Istio 1.0 has arrived: All core features are ready for production use
It’s been almost two years since Istio came into being and now the highly-anticipated milestone has been reached: 1.0 is here. All the core features are now ready for production use. Does it have what it takes to become the de facto service mesh for Kubernetes? Let’s find out.
It’s not far-fetched to say that Istio is one of the hottest open source projects right now; anyone who’s interested in microservices, containers and even serverless will find it useful.
It all began with the desire to offer an answer to the growing need for a service mesh within cloud-native environments and now, as Brian Harrington, Chief Architect at CoreOS wrote in a recent blog post, Istio is on the road of becoming “a category leading service mesh (essentially a configurable infrastructure layer for microservices) for Kubernetes.”
Today, we’re celebrating the general availability of Istio 1.0. All the core features are now ready for production use.
If you are already familiar with the features presented in 0.8, you should know that the list of new features presented in 1.0 is not that long; the team chose to focus on fixing bugs and improving performance.
Istio 1.0 highlights
- Multiple Kubernetes clusters can now be added to a single mesh and enabling cross-cluster communication and consistent policy enforcement. Multi-cluster support is now Beta.
- Networking APIs that enable fine-grained control over the flow of traffic through a mesh are now Beta. Explicitly modeling ingress and egress concerns using Gateways allows operators to control the network topology and meet access security requirements at the edge.
- Mutual TLS can now be rolled out incrementally without requiring all clients of a service to be updated. This is a critical feature that unblocks adoption in-place by existing production deployments.
- Mixer now has support for developing out-of-process adapters. This will become the default way to extend Mixer over the coming releases and makes building adapters much simpler.
- Authorization policies which control access to services are now entirely evaluated locally in Envoy increasing their performance and reliability.
- Helm chart installation is now the recommended install method offering rich customization options to adopt Istio on your terms.
- A lot of effort went into performance including continuous regression testing, large-scale environment simulation and targeted fixes. More details coming soon.
Although Istio 1.0 looks promising, this project is a work in progress. The team “heard consistent themes around support for hybrid-cloud, install modularity, richer networking features and scalability for massive deployments.”
- Fleet-wide visibility: Failures happen, and operators need tools to stay on top of the health of clusters and their graphs of microservices. Istio produces detailed monitoring data about application and network behaviors that is rendered using Prometheus & Grafana, and can be easily extended to send metrics and logs to any collection, aggregation and querying system. Istio enables analysis of performance hotspots and diagnosis of distributed failure modes with Zipkin tracing.
- Resiliency and efficiency: When developing microservices, operators need to assume that the network will be unreliable. Operators can use retries, load balancing, flow-control (HTTP/2), and circuit-breaking to compensate for some of the common failure modes due to an unreliable network. Istio provides a uniform approach to configuring these features, making it easier to operate a highly resilient service mesh.
- Developer productivity: Istio provides a significant boost to developer productivity by letting them focus on building service features in their language of choice, while Istio handles resiliency and networking challenges in a uniform way. Developers are freed from having to bake solutions to distributed systems problems into their code. Istio further improves productivity by providing common functionality supporting A/B testing, canarying, and fault injection.
- Policy Driven Ops: Istio empowers teams with different areas of concern to operate independently. It decouples cluster operators from the feature development cycle, allowing improvements to security, monitoring, scaling, and service topology to be rolled out without code changes. Operators can route a precise subset of production traffic to qualify a new service release. They can inject failures or delays into traffic to test the resilience of the service mesh, and set up rate limits to prevent services from being overloaded. Istio can also be used to enforce compliance rules, defining ACLs between services to allow only authorized services to talk to each other.
Check out the entire list of benefits here.