New Istio v1.5 brings new additional features and better performance with security








When talking about “service mesh” in a container and Kubernetes ecosystem, I am sure you would definitely have heard of the Istio tool It has become the most popular and widely used service meshes to secure and control network traffic in container space.
If you follow this space, you must be aware that the Istio team puts-in a lot of hard work to update and come up with new releases, the latest one being Istio v1.5.
So in this post, I am going to share what changes or updates Istio v1.5 brings for you.
At a high level, as Istio team puts it as :
“We’ve made it simpler to install and run Istio by consolidating the control plane components into a single binary; we’ve introduced a powerful and fast new extension model for proxy servers across the industry, and we’ve continued to improve usability, security, telemetry and traffic control.





Major Updates in the new release

1. A major change to control plane architecture, with Istiod: one of the major and most striking changes of Istio v1.5 is the architecture change in the control plane: the replacement of its sizeable array of microservices into a single new binary, Istiod.
Earlier there were six significant services in the control plane, i.e. Pilot, Citadel, The Sidecar Injector, Galley and Mixer Components, and the components which are deployed separately for optional monitoring and visibility. Now with the new v1.5 release, all these six separate services have been combined into a single Istiod deployment: a single container running one application process.
2. Config changes through Istioctl: istioctl the command-line management interface for Istio is now in beta for installation. Managing your installation via an operator is still in alpha, but the Istio team continues to improve it with a new IstioOperator API. Other updates with istioctl- it can analyze new items, better validation rules, and better able to integrate with CI systems.
3.Improved observability: another change is better and improved telemetry. The Istio Telemetry v2 now provides metrics for non-HTTP TCP connections, enhanced status codes for gRPC workloads. The new v2 telemetry system has removed mixer thereby reducing total CPU consumption by 50% and also reduces latency by half, from 7ms to 3.3 ms.
4.Improved Traffic Management: Istio v1.5 provides a more systematic and logical approach to traffic management, based on Envoy proxy. Envoy proxy now supports receiving partial routing updates from the Pilot. The Envoy proxy also enables reliable health check-ups. There is also support for the HTTP proxy setting for cluster egress traffic.
5.More Secure: Istio has always contributed to the security of cloud-native environments and v1.5 is no different. With Istio v1.5, all security policies including Auto mTLS AuthenticationPolicy(PeerAuthentication, RequestAuthentication) and authorization have now graduated to Beta.
The Istio Secret Discovery Service (SDS) is now stable and used as the default method for delivering mTLS certificates. The Node agent has been combined the Istio agent into a single binary, which means we no longer require configuration of a PodSecurityPolicy. Also, certificates are delivered directly from Istiod to every pod, so no more need to mount certificates on every pod nor have to restart Envoy when certificates change.

NOTE : This article was originally published at- https://bit.ly/2VoqqzB

Comments

Post a Comment

Popular posts from this blog

Docker Command Cheatsheet

Image
Today , I am going to share with you all, some of the commonly used Docker commands.  Docker Cheatsheet: $ docker version                               to know the current docker version $ docker version — format ‘{{.Server.Version}}’ . to get the server version Docker Container Lifecycle: $ docker create     creates a container but does not start it $ docker rename     allows the container to be renamed $ docker run           creates and starts a container in one operation $ docker rm             deletes a container $ docker rm -v    delete container and also remove the volumes associated with the container Starting & Stopping a Docker container $ docker starts      starts a container so it is running $ docker stop         ...
Read more

DevOps and Left Shift Principle, to reduce errors

Image
Generally whenever we talk about  Devops , we are mostly focussed on faster and continuous deployment, automation and monitoring the system for errors and failures. At times, what we often tend to neglect is the “ Testing ” part of a Devops implementation. So today I am going to discuss a bit about the “Left Shift” principle and how to do it in Devops way. I know that it is not a new concept but for those of you who do not know the “Left Shift” principle, let me try to elaborate. What do we actually mean by “Shifting Left”? Consider a regular software lifecycle, which typically moves from Left to Right :  Design >> Develop >> Test >> Deployment >> Production Monitoring So the “ Left Shift ” concept emphasis that the more effort that is shifted towards left or earlier in the lifecycle process, the less chances or errors or failures. In simple words, it talks about identifying the bugs and errors at an early stage (Left side)...
Read more