Istio 1.5 Brings a Binary Installer, WASM-Based Extensibility for Envoy
The newest version of the open source Istio service mesh, version 1.5, comes with a fresh installer to simplify the deployment process, along with a new extension model, based on WebAssembly (WASM), to help proxy servers better filter traffic.
The development team behind Istio mark the 1.5 release as a major one for the project, and one that demonstrates the success of their quarterly release cadence. This is the fifth release to meet the deadline of that schedule.
The new installer comes courtesy of a rearchitecture of Istio into a more monolithic codebase, one that allows the control plane to be installed as a single binary. The new installer, called Istiod, remains consistent with existing APIs and runtime components. This feature could pave the way for the possibility of installing Istio by way of a Kubernetes Operator.
By introducing WASM, Istio can integrate its own already-considerable extensibility model, with Envoy‘s, the data plane most frequently used with Istio. “WASM will give developers the ability to safely distribute and execute code in the Envoy proxy — to integrate with telemetry systems, policy systems, control routing and even transform the body of a message,” a web page announcing the new version promised. This approach should be more efficient for developers as well.
Service mesh technologies continue to gain user adoption, as more organizations move to Kubernetes and find a need for more sophisticated network and policy management. Istio, which was released as open source by Google, remains the most popular choice, though other entrants such as Buoyant’s Linkerd and HashiCorp’s Consul remain viable choices as well.
Other new features include the long-awaited command-line installation, by way of the istioctl configuration tool. Security has been enhanced through the support of auto mTLS (in Beta) as well as through improved support of security policies. Telemetry got a big boost with this release as well. Metrics for raw TCP connections (in addition to HTTP) are being captured now, and gRPC workloads are now more closely monitored.