Istio 1.7 delivers hybrid cloud features
New features include multiple control plane upgrades, VM integration, and central Istiod
Today’s Istio 1.7 release offers significant improvements to Istio’s operational experience. Several new feature improvements, including control plane upgrades, virtual machine integration, and a central Istiod experience, make Istio easier to operate and expands its capabilities for hybrid cloud environments. This blog post introduces you to new features in the release, talks about IBM’s investment in Istio, and explains how Istio is crucial to developing an open hybrid cloud environment.
Multiple control plane upgrades. A valuable usability improvement is the canary upgrade feature’s integration into the operator. With this change, Istio’s canary upgrade becomes generally available and the preferred upgrade path for Istio. With a canary upgrade, you can verify a new control plane using continuous integration and Istio’s telemetry features. Once a portion of the workloads are verified, more workloads can be transferred until all are running using the new Istio control plane.
For a quick look at this feature, watch the following video:
Virtual machine integration. Istio has had virtual machine integration since its very early releases, although there were some usability concerns. With Istio 1.7, virtual machine integration is approaching beta quality. The goal of virtual machine integration is to connect virtual machine workloads to a service mesh, such that a virtual machine behaves like another workload within Istio. The new WorkloadEntry API in Istio 1.7 treats VMs like Kubernetes pods, so you can manage your infrastructure with APIs. Additionally, we implemented many security enhancements, including token bootstrapping and certificate rotation. We’re still developing the virtual machine integration, but you can use the alpha quality documentation to connect a virtual machine to a service mesh. The work is progressing rapidly with a large party of interested developers.
Central Istiod. Developed by IBM, central Istiod was partially implemented in Istio 1.6 and now is alpha quality in Istio 1.7. The benefit of central Istiod is that it is now viable to offer the decoupling of the Istio control plane from the data plane for improved operational support. In addition, Central Istiod delivers on the requirement of multitenancy and is the first step towards the mulitenancy journey for Istio.
Work led by IBMers Lin Sun And Shao Jun Ding introduces a new deployment model for Istio which enables mesh operators to install and manage the mesh control plane on dedicated clusters, separated from the data plane clusters. In the following video, Shao Jun Ding introduces you to Central Istiod.
Some other improvements in Istio 1.7 that you should know about include:
- Testing and qualification improvements. Our Istio community is getting more stringent with tests which produces a better project deliverable each release. At last count, Istio has 20k+ functional tests, and 45k+ unit tests.
- Move to Envoy xDSv3. xDS is the underlying API that presents a dataplane protocol that Istio manages. This major version change offers improved performance and scalability.
- Istio Container Network Interface. Istio’s CNI enables Istio workloads to run without elevated permissions in Kubernetes.
Istio enables workload portability, a key factor in hybrid cloud
One of the biggest challenges for delivering a hybrid cloud environment is the requirement to connect different environments together using network technology. Without connectivity, workload portability has been a challenge for delivering a true hybrid cloud experience.
IBM Cloud Satellite enables you run workloads where it makes the most sense — whether that’s public cloud, your data center or an edge location. The Istio service mesh drives the IBM Cloud Satellite distributed cloud network connectivity, delivering workload portability and interoperability.
IBM’s Istio investment
Leading in innovation. In the Istio project, our developers focus on building the technologies that we think are most important for creating and enabling an open hybrid cloud environment. Specifically, we lead the effort to enable central Istiod, the first step in a journey to multitenancy within Kubernetes. IBM is actively involved in bringing virtual machine integration to Istio, having developed much of the initial technology in Istio 1.5, 1.6, and 1.7. Finally, IBM focuses on overlapping technology enablement such that enabling one technology enables another.
Supporting the community. While some controversy surrounds Istio’s governance, the dedication of the community members gives life to the Istio project and keeps it moving forward. The strength of any project depends on these contributors, and IBM believes strongly in supporting the community and we hope that all are proud of the Istio 1.7 release.
Get involved with Istio
Here are a few ways for you to get involved with the Istio community and project:
- Get Started with Istio on your Kubernetes cluster.
- Learn about contributing to Istio.
- Join in Istio’s Slack developer communication.
Steven Dake is an open source leader at IBM. He is a maintainer within the Istio project, and serves as a workgroup lead within the Environments Working Group.