All meshed up: Istio 1.6 welcomes legacy workloads, improves the upgrade process

All meshed up: Istio 1.6 welcomes legacy workloads, improves the upgrade process
Istio security

Istio 1.6 has landed, improving traffic management, telemetry, VM support, and overall usability of the service mesh – just as the team promised in early March.

In its second big release of the year, the Istio team has put its focus on making the project easier to use, by for example continuing work on Istiod, a module meant to simplify Istio installations by combining services. 

Upgrading is also said to have become less stressful, since the project now allows canary releases. Through this change, admins can install new and old Istio control plane versions alongside each other and tell proxies which one to use. The idea is they’ll be able to make sure everything runs smoothly before transitioning all services to a new iteration of the mesh. Additionally, a new command, istioctl upgrade, has been introduced for in-place cluster upgrades.

Speaking of istioctl, the command line tool now allows key:value list selection when using –set flag paths, and is able to handle deleting and setting non-scalar values when the Kubernetes overlays patching mechanism is used. Kubernetes users who’ve already tried their hand at the appProtocol field which was part of the 1.18 release, will save some time with this Istio release, since they “no longer need to append the name field in your Service to denote the protocol.” Experimental support for the Kubernetes Service APIs is also part of the 1.6 package.

However, it’s not all fun and containers, as a recent trend acknowledges. Current setups are still a technology mix and full-containerisation is still some years away, although the question if this indeed is something to aim at still stands. The most interesting functional addition therefore surely is the concept of a workload entry

The new endpoint is meant to help users who want to add workloads that aren’t containerised, like those running in virtual machines, to a mesh and essentially treat them as pods. To signal that this is really worth building on, the team also promised more support for such workloads “over the coming releases.” 

Another thing that luckily gets more traction these days is proper monitoring, which Istio 1.6 also supports with a couple of enhancements. To work better with monitoring platform Prometheus, for example, scrape annotations were added to proxies and control plane workloads, while Grafana users can look forward to updated dashboards. 

Istio now also comes with experimental support for request classification filters, enabling operators to configure new attributes for telemetry (like labels for different sorts of traffic), and a mesh-wide tracing config API.

Security, which was also noted as a focal point for 2020 developments, meanwhile didn’t play as big of a part in this release. However the addition of JSON web token caching to the Istio-agent and fixed Istio Agent certificate provisioning grace period calculation is surely something many users will appreciate.