Significant changes were made to the Istio service mesh in its version 1.5 release earlier this year, including notable modifications to the control plane architecture and the creation of a single model for extending Istio and its Envoy proxies using WebAssembly. Istio’s latest quarterly release, version 1.6, at first glance may seem to carry less weight in comparison, however, this update includes several important enhancements that continue to improve its operability.

Installation and Configuration Management

Reducing Upgrade Risks

Istio 1.6 introduces canary support for upgrading versions of the Istio control plane, enabling users to deploy numerous releases of Istiod within the same cluster and migrate pods to a newer version. This will significantly reduce any risks that arise when carrying out upgrades in a production cluster. When installing new control plane versions, the istioctl the command-line tool now supports assigning names to versions that can be utilized when assigning workloads to each specific Istiod version running in the service mesh.

Remote Control Planes

In Istio 1.6, a single control plane can support managing the data planes in multiple meshes. The Istio Operator now has experimental support for configuring the data plane, the Envoy proxy sidecar mesh, in one Kubernetes cluster to use the control plane, Istiod, in a remote cluster.  

preview Installation Profiles

istioctl now provides preview installation profiles. This allows users to try out experimental features before deciding to implement them.

Removal of Helm Installation

Istio 1.6 has removed a user’s ability to install and control their Istio meshes directly using the helm command-line tool, even though istioctl and the operator still uses Helm charts.

Traffic Management

Updated VirtualService Resource

Istio 1.6 has introduced an optional delegateparameter for HTTP path-based routes for the VirtualServiceresource. This new feature can be utilized as a sort of virtual boundary when defining several routes for one service.

WorkloadEntry to Support External Workloads

Istio has added the WorkloadEntry resource to support workloads that lie outside an Istio mesh’s Kubernetes cluster. Envoy proxies can be installed on either virtual or physical servers which allows workloads on those nodes to join an Istio mesh. This helps streamline interactions with all workloads throughout the mesh.

Customized Proxy Configurations for Workloads

Users can now add the annotation proxy.istio.io/config to the workload’s PodSpec and setting to an inline ProxyConfig definition to override the default configurations for their mesh’s Envoy proxy on a per-workload basis.

Telemetry

Default Annotations for Prometheus Configuration

Istio 1.6 introduced alpha support for default annotations to configure metric scraping using Prometheus for both the Istio control plane workloads and proxies. These defaults are used when users install Prometheus with istioctl.It is important to note this Prometheus configuration will not have application security features enabled and users should consider managing Prometheus within their production clusters directly to ensure security and scalability.

Customizable Metrics

Istio telemetry version 2 adds options for metrics customization so users can configure metric labels based on connection request and response attributes.

Istio 1.6 has introduced several user-friendly enhancements that contribute to end users’ operational experience of running the Istio service mesh. With this latest set of added feature enhancements and functionality, users should benefit from simpler installation, traffic management, and telemetry configuration as the Istio project continues to advance its offering.