Announcing Istio 1.7.5
This release contains bug fixes to improve robustness. This release note describes what’s different between Istio 1.7.4 and Istio 1.7.5
BEFORE YOU UPGRADE
Things to know and prepare before upgrading.
Download and install this release.
Visit the documentation for this release.
Inspect the full set of source code changes.
Fixed pilot agent app probe connection leak. (Issue #27726)
istio-cniplugin configuration. Previously, new configurations would be appended to the list. This has been changed to remove existing
istio-cniplugins from the CNI config before inserting new plugins. (Issue #27771)
Fixed when a node has multiple IP addresses (e.g., a VM in the mesh expansion scenario). Istio Proxy will now bind inbound listeners to the first applicable address in the list rather than to the last one. (Issue #28269)
Fixed Istio to not run gateway secret fetcher when proxy is configured with
EnvoyFilterto have valid configuration following the underlying changes in Envoy’s API. (Issue #27909)
Fixed an issue causing a short spike in errors during in place upgrades from Istio 1.6 to 1.7. Previously, the xDS version would be upgraded automatically from xDS v2 to xDS v3. This caused downtime with upgrades from Istio 1.6 to Istio 1.7. This has been fixed so that these upgrades no longer cause downtime. Note that, as a trade off, upgrading from Istio 1.7.x to Istio 1.7.5 still causes downtime in any existing 1.6 proxies; if you are in this scenario you may set the
PILOT_ENABLE_TLS_XDS_DYNAMIC_TYPESenvironment variable to false in Istiod to retain the previous behavior. (Issue #28120)
Fixed missing listeners on a VM when the VM sidecar is connected to
WorkloadEntryis registered later. (Issue #28743)