Explore What’s New in Istio 1.19

In the ever-evolving landscape of cloud-native technologies, service mesh has emerged as a key component for simplifying the management of microservices-based applications. As the leading open source service mesh, Istio and Ambient mesh stand out as a powerful and versatile–as well as widely adopted–solution.

With its new release, Istio 1.19 is poised to bring a wave of enhancements, features, and optimizations to further elevate the capabilities of service mesh management. Let’s dive into the exciting offerings that Istio 1.19 brings to the table.

What’s New in Istio 1.19

Istio 1.19 features more than 90 updates, fixes and improvements across traffic management, telemetry, installation, extensibility, and other areas. Thanks to the many contributors and maintainers who helped bring this release to life!

In this post, we’ll highlights a couple of interesting updates and enhancements the new release brings. For a full list of changes, refer to the Istio 1.19 release notes.

If you’re upgrading from 1.18.x to 1.19, make sure you consider the changes in the upgrade notes. There are a couple of changes that can affect the upgrade.


Enhanced Traffic Management

Istio has always been renowned for its traffic management capabilities, and Istio 1.19 takes it a step further. The upcoming release introduces various improvements and fixes:

cipher_suites Support for Mesh-internal Traffic Through MeshConfig API

A new feature in Istio 1.19.0 allows mesh operators to use MeshConfig to set the cipher_suites to be used for mesh-internal traffic.

In previous versions, configuring TLS parameters such as TLS versions, TLS cipher suites, curves, etc. was only possible using an EnvoyFilter resource. You can now use this feature when you need to use a specific TLS version or cipher suite for mesh-internal traffic (when using TLSv1.2).

Check out this new lab that shows how the cipher_suites support works.


Ambient Mesh Enhancements

A number of improvements have been made for Ambient mode. Visit these labs for more details on new Ambient mesh features in Istio 1.19.

Support for PeerAuthentication Policies in Ambient

Support for PeerAuthentication resource in Ambient mesh allows us to configure how the traffic gets tunneled and whether it allows mTLS traffic only or both plaintext and mTLS traffic.

Check out this hands-on lab to explore PeerAuthenticaiton’s STRICT and PERMISSIVE mode in action.

Ambient Support for ServiceEntry and WorkloadEntry

ServiceEntry resource support in Ambient mesh allows us to add additional entries into Istio’s internal service registry. With the ServiceEntry resource we can use properties such as DNS name, VIPs, ports, protocols, and endpoints to describe the service.

This lab walks you through the ServiceEntry and WorkloadEntry resources in Ambient mesh, and you’ll learn how different configurations impact the ztunnel configuration in the mesh.


Security Enhancements

Security is a top concern for any application architecture. Istio 1.19 introduces a new TLS mode (OPTIONAL_MUTUAL), a new flag that’s usef for SPIRE integration, CRL support and other fixes.

  • New TLS mode: new TLS mode called OPTIONAL_MUTUAL added to the Gateway, and it validates the client certificate if present, but doesn’t mandate it
  • insecureSkipVerify implementation: if set, the feature disables CA certificate and SAN verification for the host
  • New flag USE_EXTERNAL_WORKLOAD_SDS:if set, it prevents istio-proxy from starting if the workload SDS socket is not found (useful for SPIRE integration)
  • Certificate revocation list (CRL) support: by creating a Kubernetes secret called crl, you can provide a certificate revocation list and Envoy will verify the presented peer certificate has not been revoked by this CRL.


Telemetry Improvements

Observability is crucial for understanding the behavior of your applications. Istio 1.19 enhances telemetry features by introducing a couple of new metrics, ability to customize histograms and other fixes.

  • New metric: provider_lookup_cluster_failures metric was added which measures the number of times cluster lookup failed
  • New metrics: if environment variable ISTIO_ENABLE_CONTROLLER_QUEUE_METRICS is enabled, metrics for queue depth, latency and processing times are published
  • Customize histograms: added annotation sidecar.istio.io/statsHistogramBuckets for customizing histogram buckets


Installation and Configuration Improvements

Istio 1.19 places emphasis on making the installation and configuration process smoother. With improvements to the Istio operator and more intuitive installation options, developers and operators can set up and manage their service meshes with reduced friction.


Unlock Service Mesh Success with Istio and Ambient Mesh

Whether you’re a seasoned Istio user or just beginning to explore the world of service meshes, Istio 1.19 presents a compelling array of features that can elevate your application management strategies to new heights.

Check out this new release and take advantage of these new features in your deployments.

To learn more about Istio through hands-on labs, visit these complimentary resources: