Istio 1.1 is enterprise-ready
It’s been eight months since Istio 1.0 was released so now it’s time to welcome the next version. The theme for 1.1 is Enterprise Ready, which means the team has worked hard to make sure companies using Istio will have a smooth ride.
It’s not far-fetched to say that Istio is one of the hottest open source projects right now; anyone who’s interested in microservices, containers and even serverless will find it useful.
It all began with the desire to offer an answer to the growing need for a service mesh within cloud-native environments and now, as Brian Harrington, Chief Architect at CoreOS wrote in a blog post last year, Istio is on the road of becoming “a category leading service mesh (essentially a configurable infrastructure layer for microservices) for Kubernetes.”
Today, we’re celebrating the release of Istio 1.1. Since this service mesh is beginning to receive more attention from the enterprise world, the team has worked hard to make sure companies using it have a smooth ride; that’s why the theme of this release is enterprise-ready.
Istio 1.1 highlights
- Data plane and the control plane are now more efficient.
- The team has done work around namespace isolation. You can now use Kubernetes namespaces to enforce boundaries of control and ensure that your teams cannot interfere with each other.
- Improved multicluster capabilities and usability. There’s a new component called Galley, which validates YAML, therefore reducing the chance of configuration errors. Galley will also be instrumental in multicluster setups, gathering service discovery information from each Kubernetes cluster. The team is also supporting additional multicluster topologies including single control plane and multiple synchronized control planes without requiring a flat network.
- The team has increased the control plane and envoy sidecar’s required CPU and memory. It is critical to ensure your cluster have enough resource before proceeding the update.
- Istio’s CRDs have been placed into their own Helm chart
istio-init. This prevents loss of custom resource data, facilitates the upgrade process, and enables Istio to evolve beyond a Helm-based installation. The upgrade documentation provides the proper procedures for upgrading from Istio 1.0.6 to Istio 1.1. Please follow these instructions carefully when upgrading. If
certmanageris desired, use the
--set certmanager=trueflag when installing both
istio-initand Istio charts with either
- The 1.0
istio-remotechart used for multicluster VPN and multicluster split horizon remote cluster installation has been consolidated into the Istio chart. To generate an equivalent
istio-remotechart, use the
- Addons are no longer exposed via separate load balancers. Instead, addons can now be optionally exposed via the Ingress Gateway. To expose an addon via the Ingress Gateway, follow the Remotely Accessing Telemetry Addons guide.
- The built-in Istio Statsd collector has been removed. Istio retains the capability of integrating with your own Statsd collector, using the
ingressseries of options for configuring a Kubernetes Ingress have been removed. Kubernetes Ingress is still functional and can be enabled using the
--set global.k8sIngress.enabled=trueflag. Check out the Securing Kubernetes Ingress with Cert-Manager for how to secure your Kubernetes ingress resources.
PS: Don’t forget to check out the updated documentation before you take Istio 1.1 for a spin!