The Istio team has released the fourth and last release of the year 2020 of the service mesh platform. With Istio 1.8, the development team is taking a further step towards multi-cluster meshes and workloads that run on virtual machines (VM) in the mesh. According to the release notes, the main focus of the update is on troubleshooting and improving the platform.

Istio 1.8 provides installation instructions for developers that contain it should make it easier for them to install a mesh that extends over several clusters. Developers can decide whether the clusters should be in the same network and whether multiple control levels are desired.

VM support and security For the year 2020 the Istio team has set itself the goal of expanding support for workloads that are not running in Kubernetes. With Istio 1.6, the team took the first steps on this path. Version 1.7 of the WorkloadEntry API should make it easier to display workloads that are not based on Kubernetes in Istio. To do this, virtual machines (VMs) or bare metal workloads were raised to the same level as a Kubernetes pod. Developers can define a service that is supported by VMs in addition to the pods. This allows VM workloads to be migrated to a Kubernetes cluster without disrupting traffic to and from it.

Building on the security precautions in Version 1.7, the current release focuses on usability. In addition to simplifying the installation process, developers can use the istioctl analysis tool for installation. A new DNS proxy feature makes it possible to resolve mesh services from VMs – without an unsafe query from the cluster DNS server. The new feature is intended to reduce cluster DNS traffic and the number of look-ups required to resolve the IP of a service. With an automatic registration it is possible to inform the VM agent about the type of workload and to have workload entry objects automatically created for him when the agent joins the mesh.

Istio 1.8 has further innovations for security. For example, Istiod now sends certificates to gateways instead of reading them directly from Kubernetes. More information about Istio 1.8 can be found in the release notes.

(mdo)