This release addresses some critical issues found by the community when using Istio 1.0.2. This release note describes what’s different between Istio 1.0.2 and Istio 1.0.3.
Validating webhook is now mandatory. Disabling it may result in Pilot crashes.
Service entry validation now rejects the wildcard hostname (
*) when configuring DNS resolution. The API has never allowed this, however
ServiceEntrywas erroneously excluded from validation in the previous release. Use of wildcards as part of a hostname, e.g.
*.bar.com, remains unchanged.
The core dump path for
istio-proxyhas changed to
Mutual TLS Permissive mode is enabled by default.
Pilot performance and scalability has been greatly enhanced. Pilot now delivers endpoint updates to 500 sidecars in under 1 second.
Default trace sampling is set to 1%.
Policy and telemetry
istio-telemetry) now supports load shedding based on request rate and expected latency.
Mixer client (
istio-policy) now supports
Istio Performance dashboard added to Grafana.
istio-telemetryCPU usage by 10%.
statsd-to-prometheusdeployment. Prometheus now directly scrapes from