Announcing Istio 1.21.0
Istio 1.21 Release Announcement.
We are pleased to announce the release of Istio 1.21. This is the first Istio release of 2024. We would like to thank the
entire Istio community for helping get the 1.21.0 release published. We would like to thank the Release Managers for
this release, Aryan Gupta
from Google, Jianpeng He
from Tetrate, and Sumit Vij
. The release
managers would once again like to thank the Test & Release WG lead Eric Van Norman (IBM) for his help and guidance
throughout the release cycle. We would also like to thank the maintainers of the Istio work groups and the broader Istio
community for helping us throughout the release process with timely feedback, reviews, community testing and for all
your support to help ensure a timely release.
CHANGE NOTES
Get a detailed list of what's changed.
BEFORE YOU UPGRADE
Things to know and prepare before upgrading.
DOWNLOAD
Download and install this release.
DOCS
Visit the documentation for this release.
What’s new
Easing upgrades with compatibility versions
Istio 1.21 introduces a new concept known as compatibility versions.
Compatibility versions solve a long running problem in Istio: as time passes, changes to the behavior of Istio may be desired to fix bugs, improve integration with the rest of the ecosystem, improve security, or fix surprising behaviors. However, even the smallest behavioral changes can cause issues on upgrade for a project like Istio deployed across thousands of companies in production. At best, this makes upgrades more challenging - at worst, it pushes users to not upgrade at all!
With compatibility versions, behavioral changes are decoupled from the Istio version. For
example, if you want to upgrade to Istio 1.21 but don’t want to adopt the changes
introduced yet, simply install with --set compatibilityVersion=1.20
to retain the 1.20
behavior.
Not sure if you need the old behavior? Not a problem, istioctl
can tell you!
$ istioctl experimental precheck --from-version 1.23
Warning [IST0168] (DestinationRule default/tls) The configuration "ENABLE_AUTO_SNI"
changed in release 1.20: previously, no SNI would be set; now it will be automatically
set. Or, install with `--set compatibilityVersion=1.20` to retain the old default.
Error: Issues found when checking the cluster. Istio may not be safe to install or upgrade.
See https://istio.io/v1.21/docs/reference/config/analysis for more information about
causes and resolutions.
In this release, the following changes are gated behind compatibility versions:
- Improved
ExternalName
service support - Automatic SNI for
SIMPLE
TLS origination inDestinationRule
- Default-on TLS verification for TLS origination in
DestinationRule
istioctl experimental precheck
can detect possibly impacted resources for all of these changes. For
more info on these changes, see the
Upgrade Notes.
Istio joins related projects like Kubernetes and Go who have introduced similar features.
Binary size reductions
With each release, Istio gets faster, more reliable, and more stable, and this release is no different. In this release, binary sizes have dropped across the board, with roughly 10MB smaller binaries.
This is especially important with the sidecar, because its deployed alongside every workload. Coming in at 25% smaller, the sidecar image can be pulled faster improving pod startup times. Additionally, the reduced binary size typically results in a 5MB RAM reduction - across many pods, this quickly adds up to cost savings.
Support for all CNIs in ambient mode
Our new ambient mode now works across all Kubernetes platforms and CNI implementations. Ambient mode has been tested with GKE, AKS, and EKS and all the CNI implementations they offer, 3rd-party CNIs like Calico and Cilium, and platforms like OpenShift, all with solid results. The engineering challenges behind this fix were described in a recent blog post.
Ambient mode is targeted to move to Beta in the upcoming Istio 1.22.
Upgrading to 1.21
We would like to hear from you regarding your experience upgrading to Istio 1.21. You can provide feedback in the #release-1.21 channel in our Slack workspace.
Would you like to contribute directly to Istio? Find and join one of our Working Groups and help us improve.