Authorization for EC2 instances in AWS #50589
Replies: 1 comment
-
You have several ways to integrate EC2 instances with Istio on AWS EKS: Ingress GatewayUse Istio's built-in gateway to manage traffic from EC2 to EKS. This approach is straightforward and uses Istio's capabilities to secure and monitor traffic entering the Kubernetes cluster from EC2. VPN/Direct ConnectConnect your EC2 instances to your Kubernetes network using AWS VPN or Direct Connect. This makes your EC2 instances part of the same network as your EKS cluster, allowing you to manage them more seamlessly within Istio. However, the cost of doing so will be relatively high, and it is not worth it. Istio on EC2Install Istio directly on your EC2 instance, see the doc. This involves setting up the same Istio sidecar proxies that you use within EKS on your EC2 instances, enabling uniform management and security policies across your cloud and on-premises resources. But at present, this step is more complicated, there is no open source tool to help you achieve, you can only manually operate. Tetrate's TSB, however, can run on both virtual machines and Kubernetes, helping you establish a connection between them. See this blog Mobile Premier League Migrates from VMs to K8s in AWS with Tetrate to Deliver a Better Experience to 90+ Million Gamers and TSB doc Migrating VM Monoliths to your cluster and configure the VM. |
Beta Was this translation helpful? Give feedback.
-
We intend implementing istio in our AWS EKS. We still have some services running on EC2. Are there any options to authorize the requests coming from EC2 based on tags, IAM roles or anything else? I thought also about an agent or proxy that can be installed on EC2 that can communicate with the mesh.
Beta Was this translation helpful? Give feedback.
All reactions