Istio is a by Google, IBM and Lyft jointly develop open-source project aims to provide a unified micro-service connection, security, management and monitoring methods. Specifically, Istio service grid is an open-source platform, it ensures that micro-services in dealing with the failure to specify a way to connect with each other. 1.3 has been released, this version increase availability, as follows:
- By default, it will capture all inbound traffic
- A command add-to-mesh CLI is to add to the existing services in Istio Mesh, regardless of whether the service is running in the Kubernetes in or run in a virtual machine
- describe command, allows developers to describe and to meet the needs of any desired configuration associated with the pod and services Istio Istio
- Automatic detection of the protocol implemented by default enabled and outbound traffic, but disabled for inbound traffic, so that this feature can be stabilized. You still need to modify Kubernetes service YAML, v1.3 protocol for use in the name or prefix of the service port
Traffic management
- Added TLS mode for interactive operation in the Gateway API
- Fixed in MySQL and MongoDB and other agreements, the service first presence when communicating over the network with the permission of mutual TLS mode problem
- Improved EnwayFilter API, you can now add or update all configurations
- Improved load balancing, default traffic directed to the same region
- Improved ServiceEntry API, allowing to use the same host name in a different namespace
- Improved Sidecar API to customize OutboundTrafficPolicy policy
Security
- Use mutual TLS add a trusted domain authentication service
- Add tags to control the secret service account in accordance with the namespace generation
- / Debug / sds on using port 8080 / workload and / debug / sds / gateway add diagnostic information to the Citadel Agent
- By using Kubernetes Trustworthy JWT improved security SDS
- Improved Citadel Agent logging by unified logging mode
- Suspended the integration of the Vault CA
- Istio SDS does not support the use of versions prior to 1.13 Kubernetes
- By default, enabled Envoy JWT filter can improve the safety and reliability
There are also some changes to the telemetry, as detailed in the release notes: