Releases: kyma-project/istio
1.13.1
Istio Updated to Version 1.24.2
| Component | Version |
|---|---|
| Istio | 1.24.2 |
| Envoy | 1.32.3 |
We've updated the Istio version to 1.24.2 (#1229).
Read the Istio 1.24.2 release announcement
Versions
- Istio: 1.24.2
- Envoy: 1.32.3
Full changelog: 1.13.0...1.13.1
1.13.0
New Features
- Switch internal structure holding IstioOperator to a different one.
This makes sure that the module stays up-to-date with upstream Istio dependencies.
Versions
- Istio: 1.24.1
- Envoy: 1.32.2
Full changelog: 1.12.0...1.13.0
1.12.0
New Features
- Extend Istio custom resource with Egress Gateway #1178
Versions
- Istio: 1.24.1
- Envoy: 1.32.2
Full changelog: 1.11.1...1.12.0
1.11.1
1.11.0
Istio Updated to Version 1.24.1
We've updated the Istio version to 1.24.1 (#1024). Read the Istio 1.24.1 release announcement and Istio 1.24.0 Change Notes.
This version includes changes to compatibility version parameters. See the parameters for the previous compatibility version switched from false to true:
| Parameter | Description |
|---|---|
| ENABLE_DELIMITED_STATS_TAG_REGEX | If true, pilot uses the new delimited stat tag regex to generate Envoy stats tags. |
| ENABLE_DEFERRED_CLUSTER_CREATION | If enabled, Istio creates clusters only when there are requests. This saves memory and CPU cycles in cases where there are lots of inactive clusters and more than one worker thread. |
This compatibility version applies the following new parameters set to false:
| Parameter | Description |
|---|---|
| ENABLE_INBOUND_RETRY_POLICY | If true, enables retry policy for inbound routes, which automatically retries any requests that were reset before reaching the intended service. |
| EXCLUDE_UNSAFE_503_FROM_DEFAULT_RETRY | If true, excludes unsafe retry on 503 from the default retry policy. |
| PREFER_DESTINATIONRULE_TLS_FOR_EXTERNAL_SERVICES | If true, external services prefer the TLS settings from DestinationRules over the metadata TLS settings. |
| ENABLE_ENHANCED_DESTINATIONRULE_MERGE | If enabled, Istio merges DestinationRules based on their exportTo fields. The DestinationRules are then kept as independent rules if the exportTo fields are not equal. |
| PILOT_UNIFIED_SIDECAR_SCOPE | If true, unified SidecarScope creation is used. This is only intended as a temporary feature flag for backward compatibility. |
| ENABLE_DEFERRED_STATS_CREATION | If enabled, Istio lazily initializes a subset of the stats. |
| BYPASS_OVERLOAD_MANAGER_FOR_STATIC_LISTENERS | If enabled, the overload manager is not applied to static listeners. |
New Features
We've added zone-based podAntiAffinity rules for the istio-ingressgateway and istiod Deployments. This change enhances resiliency and availability in the event of node-level or zone-level failures. (#1127)
Versions
- Istio: 1.24.1
- Envoy: 1.32.2
Full changelog: 1.10.0...1.11.0
1.10.0
New Features
- Remove Istio version
v1alpha1from the CRD #1062 - Now, the
istio-systemnamespace is created as part of the module's manifest (#1076). See the following decision for namespace labeling. - Remove support for the
istio-operator.kyma-project.io/disable-external-name-aliasannotation #1071
Versions
- Istio: 1.23.2
- Envoy: 1.31.2
Full changelog: 1.9.0...1.10.0
1.9.0
Deprecation
The annotation disable-external-name-alias has become deprecated. For SAP BTP, Kyma runtime users it is scheduled to be deleted on 04.11 in the fast channel and on 18.11 in the regular channel. The Istio module introduced the annotation to prevent Istio from treating a Service of type ExternalName as an alias of the Service that it points to. If you are using the annotation, see the migration guide.
New Features
- During the Istio upgrade, Pods with the Istio sidecar proxies are now divided into smaller groups and restarted in multiple reconciliations instead of all at once. This increases the stability and reliability of the reconciliation for the Istio module's operator. See issue #155.
- We've updated the Istio version to 1.23.2 (#1024). Read the Istio 1.23.2 release announcement and Istio 1.23.0 Change Notes. Take note of the following breaking changes included in the new minor version of Istio:
- Deferred cluster creation: In the context of Envoy, a cluster is a group of logically similar upstream hosts that Envoy connects to. Typically, clusters are defined and created at startup. This means that regardless of whether or not a cluster will be used during the lifetime of the Envoy process, it will still be initialized. Envoy has introduced a new optimization that allows these clusters to be created on the worker threads inline during requests, which can save memory and CPU cycles. If you rely on the old behavior, consider using the compatibility mode, which disables the deferred cluster creation feature by setting ENABLE_DEFERRED_CLUSTER_CREATION to
false. - Updates to Envoy cluster metrics parsing: Previously, the Envoy cluster metrics for services that did not use the
.svc.cluster.localsuffix were incorrectly truncated and parsed. This was because Envoy cluster metrics use dots.as a delimiter between metric namespaces. It is impossible to properly distinguish between those delimiters and the dots in hostnames or cluster names. To address this, the regex for parsing cluster_name has been updated to look for a semicolon that indicates the end of a cluster's name. If you have any dependency on the full stat name for cluster metrics, you must update your monitoring system to account for this change. If you require more time to make adjustments, consider using the compatibility mode, which reverts this behavior by setting ENABLE_DELIMITED_STATS_TAG_REGEX tofalse.
- Deferred cluster creation: In the context of Envoy, a cluster is a group of logically similar upstream hosts that Envoy connects to. Typically, clusters are defined and created at startup. This means that regardless of whether or not a cluster will be used during the lifetime of the Envoy process, it will still be initialized. Envoy has introduced a new optimization that allows these clusters to be created on the worker threads inline during requests, which can save memory and CPU cycles. If you rely on the old behavior, consider using the compatibility mode, which disables the deferred cluster creation feature by setting ENABLE_DEFERRED_CLUSTER_CREATION to
Versions
- Istio: 1.23.2
- Envoy: 1.31.2
Full changelog: 1.8.0...1.9.0
1.8.3
New features
- The self-signed CA certificate's bit length is now set to
4096instead of the default2048. #984
Versions
- Istio: 1.22.3
- Envoy: 1.30.5
Full changelog: 1.8.2...1.8.3
1.8.2
New Features
- Update the Istio version to 1.22.3 #958. Read Istio 1.22.3 Release Announcement.
Versions
- Istio: 1.22.3
- Envoy: 1.30.5
Full changelog: 1.8.1...1.8.2
1.8.1
New Features
- Update the Istio version to 1.22.2 #912. Read Istio 1.22.2 Release Announcement.
Versions
- Istio: 1.22.2
- Envoy: 1.30.3
Full changelog: 1.8.0...1.8.1