• Home
  • Blog
  • Sail further with Istio discovery selectors and long term support

Sail further with Istio discovery selectors and long term support

Lin Sun | May 26, 2021

A few months ago, while working with some of our large-scale customers at Solo.io, we discovered that the Istio control plane watches all Services, Pods, and Endpoints in a cluster even if only a few of these services were running in the service mesh. Our customers shared their concerns that the Istio control plane processes all of these non-relevant Services, Pods, and Endpoints in the cluster, and how it was pushing this non-relevant information as Envoy configurations to each of the sidecar proxies in the mesh. Imagine if your Envoy sidecar proxy had 8k lines of relevant configuration and 80k lines of non-relevant content that kept growing as you deployed and destroyed services outside of your service mesh in your Kubernetes cluster! 🙁

We listened to our customers’ pain, and we came up with the idea of using a flexible label selector configuration to allow users to dynamically configure which namespaces the Istio control plane should watch for Services, Pods, and Endpoints (and which it shouldn’t!) We presented the design document to the Istio Networking working group, implemented it, and worked with the community to refine the implementation of this “discovery selectors” feature. We were excited to see this feature now highlighted in the Istio 1.10 release blog. 

If you are interested in improving the performance and scalability of your Istio control plane and data plane, our blog explains how you can use discovery selectors in conjunction with Sidecar resources to improve your service mesh performance.

We also backported this feature to our enterprise Istio 1.7.x builds as part of Gloo Mesh Enterprise long term support (LTS) so that our customers can enjoy the performance improvement while running older but still supported versions of Istio. We understand that testing each Istio release could take people weeks or even months to complete on their own, so we strive to provide security fixes and critical improvements like discovery selectors to our customers on the Istio versions they operate today in their production environments.

This is just one more example of how Solo is helping our customers sail further with Istio by implementing what our customers need in upstream Istio and backporting the feature to our Istio LTS versions. We are excited to continue working with our customers on their enterprise requirements and help them connect and observe their services securely on a large scale across many clusters, whether it is with upstream Istio or our Gloo products or both.

Please reach out for help with discovery selectors or any other Istio related issues.

About the Author
Lin Sun Headshot Transparent 512 Lin Sun
Lin is the Director of Open-Source at Solo.io. She has been a maintainer of Istio service mesh since 2017 and serves on the Istio Technical Oversight Committee. Previously, she served on the Istio Steering Committee for four years and was a Senior Technical Staff Member and Master Inventor at IBM for 15+ years. She is the author of the "Istio Explained" and "Istio Ambient Explained" books and has more than 200 patents to her name.
Additional Resources
post
Implementing a Custom Integration in the Gateway: An Example With AWS SigV4

April 24, 2024

Read the Article
post
Comparing AWS App Mesh and Istio for AWS Users

April 23, 2024

Read the Article
infographic
Gloo Gateway vs. Apigee
View the Infographic
post
The Battle of Titans: Kong vs. Gloo Gateway

April 19, 2024

Read the Article