Six exciting enhancements in Istio 1.4.0

Istio 1.4.0 was released on November 14th, and it came with a lot of new features and enhancements. Here are my favorite six changes - most of them relate to installation and deployment. Note that there were a bunch of other changes introduced, so make sure you check the release notes.

1. Check if your cluster is ready for Istio

The new verify-install command is a helpful thing you should run before you start installing Istio. By default, the command checks your cluster and reports whether your cluster is ready for Istio installation.

It checks the Kubernetes API, version and ensures it can create necessary resources, needed as part of the Istio installation.

In addition to the pre-check feature, you can also use the verify-install command to check whether your Istio deployment matches a custom deployment configuration (i.e. a YAML file). The verify-install command checks everything in the provided YAML file matches the actual deployment on your cluster. If it doesn't, it will let you know - for example:

istioctl  verify-install -f istio-install.yaml
ClusterRole: istio-reader-istio-system.default checked successfully
ClusterRoleBinding: istio-reader-istio-system.default checked successfully
...
ClusterRoleBinding: istio-galley-admin-role-binding-istio-system.default checked successfully
Error: Istio installation failed, incomplete or does not match "test.yaml" - the required ConfigMap:galley-envoy-config is not ready due to: configmaps "galley-envoy-config" not found

2. Simplified installation with manifest command

Remember manually applying Istio CRDs? How about waiting for CRDs to get applied? Or using Helm to render the YAML? Well, guess what - no need for that anymore!

Istio 1.4.0 introduced a CLI command called manifest. You can use the manifest command to generate, apply, diff, or migrate Istio manifests. Here's a one-liner for installing Istio 1.4.0 with Demo profile:

istioctl manifest apply --set profile=demo

If you're using a different profile, change the profile variable value to one of these:

• minimal
• remote
• sds
• default
• demo

Also, no need to memorize these names; just run istioctl profile list.

3. Installing with Istio operator (Experimental)

If you want to get more experimental, you can try out the Istio operator. You will have to install the operator first, by running:

kubectl apply -f https://istio.io/operator.yaml

The above command creates an istio-operator namespace and deploys the operator. With the operator deployed, you can apply the IstioControlPlane resource to install Istio with the demo profile:

cat <<EOF | kubectl apply -f -
apiVersion: install.istio.io/v1alpha2
kind: IstioControlPlane
metadata:
  namespace: istio-operator
  name: my-istio-control-plane
spec:
  profile: demo
EOF

Once the Istio controller detects the new IstioControlPlane resource, it begins installing Istio.

The nice thing about the operator is that you don't need to deal with the complex YAML installation files. Instead, you are dealing with simplified YAML file for the IstioControlPlane resource. For example, to make updates or changes to the current installation of Istio, you need to modify and re-deploy the IstioControlPlane resource - move from demo to minimal installation:

cat <<EOF | kubectl apply -f -
apiVersion: install.istio.io/v1alpha2
kind: IstioControlPlane
metadata:
  namespace: istio-operator
  name: my-istio-control-plane
spec:
  profile: demo
EOF

You can check out the full list of available options for the Istio operator here.

4. Quickly open dashboards

No need for custom aliases anymore. With the dashboard command you can quickly open Web UIs of any deployed dashboards:

istioctl dashboard grafana

Or even shorter command:

istioctl d prometheus

5. Mirror percentage of the traffic

The traffic mirroring or shadowing feature has been available in Istio for a while now. The percentage of the traffic that as going to the mirrored destination was always hardcoded to 100%. With the new mirror_percent field, you can specify how much of the incoming traffic you want to mirror:

    mirror:
      host: my-service
      subset: v2
    mirror_percent: 40

6. Client libraries for Golang

If you're interacting with Istio programmatically, you'll probably welcome this change. The Golang Client Library for Istio APIs allows you to talk to Istio resources in your Kubernetes cluster.