Developers behind Istio, the open source Envoy-based service mesh, recently announced release of version 1.8, in which the amount of new features might surprise those who are not familiar with the cloud-native landscape.
Although minor point releases of traditional software usually don't mean much more than bug and security fixes, the same is not true in the cloud-native world, where technology is advancing so rapidly that every release usually means new features, as well as the expected bug and security fixes.
Istio is one of the most well known service meshes, a relatively new technology for managing microservices across an assortment of infrastructures, be it on-premises data centers, cloud-hosted, in Kubernetes containers, or in services running on virtual machines. The software is supported and distributed by large vendors like IBM, Red Hat, and VMware, small startups like Tetrate, and all of the large public clouds.
The project was started by Google and IBM in partnership with the Envoy team at Lyft.
"While it is a point release, it's just like Kubernetes," Daniel Berg, a distinguished engineer at IBM Cloud Kubernetes Service and Istio, told DCK. "These minor point releases, there are actually the big changes there. New features and stuff were delivered into this one."
Berg said that one of the biggest changes in the new release is in the way that Istio handles extensions that can be used to add capabilities to the service mesh's data plane, the part of the mesh where all the heavy lifting is done. In the past, extensions required the use of Istio's Mixer function, which was tedious and difficult to deploy, requiring users to create custom adapters. Mixer also introduced a single point of failure and other problematic performance issues.
To solve these issues, Mixer has been replaced with WebAssembly, a new feature that started being introduced in stages with Istio 1.6. Berg said that WebAssembly extends directly into the Envoy sidecars, the small automatically deployed utility containers that are key to how Envoy and Istio work. This eliminates any centralized single points of failure that were possible with Mixer.
"With 1.8, mixer is officially gone," he said. "Mixer has been removed out of the architecture, and WebAssembly is what we're driving forward now. We're working with various vendors in the industry to make it easier to create WebAssembly extensions, and to make them available for reuse to do all kinds of really interesting things in users' service meshes."
We wondered what this means for users who are still deploying Mixer extensions.
"Mixer has been deprecated for a long time, so hopefully they haven't been building too many Mixer adapters," Berg said. "We do have a migration guide that helps folks understand how to move from mixer adapters to WebAssembly, and plenty of examples of how to build WebAssembly extensions. If they are using mixer and they need those mixer adapters, they should stay in 1.7, but fundamentally, they're going to have to migrate those mixer adapters over to WebAssembly, and there are plenty of examples of how to do that."
There have also been several improvements to Istio's complicated installation process. Berg said that Istio now officially supports installing using Helm3. You can also use the project's operator-based installer, or install with YAML.
"We now have an installation guide to help users understand which installation process works best for them," he said. "Depending on their current development and delivery processes, different ones are going to work out better for them."
Another big installation change is that it is now possible to update the gateways and control plane independently of each other. Previously, updating Istio was an all-or-nothing affair, which made it difficult to do a partial deployment to check for performance hits or other issues before rolling out Istio system-wide.
Another feature that enters Isto 1.8 as a not-ready-for-prime-time alpha feature is a new DNS proxy that will make it easier to extend the service mesh outside Kubernetes clusters to include things like virtual machines. Berg says this can currently be done manually, but the new DNS proxy will be able to automatically add a virtual machine as easily as if it were a container cluster.
Berg told us that as an Istio co-founder, IBM has been especially interested in developing features such as the DNS proxy, which helps make Istio more valuable in the type of hybrid multi-cloud environments that are core to IBM's hybrid cloud strategy.
"From an IBM point of view, we've been pushing to have a better support for hybrid cloud with the VM integration, DNS proxy, and improvements in the install process," he said. "We also have an improvement to the external control plane, which has now been promoted to alpha, and this is something we've been pushing in support of hybrid scenarios as well. It allows us to decouple the Istio control plane management from the data plane management, so that they don't have to run in the same Kubernetes cluster anymore. They can be isolated from one another and run independently from one another."
