When you hear Istio, what is the first word that comes to your mind? Obviously, “service meshes.” It has become one of the most widely used service meshes to secure and control network traffic in Kubernetes clusters. Istio teams regularly update new features, and this year they rolled out Istio v1.5.

Istio v1.5 promises significant simplification of the architecture, which makes it easier to adopt and integrate with the existing stack.

The release rolled out last year were focused more on improving the performance of Istio and simplifying its installation, configuration, and also management. In fact, Istio v1.5 also continues the trend to achieve operational maturity. The critical change is the consolidation of the control plane into a single binary, called Istiod.

Istio team said that “We are dramatically simplifying the experience of installing, running, and upgrading Istio by ‘embracing the monolith’ and consolidating our control plane into a single new binary – Istiod.”

Suggested Read: Istio 101: Your one-stop solution for service mesh issues

The new release also includes significant architectural and API changes with enhanced automation and tooling. Let’s take a look at the highlights of Istio v1.5:

Istiod

Istio v1.5 is released with a major change to its control plane architecture, i.e., the sizeable array of microservices are replaced with a single, monolithic Istiod. Earlier there were six significant services in the control plane, i.e., Pilot, Citadel, The Sidecar Injector, Galley and Mixer Components, also the components which are deployed separately, i.e., optional monitoring and visibility. Now the six separate services are combined into the Istiod deployment, i.e., a single container running one application process.

WebAssembly Extension for Envoy and Istio

One of the most notable features with the new release is the Istio’s extensional model merging with Envoy using WebAssembly (popularly known as Wasm), which is a portable instruction format.

Wasm supports development in several different languages. It has full official support for few languages but the support for others are in development. The support for other languages can enable Wasm filters to be deployed to existing Istio clusters with a single command line.

Installation enabled with istioctl

The new release simplifies installation with command-line tool, i.e. istioctl, for managing Istio installation. It can be used to either install Istio directly into a cluster from a pre-defined profile or to generate a manifest that editable, committed to version control, and applied to multiple clusters for consistency.

Istio Operator Enhancements

Users can now install Istio in a cluster using the Istio operator. It replaces the previous Kubernetes Custom Resource API for the operator – IstioControlPlane. The new API is called IstioOperator API. Istio still supports the installation via Helm.

Improved Traffic Management

Istio v1.5 brings additional improvements center on the Envoy proxy. This enabled Istio to support receiving partial routing updates from Pilot, which reduces network traffic and computation. Envoy proxy enables a reliable health check-up also. The new version adds support for the locality-based load balancing which is defined in DestinationRule objects. There is also a support for HTTP proxy setting for cluster egress traffic.

Security

Istio v1.5 promises the platform security along with mesh’s workloads. Two new APIs replace AuthenticationPolicy, PeerAuthentication and RequestAuthentication. These API are in beta and AuthroizationPolicy also now supports Deny semantics for preventing override of the global controls.

Subscribe to our newsletter to get all the new updates around cloud and cloud-native technologies right into your inbox.