July 16, 2020 By jason-mcalpin 3 min read

We’re excited to announce that Istio version 1.6 is now available for the IBM Cloud Kubernetes Service managed Istio add-on.

Istio 1.6

This release of Istio comes with simplifications to the control plane with istiod, added debug tools with istioctlWorkloadEntry for joining VM workloads to the mesh, Secure Gateway (SDS), and more. For a more thorough list of new features and changes, check out the release announcement blog and version 1.6 change notes.

Istio add-on customization

After you install the Istio add-on, you can customize a set of Istio configuration options via a config map. These options include extra control over monitoring, logging, and networking in your control plane and service mesh. Use these options to enable envoy access logs, set the outbound traffic policy, enable monitoring dashboards (Prometheus, Grafana, Jaeger, and Kiali), and configure private and HA gateways (beta). For a full list of options, see the documentation.

TLS with ingress traffic

The combination of IBM Cloud Kubernetes Service NLB DNS capabilities and Istio Secure Gateways greatly simplifies the configuration and management of Istio ingress gateway TLS certificates for SSL termination of single and multiple hosts.

IBM Cloud Kubernetes Service provides DNS domain names and matching TLS certificates for clusters. These certificates are stored in a Kubernetes secret in your desired namespace, and IBM keeps them up to date. With Istio Secure Gateway with SDS, Gateway resources can now specify the location of the Kubernetes secret that holds the TLS certs. 

For example, to create a new NLB DNS subdomain and secret with the certificates, run the following command:

ibmcloud ks nlb-dns create classic \
    --ip $GATEWAY_IP \
    --cluster $CLUSTER_NAME \
    --secret-namespace istio-system

Next, configure the Istio Gateway resource to use the certificate:

apiVersion: networking.istio.io/v1alpha3
kind: Gateway
metadata:
  name: my-gateway
spec:
  selector:
    istio: ingressgateway
  servers:
  - port:
      number: 443
      name: https
      protocol: HTTPS
    tls:
      mode: SIMPLE
      credentialName: SECRET_NAME # replace with secret name
    hosts:
    - "*"

That’s it! No need to manually update the certs, rename or move secrets, or restart anything. To configure an additional host, you can create NLB DNS subdomain, matching secret, and a new Gateway resource.

Observability

IBM Cloud Monitoring with Sysdig is a managed monitoring service that provides operational visibility into the performance and health of applications, services, and infrastructure. For your IBM Cloud Kubernetes Service clusters, it provides out-of-the-box dashboards and alerts for nodes, namespaces, services, deployments, pods, and more. It also integrates with the Istio add-on by automatically scraping merged user application and Istio metrics. Check out the built-in Istio Overview and Service Dashboards:

More information

Check out our documentation to get started with Istio on the IBM Cloud Kubernetes Service

If you have any questions or have any feedback to share, please engage our team via Slack by registering here and join the discussion in the #general or #managed_istio_knative channels on our public IBM Cloud Kubernetes Service Slack.

More from Announcements

IBM Hybrid Cloud Mesh and Red Hat Service Interconnect: A new era of app-centric connectivity 

2 min read - To meet customer demands, applications are expected to be performing at their best at all times. Simultaneously, applications need to be flexible and cost effective, and therefore supported by an underlying infrastructure that is equally reliant, performant and secure as the applications themselves.   Easier said than done. According to EMA's 2024 Network Management Megatrends report only 42% of responding IT professionals would rate their network operations as successful.   In this era of hyper-distributed infrastructure where our users, apps, and data…

IBM named a Leader in Gartner Magic Quadrant for SIEM, for the 14th consecutive time

3 min read - Security operations is getting more complex and inefficient with too many tools, too much data and simply too much to do. According to a study done by IBM, SOC team members are only able to handle half of the alerts that they should be reviewing in a typical workday. This potentially leads to missing the important alerts that are critical to an organization's security. Thus, choosing the right SIEM solution can be transformative for security teams, helping them manage alerts…

IBM and MuleSoft expand global relationship to accelerate modernization on IBM Power 

2 min read - As companies undergo digital transformation, they rely on APIs as the backbone for providing new services and customer experiences. While APIs can simplify application development and deliver integrated solutions, IT shops must have a robust solution to effectively manage and govern them to ensure that response times and costs are kept low for all applications. Many customers use Salesforce’s MuleSoft, named a leader by Gartner® in full lifecycle API management for seven consecutive times, to manage and secure APIs across…

IBM Newsletters

Get our newsletters and topic updates that deliver the latest thought leadership and insights on emerging trends.
Subscribe now More newsletters