Istio is striving for a ‘gloriously dull’ future

Istio security
Istio security

Service mesh Istio is looking to become “sleeker, smoother, and faster”, reworking how it approaches extensibility, lifecycle management, and the project’s general architecture.

In a blog post detailing the plans for the near future, the Istio team sums up its intention by writing “Using Istio in production should be a seamless experience; performance should not be a concern, upgrades should be a non-event and complex tasks should be automated away.”

One of the central points to this endeavour is a new extensibility model. Up until now the project used a component called Mixer to let users add functionality, but since it added quite some overhead Istio is now looking into WebAssembly as an alternative. According to the team, “the Istio community is leading the implementation of a WebAssembly (Wasm) runtime in Envoy, which lets us implement extensions that are modular, sandboxed, and developed in one of over 20 languages.”

The new approach is meant to improve performance, and while Mixer use-cases mostly comprised policy enforcement and telemetry tasks, Wasm extensions will offer additional capabilities such as transforming payloads which means they “can do the same things as modules built into Envoy”. This should help the project to become more of a “boring” staple, as the team writes that the investment in the new approach will increase “the pace of innovation in the service mesh space [..] while Istio focuses on being gloriously dull.”

Advertisement

To soften the blow for those invested in their Mixer extensions, the Istio team apparently helps porting old customisations to the new platform, offering practical support to partnering organisations among other things. And if that isn’t an option, Mixer isn’t dropping off the face of the earth either, but turning into a “separately released add-on”.

Another change the project is about to see is the simplification of its structure. Features of Pilot, Citadel, Galley, and the sidecar injector will ship as a single component called Istiod starting in version 1.5 of the project. 

While this clearly goes against the trend of splitting software systems up, the consolidated structure has its perks as anyone who ever had to find a bug in a distributed system will surely be able to confirm. Besides reducing the time to diagnose an issue, the new component is meant to help reduce maintenance costs and complexity during installation.

Speaking of the latter, the project recently moved to an operator-based installation with modes to accommodate both human and programmatic triggers. The next step will be the introduction of a canary functionality, allowing users to run old and new versions alongside each other, gradually switching from one to the other.

Other todos on the Istio’s team’s 2020 list include a further stabilisation of security features, continued work on multi-cluster/multi-network clusters, and making the tool more independent from Kubernetes and other projects. The latter will be especially interesting to see, given the heavy focus on the container orchestrator in the cloud native realm.

- Advertisement -