Istio 1.6 Improves Operability and Enhances Simplicity
Istio's latest release, version 1.6, at first glance may seem to carry less weight, but it includes many important enhancements that improve operability.
Join the DZone community and get the full member experience.Join For Free
Significant changes were made to the Istio service mesh in its version 1.5 release earlier this year, including notable modifications to the control plane architecture and the creation of a single model for extending Istio and its Envoy proxies using WebAssembly. Istio’s latest quarterly release, version 1.6, at first glance may seem to carry less weight in comparison, however, this update includes several important enhancements that continue to improve its operability.
Installation and Configuration Management
Reducing Upgrade Risks
Istio 1.6 introduces canary support for upgrading versions of the Istio control plane, enabling users to deploy numerous releases of Istiod within the same cluster and migrate pods to a newer version. This will significantly reduce any risks that arise when carrying out upgrades in a production cluster. When installing new control plane versions, the
istioctl the command-line tool now supports assigning names to versions that can be utilized when assigning workloads to each specific Istiod version running in the service mesh.
Remote Control Planes
In Istio 1.6, a single control plane can support managing the data planes in multiple meshes. The Istio Operator now has experimental support for configuring the data plane, the Envoy proxy sidecar mesh, in one Kubernetes cluster to use the control plane, Istiod, in a remote cluster.
preview Installation Profiles
istioctl now provides
preview installation profiles. This allows users to try out experimental features before deciding to implement them.
Removal of Helm Installation
Istio 1.6 has removed a user’s ability to install and control their Istio meshes directly using the
helm command-line tool, even though
istioctl and the operator still uses Helm charts.
Istio 1.6 has introduced an optional
delegateparameter for HTTP path-based routes for the
VirtualServiceresource. This new feature can be utilized as a sort of virtual boundary when defining several routes for one service.
WorkloadEntry to Support External Workloads
Istio has added the
WorkloadEntry resource to support workloads that lie outside an Istio mesh’s Kubernetes cluster. Envoy proxies can be installed on either virtual or physical servers which allows workloads on those nodes to join an Istio mesh. This helps streamline interactions with all workloads throughout the mesh.
Customized Proxy Configurations for Workloads
Users can now add the annotation
proxy.istio.io/config to the workload’s
PodSpec and setting to an inline
ProxyConfig definition to override the default configurations for their mesh’s Envoy proxy on a per-workload basis.
Default Annotations for Prometheus Configuration
Istio 1.6 introduced alpha support for default annotations to configure metric scraping using Prometheus for both the Istio control plane workloads and proxies. These defaults are used when users install Prometheus with
istioctl.It is important to note this Prometheus configuration will not have application security features enabled and users should consider managing Prometheus within their production clusters directly to ensure security and scalability.
Istio telemetry version 2 adds options for metrics customization so users can configure metric labels based on connection request and response attributes.
Istio 1.6 has introduced several user-friendly enhancements that contribute to end users’ operational experience of running the Istio service mesh. With this latest set of added feature enhancements and functionality, users should benefit from simpler installation, traffic management, and telemetry configuration as the Istio project continues to advance its offering.
Opinions expressed by DZone contributors are their own.
Top 10 Pillars of Zero Trust Networks
Getting Started With the YugabyteDB Managed REST API
File Upload Security and Malware Protection
Merge GraphQL Schemas Using Apollo Server and Koa