Update for the latest and greatest Istio, please see the releases page on GitHub
Businesses operating at scale face several challenges. Not only must many applications be maintained - running in different environments and built in different languages - but application behavior should be monitored closely, whilst adhering to strict security policies. There is a lot to juggle.
The open service-mesh platform Istio - founded in April 2017 by Google, IBM & Lyft - provides users with the ability to connect, manage, and secure microservices. It takes care of monitoring by providing detailed logging and visibility, connectivity by giving the ability to control traffic flow between services, and also security by providing flexible authorisation policies and transparent mutual authentication/encryption.
Given that Istio can be deployed on Kubernetes, we at Jetstack have already worked with a large media customer to increase their ability to introspect network traffic and application behaviour. They can also utilise Istio’s telemetry capabilities to gain a detailed view of application behaviour and swiftly respond to issues.
This summer brought us the release of Istio 1.0. This version introduces many new features that make the product even more appealing. These improve security and make Istio more language agnostic. The Jetstack engineers working on our Istio project have reviewed the new release, and have picked out some of the key aspects that they believe will offer value.
Policy can be enforced centrally. This means there’s no more relying on developers or third party applications to enforce authentication, saving time and additional costs. Policy control is also fine-grained, and based on specific application attributes.
Business-level constructs no longer have to be tied to individual languages. For instance, you can implement resource quotas, load balancing policies, and authentication without modifying applications.
Moving from traditional infrastructure has been made easier in this release. Simply deploy your application, manage important security-related or performance-related behaviour centrally without messing with ‘legacy’ apps.
There is a significant push towards ‘zero trust networks’ in this release. There is no more firewalling from public internet, and central control plane allows visualisation of these boundaries. Security is a priority.
Built-in telemetry gives the user a detailed insight into application behaviour, and the ability to monitor the application for any issues.
Service discovery and communication across clusters and regions: Finally, true multi-region application deployments!
There are now clearly defined roles and purposes within the organisation. These include defining who manages Ingress Gateways, application quotas, rate limits, and traffic policies.
In addition to these new features, it must be noted that Istio 1.0 lays a solid foundation for a platform upon which to build more. For this reason, we have a lot to look forward to, not just in the upcoming release, but in the roadmap of the platform. You can see evidence of this in the recent announcement of Knative - which makes heavy use of the advanced traffic management features in Istio to build a higher level interface for users to interact with.
We see Kubernetes being adopted at an astounding rate with many customers already investigating service mesh options. Given how far we’ve come since v1 of Kubernetes, imagine what Istio 1.11 will look like in a couple of years!
If you want to get started with Istio today, head on over to the getting started guide or read our article on Istio OIDC Authentication. You can get set up and running using the Helm chart deployment, which will take care of getting you from zero to Istio in just a few minutes!
Interested in exploring Istio for your business? Reach out to our team at [email protected].