Istio 1.15.0 Change Notes
Istio 1.15.0 change notes.
Improved the number of pushes to gateway proxies by not pushing when services are not visible from the gateway. (Issue #39110)
Improved compatibility with minimal host operating systems without
nsenterbinary (like Talos OS). The
HostNSEnterExecreverts to old behavior with use of nsenter. (Issue #38794)
Updated istiod to allow unknown flags for backward-compatibility. If an unknown flag is passed, no warning or error will be logged.
Added a validation warning when protocol is unset and address is also unset. (Issue #27990)
Added support for configuring internal addresses for the mesh. This can be enabled by setting
traffic.sidecar.istio.io/excludeInterfacesannotation. (Issue #39404)
Added support for configuring
Added support to inject faults by specifying gRPC status code.
Added support for sending parallel DNS queries to all nameservers in the Istio agent. This feature is disabled by default and can be enabled by setting the istio-agent environment variable
DNS_FORWARD_PARALLEL=true. (Issue #39598)
Added support for tunneling outbound traffic via external HTTP forward proxies using HTTP CONNECT or POST methods. Tunnel settings can be applied only to TCP and TLS listeners, HTTP listeners are not supported for now.
Added an option for sidecar
Hostheader matching to ignore port numbers. This can be controlled by the
Fixed CNI installation to detect changes in projected service account token and reinstall istio-cni plugin with a new kubeconfig. (Issue #38077)
Fixed an issue where some
ServiceEntryhostnames could cause non-deterministic Envoy routes. (Issue #38678)
Fixed an issue when network gateway names could not be properly resolved in some cases. (Issue #38689)
Fixed an issue where updating split
DestinationRulesdid not take effect if the RDS/CDS/EDS cache was enabled. (Issue #39726)
Fixed an issue where Istio would send traffic to unready pods when
PILOT_SEND_UNHEALTHY_ENDPOINTSwas enabled. (Issue #39825)
Fixed an issue causing rejected configuration when using
DestinationRules. (Issue #39736)
Fixed an issue causing Envoy clusters to be stuck initializing, blocking configuration updates or proxy startup. (Issue #38709)
Fixed an issue causing traffic not to match (and return a
404) when using wildcard domain names and including an unexpected port in the
Fixed an issue causing traffic to match an unexpected route when using wildcard domain names and including a port in the
Fixed a potential memory leak triggered by updating
Fixed any issue that can cause xDS configuration updates to be blocked during high traffic. (Issue #39209)
Added an istio-agent environment variable
WORKLOAD_RSA_KEY_SIZEfor configuring the RSA key size of workload certificates.
Fixed a bug where the
ndynamically generated by JWKS was not base64 encoded, causing envoy to fail to parse it correctly.
Fixed the TCP metadata exchange between sidecar client and
ISTIO_MUTUAL, TCP server at the gateway.
Fixed a bug that would ignore some configuration when specifying multiple
accessLoggingin Telemetry resources within a single stanza. With this fix, all provided access logging configuration within a single stanza of Telemetry resource are respected. (Issue #39468)
WASM_HTTP_REQUEST_MAX_RETRIESistio-agent environment variables to control WASM cache related parameters.
Added the ability to decompress and/or untar the WASM binary when it is pulled via HTTP/HTTPS.
WASM_INSECURE_REGISTRIESistio-agent environment variable for when the
WasmPluginis pointing HTTP/HTTPS server.
Extended the scope of
WasmPluginto accept HTTP/HTTPS URLs in addition to OCI image URLs.
Added support for
arm64architecture for all components. (Issue #26652)
istio-initcontainer (as they are in
Added values to the Istio Gateway Helm chart for configuring topologySpreadConstraints on the gateway deployment.
Added support for watching local secret resource updates for external istiod. (Issue #31946)
Updated the default value of the feature flag
ENABLE_LEGACY_FSGROUP_INJECTIONto false. This may cause issues with sidecars when installing on Helm on Kubernetes versions prior to 1.19.
Updated the Kiali addon to the latest version (v1.55.1).
Improved external control plane setup instructions, including tips for simpler control plane ingress setup, making it easier to experiment with the external control plane deployment model in a test environment.
Removed the deprecated
remote.yamlprofile which is equivalent to the default profile. (Issue #38832)
istioctl x uninstallto
istioctl uninstall. (Issue #40339)
Improved the output format of the active logging levels.
Added a new analyzer for Envoy filter patch operations to provide warnings when relative patch operations are used without a priority set which can cause Envoy filters not to be applied correctly. (Issue #37415)
istioctl analyzebeta API version support for file resources.
Added pod name and cluster name to bookinfo’s reviews, where the cluster name is determined by the
CLUSTER_NAMEenvironment variable on the reviews deployments.
Added support for parsing list type of files in
istioctl analyze. (Issue #39982)
Added description to
istioctl admin log.
Fixed an issue causing
istioctl analyzeto return an unexpected IST0134 message when
ServiceEntryaddress is empty but mesh config
Fixed an issue causing
istioctl x injector listto provide incorrect pod information.
Fixed an issue causing
ConflictingMeshGatewayVirtualServiceHosts (IST0109)message to appear with
istioctl analyzewhen using
exportTofor a specific namespace. (Issue #39634)