Istio 1.6 Improves Operability and Enhances Simplicity
Istio's latest release, version 1.6, at first glance may seem to carry less weight, but it includes many important enhancements that improve operability.
Join the DZone community and get the full member experience.
Join For FreeSignificant changes were made to the Istio service mesh in its version 1.5 release earlier this year, including notable modifications to the control plane architecture and the creation of a single model for extending Istio and its Envoy proxies using WebAssembly. Istio’s latest quarterly release, version 1.6, at first glance may seem to carry less weight in comparison, however, this update includes several important enhancements that continue to improve its operability.
Installation and Configuration Management
Reducing Upgrade Risks
Istio 1.6 introduces canary support for upgrading versions of the Istio control plane, enabling users to deploy numerous releases of Istiod within the same cluster and migrate pods to a newer version. This will significantly reduce any risks that arise when carrying out upgrades in a production cluster. When installing new control plane versions, the istioctl
the command-line tool now supports assigning names to versions that can be utilized when assigning workloads to each specific Istiod version running in the service mesh.
Remote Control Planes
In Istio 1.6, a single control plane can support managing the data planes in multiple meshes. The Istio Operator now has experimental support for configuring the data plane, the Envoy proxy sidecar mesh, in one Kubernetes cluster to use the control plane, Istiod, in a remote cluster.
preview
Installation Profiles
istioctl
now provides preview
installation profiles. This allows users to try out experimental features before deciding to implement them.
Removal of Helm Installation
Istio 1.6 has removed a user’s ability to install and control their Istio meshes directly using the helm
command-line tool, even though istioctl
and the operator still uses Helm charts.
Traffic Management
Updated VirtualService
Resource
Istio 1.6 has introduced an optional delegate
parameter for HTTP path-based routes for the VirtualService
resource. This new feature can be utilized as a sort of virtual boundary when defining several routes for one service.
WorkloadEntry
to Support External Workloads
Istio has added the WorkloadEntry
resource to support workloads that lie outside an Istio mesh’s Kubernetes cluster. Envoy proxies can be installed on either virtual or physical servers which allows workloads on those nodes to join an Istio mesh. This helps streamline interactions with all workloads throughout the mesh.
Customized Proxy Configurations for Workloads
Users can now add the annotation proxy.istio.io/config
to the workload’s PodSpec
and setting to an inline ProxyConfig
definition to override the default configurations for their mesh’s Envoy proxy on a per-workload basis.
Telemetry
Default Annotations for Prometheus Configuration
Istio 1.6 introduced alpha support for default annotations to configure metric scraping using Prometheus for both the Istio control plane workloads and proxies. These defaults are used when users install Prometheus with istioctl.
It is important to note this Prometheus configuration will not have application security features enabled and users should consider managing Prometheus within their production clusters directly to ensure security and scalability.
Customizable Metrics
Istio telemetry version 2 adds options for metrics customization so users can configure metric labels based on connection request and response attributes.
Istio 1.6 has introduced several user-friendly enhancements that contribute to end users’ operational experience of running the Istio service mesh. With this latest set of added feature enhancements and functionality, users should benefit from simpler installation, traffic management, and telemetry configuration as the Istio project continues to advance its offering.
Opinions expressed by DZone contributors are their own.
Trending
-
Top 10 Pillars of Zero Trust Networks
-
Getting Started With the YugabyteDB Managed REST API
-
File Upload Security and Malware Protection
-
Merge GraphQL Schemas Using Apollo Server and Koa
Comments