configuration – Facilitates seamless east-west communication within the enterprise, supporting applications distributed across multiple geographic locations, such as different AWS Regions or Kubernetes clusters.
  • Continuous Integration and Deployment (CI/CD) Integration – Simplifies the deployment process by automatically publishing your application once development is completed, allowing developers to remain focused on writing and refining business application code.
  • Advanced Application Networking – Adds capabilities for external authentication and authorization services, rate limiting, and HTTP header and body manipulations without altering the business application code.
  • Observability – Provides a unified view for monitoring traffic flow, identifying performance bottlenecks, and analyzing configurations in an accessible format, highlighting potentially problematic areas of the manifest documents.

Figure 1 illustrates how Solo.io products are built to simplify infrastructure components in a user-friendly manner, enabling application developers to concentrate on business logic.

Screenshot of Solo.io UI showcasing visual representation of a service mesh

Figure 1. Visual representation of communication between microservices with associated metrics

Istio as an Amazon EKS Add-on: A Collaborative Solution

Through a collaborative effort between AWS and Solo.io, you can access Istio prepackaged as an AWS Marketplace add-on for Amazon EKS. This integration is available at no additional cost and is continuously updated with the latest functionalities from Amazon EKS add-ons and Istio. You can immediately implement the add-on directly from the Amazon EKS console. With these AWS Marketplace add-ons, you can easily discover and securely deploy third-party software like Istio from popular independent software vendors (ISVs) like Solo.io onto their EKS clusters. All AWS Marketplace server products undergo continuous vulnerability scanning, helping to ensure secure software deployments. This vulnerability scanning process streamlines procurement by vetting third-party software ahead of time, reducing complexity for you. Both the scanning and secure software deployments reduce the time to value by minimizing the need for additional security reviews and approval processes. These add-ons help the EKS clusters remain stable while reducing the operational effort required to update Kubernetes tooling. With the Solo.io Istio Distribution add-on, you can expect to see some key benefits including:

  • Extensive Testing Each new version undergoes rigorous compatibility and feature support testing for a smooth operation in the customer environments.
  • Enhanced Security Every image is subjected to multiple security scans to confirm its safety for production environments. Images are stored in the Amazon Elastic Container Registry (Amazon ECR) repository created in the AWS Marketplace console and remain within AWS throughout delivery to the end-user EKS cluster.
  • User-friendly Deployment For newcomers to Istio, the AWS web UI offers a user-friendly experience, allowing Istio to be deployed into an EKS cluster in less than 60 seconds.
  • Seamless CI/CD Integration Enterprise customers can deploy the Solo.io EKS add-on using the AWS Command Line Interface (AWS CLI) as part of their CI/CD pipelines without manual intervention.
  • Support for Multiple Architectures The Solo.io EKS Istio add-on images are multi-architecture, ensuring compatibility with various Amazon EKS node compute architectures.
  • Customizable InstallationsThanks to the Amazon EKS team’s support for JSON schema, Solo.io‘s EKS Istio Distribution add-on can be installed smoothly on EKS clusters without additional parameters. For those requiring customization, additional Istio settings can be integrated during installation through a custom configuration file.

Istio EKS Add-on in Ambient Preview Mode Available on AWS

The latest development is the availability of the EKS add-on Istio distribution in Ambient preview mode through AWS Marketplace. This mode does not alter your existing configuration but allows the elimination of sidecars from the service mesh architecture, simplifying operations.

Conclusion

As service mesh technology becomes mainstream, the industry is adopting streamlined, accessible solutions, shedding initial complexities. Amazon EKS presents a powerful solution that simplifies service mesh implementation into a straightforward process, eliminating the need for extensive architectural planning and resource-intensive setup.

This post explored the benefits of integrating Solo.io‘s Istio distribution as a AWS Marketplace add-on for Amazon EKS, highlighting advantages in areas like enhanced security, user-friendly deployment, and seamless CI/CD integration. Visit Solo.io EKS add-on in AWS Marketplace for more details and to get started. Istio’s core service mesh capabilities like microservice load distribution, secure communication, and metrics collection can significantly simplify the complexities of modern microservices architectures when deployed through this integrated solution.

For more complex security and architectural requirements, Solo.io offers advanced consulting services and products like Gloo Mesh to extend open-source Istio to meet enterprise needs.

To get started with the Solo.io EKS add-on, visit their AWS Marketplace listing. For more information about Solo.io products, visit the Solo.io website.

About the authors

Petr McAllister

Petr, Engineer on the Partner Team at Solo.io, comes from a background as a solution architect and developer, now focusing on service mesh technologies with public clouds.

Art Tuazon

Art Tuazon is a Partner Solutions Architect focused on enabling AWS Partners through technical best practices and is passionate about helping customers build on AWS. In her free time, she enjoys running and cooking.