Istio 1.5 simplifies its deployment model with Istiod
The newest release of Istio, version 1.5, has landed. This new release improves CPU performance, includes a new extension model for proxy servers, and graduates some security settings. How do you follow up such a successful year as 2019? The roadmap for 2020 shows that Istio’s plans going forward include making it sleeker, smoother, and faster.
Istio version 1.5 is here. This release adds a fast, new extension model for proxy servers, improves usability and security, and adds many more enhancements. This is the fifth release according to the new quarterly release model, so a big bravo to the developers for releasing right on time.
Last year, Istio saw massive growth, improved its infrastructure, and was the #4 fastest growing project on GitHub. How do you follow up such a successful year? What is on the agenda for 2020?
Let’s review the newest features introduced in 1.5 and review the roadmap for the year ahead.
New deployment model: Istiod
Istio 1.5 introduces a simpler deployment model with the help of Istiod. This single binary consolidates the control panel, handling configuration, certificate distribution, and sidecar injection.
Istiod will help simplify operators’ workload by reducing the number of moving parts. From now on, it will ship as the default for all profiles.
Istio 1.5 improves security by graduating SDS to stable and enabling it by default. SDS provides identity provisioning for Istio Envoy proxies. Users also no longer need to mount certificates on individual pods. The Node agent and the Istio agent into a single binary have been combined into one.
In addition to this, a beta authentication API has been added. According to the change notes:
The new API separates peer (i.e mutual TLS) and origin (JWT) authentication into PeerAuthentication and RequestAuthentication respectively. Both new APIs are workload-oriented, as opposed to service-oriented in alpha AuthenticationPolicy.
1.5 introduces a new default telemetry system that reduces latency and improves performance.
Telemetry v2 reduces the 90th percentile latency from 7ms to 3.3.ms. New benchmarks also show that it cuts CPU consumption in half.
Upgrading to v1.5
For more information, the getting started guide explains how to upgrade to the latest release.
A blog by the Istio team takes a look ahead at the coming year and what big plans are in store. For one, Istio plans to become “sleeker, smoother and faster” with a simplified architecture thanks to Istiod.
For 2020, security will play a big role. In v1.5 onward, automated rollout of mutual TLS will be the default setting as Istio marches forward to enabling security by default. It will also require fewer privileges and will distribute certificates with the Secret Discovery Service.
In addition, Istio plans to continue integration with more hosted Kubernetes environments and make it easier to run without Kubernetes.
In an interview with Patrick Arnold, IT consultant at Pentasys AG, we discussed the possibility of Istio becoming the new service mesh standard. Arnold said:
Definitely, I think Istio is currently enjoying the widest spread among service meshes. Usually it’s also the case at conferences that when it comes to service mesh, Istio’s language is usually the same. Istio is now supported on almost every Kubernetes platform. For me it is already the “quasi” standard.