Istio 1.7 and Solo.io Product Updates

Betty Junod | August 25, 2020

The latest release of Istio service mesh is now available. With version 1.7, the community continues to push along in the direction of improving usability, security, and reliability.

At Solo.io, we build application networking solutions including; Service Mesh Hub to manage multi-cluster Istio environments and the Developer Portal to catalog, expose, and manage running APIs in a Istio cluster, WebAssembly Hub to build/share wasm modules for Istio, and Gloo our API Gateway that integrates with Istio. 

As fans of Istio service mesh, we are excited for the latest 1.7 release. On Tuesday Aug 25th, Christian Posta (Field CTO) and Dan Berg (IBM, Istio) talked about the latest release and the recent changes to the community steering committee on this livestream.

Key highlights of the release include:

  • Security: Egress gateways that do TLS/mTLS origination can provision client certs as secrets, trust domain validation now includes TCP traffic validation, communicating with your CA with ECC cryptography for efficient security, and Gateways now run, by default, as non-root.
  • Ease of Use: This release focuses on improving the istioctl user experience including the ability to warn users if DestinationRule misconfigured to be insecure, when the deprecated Mixer resource is used, to easily uninstall components, and more.
  • Day 2 Operations: Improvements for production operations include the ability to delay application start until after the sidecar is started, ability to use the Istio Operator for canary upgrades of the control plane, more metrics exposed and improvements to the Prometheus pipeline for better observability, and more.
  • Virtual Machine Support: While an alpha feature, the latest release includes security enhancements like automatic cert rotation, a secure bootstrapping process, and the ability to validate the proxy status for VMs on the service mesh.

Learn more and get the full release details and links to documentation, here.

If you’re interested in how Istio is bringing virtual machine workloads to the service mesh and more detail around the enhancements to this feature, check out this article by Christian Posta and watch the demo below.

 

Service MeshHub 0.7.1

Since the last release, we have been focusing on refactoring the internals of Service Mesh Hub, improvements to stability, and support for Istio 1.7 for the latest 0.7.1 release. Additional new features include expanded discovery of Kubernetes workloads controlled by DaemonSets and StatefulSets in addition to Deployments and TrafficPolicy translation to support multi-cluster subset routing for Istio.

To better stabilize the base of Service Mesh Hub, we’ve overhauled the architecture of the discovery and networking service, stabilized the garbage collection to be scoped only to objects managed by Service Mesh Hub, exposed more data to help with debugging, and did a little code reorganization.

NOTE: As part of this refactoring, there are some breaking changes to users of the previous versions of Service Mesh Hub that can be found here.

Service Mesh Hub is open source and community meetings are held every other Wednesday at 10am Pacific Time — check out the agenda, add your topics, and we hope you’ll join us online.

Developer Portal for Istio

The Developer Portal for Istio allows users of Istio service mesh to effectively catalog, document, and expose their running APIS securely. A unique solution available for Istio users, version 0.4.7 has been tested and validated to work with Istio 1.7. Request an evaluation to try the Portal and check out the latest tutorial on how to rate limit Istio services using the Developer Portal.

Gloo API Gateway

A popular use case is to have Gloo serve as Ingress for an Istio cluster with mutual TLS (mTLS) communication between Gloo and the rest of the cluster. Istio does come with a default gateway and can replace it with Gloo to do additional things like message level transformations, Swagger and gRPC reflection support, end user auth workflows with things like OAuth/OIDC/LDAP, Web Application Firewall, and more. The current version of Gloo has been tested and validated to support the latest release of Istio. Try the integrated mTLS use case using the tutorial here.

What’s Next

We are continuing to work on the updates to the wasme CLI and Developer Portal to support Istio 1.7. Meanwhile, check out the latest Istio release and the updated integrations from Service Mesh Hub and Gloo. Visit our GitHub repo to track progress, file any issues or suggestions. 

Back to Blog