Tetrate Istio SubscriptionVersion: NextIntroducing Tetrate Istio Subscription
Tetrate Istio Subscription (TIS) is a fully-supported, Enterprise-ready product from Tetrate that provides vetted builds of Istio, tested against all major cloud platforms.
Tetrate Istio Subscription uses Istio builds from the open-source Tetrate Istio Distro project, and adds full premium-level support for these builds and optional FIP-validated cryptographic modules, along with a set of tested and supported implementations of Add-Ons and Integrations.
Support
Tetrate Istio Subscription provides extended Istio version support and CVE fixes beyond upstream Istio (release date plus 14 months). The Istio distributions are hardened and performant, and are full distributions of the upstream Istio project.
Refer to the full support table on the Support and Maintenance document.
FIPS
Tetrate Istio Subscription includes FIPS-validated builds of the Tetrate Istio distributions. The FIPS certificate is available on-request.
Add-Ons and Integrations
Tetrate Istio Subscription comes with a set of tested, supported Add-Ons and Integrations, making it safe and easy to extend Istio capabilities and integrate with common infrastructure tools.
Why use Tetrate Istio Subscription?
Users of Tetrate Istio Subscription benefit from:
- Tetrate Istio distributions: whenever you need an Istio distribution that is tested for use in AWS, Azure, GCP or vanilla Kubernetes;
- FIPS-validation: FIPS-validated builds meet the needs of FedRAMP and other compliance-sensitive environments;
- Supported Add-Ons, Integrations and Tools: for easy deployment, integration and extensions;
- Support from Tetrate Experts: our expert technical support team are experienced Istio users and contributors; it's like having an Istio expert embedded within your own team!
What Istio distributions are available?
The Istio distributions managed by Tetrate Istio Subscription include:
- Community Istio distributions - Istio binaries taken directly from the community Istio project
- Tetrate Istio distributions - based on the community project, the Tetrate binaries benefit from longer maintenance windows and additional release testing.
- Tetrate Istio distributions (FIPS) - Istio distributions built on FIPS-compliant cryptographic modules. TIS subscribers obtain FIPS-validated modules and the corresponding FIPS validation certificate.
What environments are supported?
Tetrate Istio Subscription can install and manage Istio on a range of Kubernetes platforms. Tetrate tests Istio builds on vanilla Kubernetes, Amazon EKS, Azure AKS and Google GKE:
- Installation: Istio installation and updates are performed using helm or istioctl, or using EKS Addons or Azure Marketplace.
Components of Tetrate Istio Subscription
Tetrate Istio Subscription provides support and FIPS certification for Tetrate Istio Distro tools and distributions
Tetrate Istio distributions
The Istio release schedule can be very aggressive for enterprise lifecycle and change management practices. Releases are issued approximately quarterly. Each release is typically maintained for 7 months, after which it no longer receive any security updates.
Tetrate supports and maintains each Istio release for up to 14 months, providing technical support and security updates. This reduces the burden on Enterprises to frequently upgrade and retest their Istio infrastructure.
| Community Istio Lifecycle | Tetrate Istio Subscription Lifecycle |
|---|---|
| Updates provided until 6 weeks after the following N+2 minor release, after which all security updates cease. | Support provided for the 4 most recent Istio releases. All supported releases benefit from base software security updates; all Istio security updates applied to matching Istio releases. |
| Typical update window: up-to 7 months | Typical support and update window: up-to 14 months |
The Tetrate-provided Istio distributions are rigorously tested against multiple different Kubernetes distributions to ensure continual functional integrity and smooth upgrade experiences.
For a complete list of the currently-supported Istio versions and the associated Kubernetes versions, refer to the support table on the Support and Maintenance document.
FIPS-Compliant and FIPS-Validated Istio distributions
Istio performs mTLS and other cryptographic operations to encrypt and decrypt data. Some environments require enhanced security assurance, and may require the use of FIPS-validated cryptographic software.
Tetrate Istio Subscription includes a FIPS-compliant implementation of each supported Tetrate Istio distribution. These implementations contain a cryptographic module that complies with the requirements of the FIPS-140-2 standard. Tetrate can provide a validation certificate as needed.
Add-Ons, Integrations and Tools
Tetrate Istio Subscription comes with a set of tested add-ons, integrations and tools that are supported by Tetrate.
- Integrations are components that are integrate Istio with other system. Currently TIS provide Grafana dashboards and Istio registry sync.
- Tools are standalone utility components for Istio. Currently TIS provides Vulnerability Scanner to scan Istio cluster for CVEs.