Istio 1.5, service mesh simplified
As the recent CNCF survey suggests (page 7), Istio is one of the most popular service mesh technologies on the market today.
The biggest obstacle in Istio's production adoption so far has probably been that the complexity and domain knowledge required to operate a mesh was too high. The Istio community has realized this and has taken multiple steps to improve the usability and reduce the complexity of Istio.
In Istio 1.5, another step was made toward these goals.
Istio's control plane has been rearchitected to be
In this post, you'll learn:
- about the new features of Istio 1.5, highlighting
- how you can install Istio 1.5 using Backyards (now Cisco Service Mesh Manager) and the open-source Banzai Cloud Istio operator, and
- how you can observe and manage the mesh with Backyards (now Cisco Service Mesh Manager), our multi and hybrid-cloud enabled service mesh platform.
Istio 1.5 introduction
We will introduce
istiod first, then list some other
notable features of Istio 1.5, and finally discuss some of
the known issues of the current 1.5.0 release.
Prior to Istio 1.5, the Istio control plane had a microservice architecture with the following components:
- Pilot: data-plane configuration server
- Galley: configuration validation
- Sidecar Injector: injecting sidecar containers to data plane components
- Citadel: certificate signing, secret generation
- Mixer: aggregating telemetry
In Istio 1.5, there is only one service called
which is responsible for all of the features mentioned above
(except for Mixer, which is dropped in favor of telemetry V2
where telemetry is aggregated in the sidecar proxies
Please note, that this architectural change requires a data plane upgrade when upgrading to Istio 1.5!
"Why was this change made?" you may ask.
To reduce complexity. That's it. There are no added or lost features with this architectural change itself. The only difference is that only one component is responsible now for all of these features.
While on its own this architectural change does not add huge benefits to Istio users, it paves the way to simplifying the management of an Istio service mesh in the future:
- With a single component it will be easier to implement multiple Istio control planes in a single cluster
- With multiple control planes, dual control plane upgrade will be a reality
- Performance is already increased as the network communication overhead is reduced between the components
- Easier debugging (you only need to search through logs of one component)
These advantages can be valuable in the future to accelerate the production adoption of Istio.
If you want a head-start in adopting Istio, try out Backyards (now Cisco Service Mesh Manager), our service mesh product built on Istio Contact us, if you'd like to see a demo or use Backyards in production!
Other Istio 1.5 features
- Adding extensibility to data plane sidecar proxies with WebAssembly
- Auto mTLS is enabled by default
- Mixerless telemetry is enabled by default (including TCP protocol support)
- SDS is stable and enabled by default
The full list of changes can be found here.
Istio 1.5 issues
There is a feature gap between the Mixerless (also called Telemetry V2) and the Mixer telemetry. If you need one of those listed features (e.g. egress gateway or Black hole telemetry), then you should keep using Mixer telemetry for now.
In Istio 1.5.0 the multi-cluster scenarios are not working!
For Backyards (now Cisco Service Mesh Manager) customers: the upcoming 1.2 version of Backyards, will support both Istio with telemetry v2, and Mixer telemetry. More importantly, even though multi-cluster is broken in Istio 1.5.0, in Backyards 1.2 it will be a fully functioning feature as it always has been.
Try it out!
The following procedure walks you through the process of:
- creating a cluster
- installing Istio using our open-source Banzai Cloud Istio operator
- installing a preview version of [Backyards 1.2]
- installing a demo application to showcase Istio 1.5
You can test all this for yourself in less than 10 minutes, which includes the time it takes to install Istio.
Create a cluster
To test Backyards, you'll need a Kubernetes cluster.
I created a Kubernetes cluster on AWS, using Banzai Cloud's lightweight, CNCF-certified Kubernetes distribution, PKE via the Banzai Cloud Pipeline platform. If you'd like to do likewise, create your clusters on any of the several cloud providers we support, or on-premises using the free version of Banzai Cloud's Pipeline platform.
The easiest way to install Istio 1.5, Backyards (now Cisco Service Mesh Manager), and a demo application on a new cluster is by using the Backyards CLI.
You can grab this release candidate build of the Backyards CLI.
This is not a GA release yet, so make sure you download the appropriate release.
Make sure that
KUBECONFIGis set for the cluster where you want to test Istio 1.5.
Run the following command, and watch as Backyards starts a brand new production-ready Istio mesh in just a few minutes!
The following command first installs Istio 1.5 using the open-source Banzai Cloud Istio operator, then installs Backyards (now Cisco Service Mesh Manager) itself as well as a demo application. After the installation of each component has finished, the Backyards UI will automatically open and send some traffic to the demo application.
$ backyards install -a --run-demo
The Backyards UI should automatically open in a browser tab and you should see the traffic flowing through the demo microservices.
At this point, you can try out any of the supported Backyards features easily.
You can validate that
istiod is running on your cluster
$ kubectl get po -n=istio-system NAME READY STATUS RESTARTS AGE istio-ingressgateway-5dd978cf7d-zt4ps 1/1 Running 0 6m54s istio-operator-operator-0 2/2 Running 0 7m20s istio-telemetry-5f7b4fd758-vkxm6 2/2 Running 0 7m12s istiod-5b7bf58755-szlf4 1/1 Running 0 47s
Switch to multi-component control plane
istiod has its benefits, Istio 1.5.0
still has issues. To mitigate these
problems, in Backyards you can switch to the old
multi-component control plane model with ease.
Changing between istiod and the multi-component control plane model requires a data plane upgrade!
Run the following command:
$ backyards istio install --without-istiod
Then check that multiple Istio control plane components are running on your cluster:
$ kubectl -n=istio-system get po NAME READY STATUS RESTARTS AGE istio-citadel-68cf6485c9-2l6xc 1/1 Running 0 9m40s istio-galley-6dc7dd56b4-fr98j 1/1 Running 0 9m40s istio-ingressgateway-86dbb78b6d-8l9qz 1/1 Running 0 6m48s istio-pilot-6b6cb8f4bd-q4qbk 2/2 Running 0 3m40s istio-sidecar-injector-7b568bcbc8-mhbd4 1/1 Running 0 9m40s istio-telemetry-6d4fcddbb4-tjvwx 2/2 Running 0 3m44s
The data plane needs to be restarted in this case to function properly:
$ kubectl delete po -n=backyards-demo --all
To remove the demo application, Backyards, and Istio from your cluster, run the following command, which removes all of these components in the correct order:
$ backyards uninstall -a
Istio 1.5 made another step towards reduced complexity, better security, and higher stability which likely predestines Istio to increased production adoption in the future.
To accelerate your Istio adoption, make sure to
check out Backyards 1.2. It
will come with Istio 1.5,
istiod by default, telemetry
aggregated by mixerless telemetry and much more.