Istio 1.0 – at your service

Containers

Nearly two years after development of Istio began, version 1.0 of the service mesh has been released to help tame complex microservice architectures.

One month of fixing bugs and tuning performance, et voilà – Istio 0.8 is ready to graduate as Version 1.0 to signalise the stability of the project. The first major release of the service mesh is meant to show that the core set of functionalities is ready for use in production, although companies such as eBay and Auto Trader UK already rely on the open source project for their services.

Some new features found their way into the release as well or at least were promoted to beta status. These include multi-cluster support, which means that multiple Kubernetes clusters can now be added to a single mesh, and networking APIs to enable fine grained control over the traffic flow within the mesh.

Other additions help collecting telemetry from interaction clients instead of only from the server-side, rolling out mutual TLS incrementally, so that not all service clients have to be updated at once, and building gRPC back-ends or adapters for the mesh.

Istio was first publicly introduced by Google, IBM, and Lyft in May 2017, to handle the complexity of today’s distributed microservice architectures. The project can be used to create networks of deployed (micro-) services which include load balancing and monitoring functionalities, as well as means of authentication and communication between the services, access and traffic control.

To realise that a sidecar proxy, that intercepts all network communication between the services, has to be deployed throughout an environment. Istio’s control plane functionality can then be used to configure and manage those proxies to route traffic.

The project uses an extended version of the open source edge and service proxy Envoy. Other elements are Mixer, to enforce access control and usage policies, Pilot for service discovery for the Envoy sidecars, traffic management and resiliency, and Citadel. The latter provides service-to-service and end-user authentication, and also handles identity and credential management.

Even though the service mesh is talked about at many Kubernetes and Cloud Native Computing events, it’s worth noting that Istio isn’t part of the CNCF – unlike Envoy. The foundation has a similar project – Linkerd – under its umbrella.