Tetrate, the three-year-old startup making the popular service mesh Istio more palatable for traditional enterprises, has been on a roll these last few months.
In March, exactly a month after it released GetIstio, an easier-to-use version of the open source Envoy-based Istio, it announced completion of a $40 million Series B funding round led by Sapphire Ventures with participation from Scale Venture Partners, NTTVC, Dell Technologies Capital, Intel Capital, 8VC, and Samsung NEXT. GetIstio would be the driver of its flagship enterprise product, Tetrate Service Bridge.
Last week Tetrate released Service Bridge 1.0, saying it was now "officially" ready for production workloads, although it had already been in production use by some Fortune 500 companies.
Service Bridge is a proprietary platform that makes it easier to manage Istio, which provides an abstracted network that sits between applications and a traditional network to control the additional traffic that containers, VMs, and microservices bring to the table.
While Istio is arguably the most capable of services meshes, its complexity can be a deal breaker for organizations without the necessary expertise.
"Istio is an open source project that is phenomenal in the use case of 'I have a cluster,'" Zack Butcher, founding engineer at Tetrate who was an early Istio developer while at Google, told DCK. "The problem is that no legitimate enterprise has a cluster. In the real world, these are disparate, heterogeneous deployments. Some of it's in cloud, maybe in five different clouds, and it's in on-prem data centers."
Tetrate takes the same approach to tackling Istio's complexity other vendors have successfully brought to Kubernetes. Service Bridge abstraacts many of Istio's controls from the user while making them available if needed. It accomplishes this by automating some processes with help from existing open source projects, such as SkyWalking, a perfomance monitoring tool; and Zipkin, a tracing system used to troubleshoot latency issues.
It also adds persona- or role-based access control along with a single-pane-of-glass view of the service mesh, with multiple views that can be tied to the roles, enabling DevOps teams to concentrate on the clusters in their domains, while sysadmins and the like have a view of the entire infrastructure.
The platform also removes the need to configure every application that will run on a newly created cluster as long as you have the same application already configured and running elsewhere on the mesh.
"We can go in and enroll a new cluster or a set of VMs," Butcher said. "If you've already configured information about the applications, because maybe they run on another cluster and now you're spinning up a replica, as soon as you enroll that [cluster], we're going to go and configure it all correctly, exactly as you intended.
"One of our big goals is to not force application developers to have to think about the topology or to have to think about what the physical footprint is. I want them to be able to think about their application and their application's health. A lot of the work is trying to provide abstractions, so that as a developer I don't have to care where it is. I can just say, this is my service, this is how traffic needs to flow."
This includes situations where a new cloud or colo data center is being added to the infrastructure.
"If the platform team needs a footprint in Japan, they're free to spin up compute there," he said. "The burden to then bring applications there that have safe and consistent behavior is very low, because you enroll the cluster, you deploy the applications, and it just works."
Looking Ahead to 1.1
Butcher said that his team is already at work adding new features for Service Bridge's next release. First up will be automating certain approval pipelines to shorten the time line a DevOps team will face when they need to, say, fire up a new VM and expose it to the internet.
"If you've talked with old-school data center folks, in the old world if I need to expose my VMs to the internet I go file a ticket with the networking team, it goes into a spreadsheet, and six weeks later I get my ticket back and I can go do it," Butcher said. "That's the kind of workflow that we think the service mesh can help automate away."