|Istio 1.7 Expands Capabilities for the Hybrid Cloud|
|Written by Alex Armstrong|
|Tuesday, 25 August 2020|
New feature improvements in Istio 1.7, which include control plane upgrades and virtual machine integration, make Istio easier to operate and expands its capabilities for hybrid cloud environments. First, for those not familiar with it, what is Istio and how can it help you?
Istio is a platform-independent service mesh providing traffic management, policy enforcement, and telemetry collection that enables and facilitates communication at scale between Kubernetes containers. The Istio project was started in 2017 by teams from Google and IBM in partnership with the Envoy team from Lyft. It has been developed fully in the open on GitHub and recently caused controversy when Google made it a founder member of its Open Usage Commons, thereby reneging on a long-standing commitment to contribute it to the Cloud Native Computing Foundation (CNCF).
To understand the jargon, Istio.io informs us:
The term service mesh is used to describe the network of microservices that make up such applications and the interactions between them. As a service mesh grows in size and complexity, it can become harder to understand and manage. Its requirements can include discovery, load balancing, failure recovery, metrics, and monitoring. A service mesh also often has more complex operational requirements, like A/B testing, canary rollouts, rate limiting, access control, and end-to-end authentication.
It also states:
Istio’s diverse feature set lets you successfully, and efficiently, run a distributed microservice architecture, and provides a uniform way to secure, connect, and monitor microservices.
Istio 1.7 is a major upgrade. Its first new improvement makes it easier to upgrade Istio itself. Writing on the IBM Developer Blog, Steve Dake, Open Source Leader, Cloud Native, IBM lists this feature as:
Multiple control plane upgrades. A valuable usability improvement is the canary upgrade feature’s integration into the operator. With this change, Istio’s canary upgrade becomes generally available and the preferred upgrade path for Istio. With a canary upgrade, you can verify a new control plane using continuous integration and Istio’s telemetry features. Once a portion of the workloads are verified, more workloads can be transferred until all are running using the new Istio control plane.
Reminding users that Istio has had virtual machine integration since its very early releases, Dake states that:
With Istio 1.7, virtual machine integration is approaching beta quality. The goal of virtual machine integration is to connect virtual machine workloads to a service mesh, such that a virtual machine behaves like another workload within Istio. The new WorkloadEntry API in Istio 1.7 treats VMs like Kubernetes pods, so you can manage your infrastructure with APIs. Additionally, we implemented many security enhancements, including token bootstrapping and certificate rotation.
Another fledgling feature that is progressing is that of central Istiod which, having been developed by IBM:
was partially implemented in Istio 1.6 and now is alpha quality in Istio 1.7. The benefit of central Istiod is that it is now viable to offer the decoupling of the Istio control plane from the data plane for improved operational support. In addition, Central Istiod delivers on the requirement of multitenancy and is the first step towards the mulitenancy journey for Istio.
Dake goes on to discuss workload portability and refers to the IBM Cloud Satellite, which recently launched a beta program, pointing out that Istio can be used with it for workload portability and interoperability:
One of the biggest challenges for delivering a hybrid cloud environment is the requirement to connect different environments together using network technology. Without connectivity, workload portability has been a challenge for delivering a true hybrid cloud experience.
IBM Cloud Satellite enables you run workloads where it makes the most sense — whether that’s public cloud, your data center or an edge location. The Istio service mesh drives the IBM Cloud Satellite distributed cloud network connectivity, delivering workload portability and interoperability.
or email your comment to: firstname.lastname@example.org
|Last Updated ( Tuesday, 25 August 2020 )|