Service mesh Istio is now available in version 1.2. Since the last release took a bit longer than expected, the focus for the current iteration of the project has been on improving the underlying infrastructure as well as the stability of the features added in the last couple of months.
To help establish a practice of good and regular releases, the Istio team spent some energy on improving the build, test, and release process. The work on that isn’t done yet, with sub-teams just getting into the nitty gritty of figuring out how to measure their output.
With all that said, Istio 1.2 doesn’t bring a terrible lot of new features but those that made it in there are well worth a look. They for example include experimental IPv6 support for Kubernetes clusters, a way to set HTTP idle timeouts to upstream services, support for sending traces to monitoring platform Datadog and the ability to configure the DNS refresh rate for sidecar Envoys.
The stabilisation work has led to certification management on ingress, configuration resource validation, and configuration processing with Galley reaching beta status. Meanwhile important features such as distributed tracing, and service tracing have left that stage behind and are ready for the main stage now. In terms of security, version 1.2 saw the addition of a way to configure the secret path for Istio mutual TLS certificates as well as support for PKCS 8 private keys for workloads. On top of that, JWT public key fetching should be more resilient to network failure in the release.
If you’re new to the whole service mesh game, Istio can be used to create service networks and makes use of sidecar proxies to intercept network communication. The later is necessary to realise load balancing and monitoring for example, but it is also needed for authentication and access control.
Istio made its debut to the cloud native world in 2017 and was developed by Lyft, Google, and IBM. The project reached v1.0 back in August 2018.