Avi’s Istio Integrated Ingress Gateway for containers fills the need of Istio service mesh to provide secure and reliable access from external users to the Kubernetes and Red Hat OpenShift clusters, regardless of deployments in on-premises data centers or public clouds such as Amazon Web Services (AWS), Microsoft Azure, or Google Cloud Platform.
Multi-Cluster Traffic Management for
Istio, Kubernetes & Openshift
Avi Vantage architecture has a decoupled control plane (Avi Controller) and data plane proxies (Avi Service Engines). Avi Controller integrates with Istio control plane via open APIs to coordinate the policies across Envoy proxies for east-west traffic management within Kubernetes and Red Hat OpenShift clusters. Avi Service Engines can be deployed to load balance the ingress (north-south) traffic between external users and the clusters. They can also be deployed as secure inter-cluster gateways between the clusters, which can be across data centers and public clouds.
Applications deployed in Kubernetes or Red Hat OpenShift environments need both east-west as well as north-south traffic management services. The open source Istio service mesh provides the east-west traffic management capabilities in Kubernetes through the distributed Envoy side car proxies. However, Istio doesn’t address the ingress into the container cluster or the gateway services required to bridge multi-cluster environments. Enterprises need elastic, enterprise-grade load balancing for ingress into the container cluster.
Traditional load balancing appliances lack the automation or the elasticity to provide these ingress services and open source load balancers are not feature-complete. Avi’s distributed architecture is a great fit for enterprises looking to deliver external access to the container cluster or those looking to deploy multiple container clusters with connectivity between them.
Features needed to access the clusters in a service mesh:
- Ingress load balancing
- Global server load balancing (GSLB)
- Distributed web application firewall (WAF)
- Blacklist / whitelist and role-based access control (RBAC)
- Rate limiting to mitigate distributed denial of service (DDoS) attacks
- Integration with enterprise-grade single sign-on solutions (SSO)