istio
/
istio.io
mirror of https://github.com/istio/istio.io.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Istio 1.23 release notes (#15538) 

* Istio 1.23 release notes

* Update _index.md

* Update index.md

* Proof read pass

* More proof read and add changes from api

* Add upgrade nodes

* Update content/en/news/releases/1.23.x/announcing-1.23/change-notes/index.md

Co-authored-by: Daniel Hawton <daniel@hawton.org>

* Apply Daniel suggestions from code review

Co-authored-by: Daniel Hawton <daniel@hawton.org>

* Update content/en/news/releases/1.23.x/announcing-1.23/change-notes/index.md

Co-authored-by: Daniel Hawton <daniel@hawton.org>

* Moar fixes

* Upgrade suggestions from Daniel

Co-authored-by: Daniel Hawton <daniel@hawton.org>

* Update content/en/news/releases/1.23.x/announcing-1.23/upgrade-notes/index.md

Co-authored-by: Daniel Hawton <daniel@hawton.org>

* Spelling fixes

* Sort spelling

* stage blog & review upgrade/change notes

* fix lint by not linking something I'm creating in the same PR

* Linting fixes

* Add operator deprecation blog

* Address last few bits of feedback

* Plan the release tomorrow

* Add aliases

* Update content/en/news/releases/1.23.x/announcing-1.23/_index.md

Co-authored-by: Daniel Hawton <daniel@hawton.org>

* Update content/en/blog/2024/in-cluster-operator-deprecation-announcement/index.md

Co-authored-by: Daniel Hawton <daniel@hawton.org>

---------

Co-authored-by: Daniel Hawton <daniel@hawton.org>
Co-authored-by: Craig Box <craig.box@gmail.com>
This commit is contained in:
Sumit Vij 2024-08-14 12:38:19 -07:00 committed by GitHub
parent 3ce3c8d38f
commit c641ab3e64
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
6 changed files with 382 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
.spelling
View File

@ -25,7 +25,9 @@
1.21.x
1.21.x.
1.22.x
1.22.x.
1.23.x
1.23.x.
1.24.0
1.24.x
1.25.x
@ -600,6 +602,7 @@ IOPs
ip
ipBlocks
IPs
ipsets
iptables
IPv4
IPv6
@ -825,6 +828,7 @@ Nassi
natively
Neeraj
netfilter
netlink
netmask
netns
network1
@ -945,6 +949,7 @@ Prometheus
PromQL
proto
protobuf
protobufs
protoc
protos
proxied
@ -1223,6 +1228,7 @@ v1.55.1
v1.7.4
v1.7.6_coreos.0
v1.79.0.
v1.87.0
v1.9
v1alpha1
v1alpha3
@ -1286,6 +1292,7 @@ wildcard
wildcarded
wildcards
Wireguard
Wolfi
workgroup
workload
workstream

94
content/en/blog/2024/in-cluster-operator-deprecation-announcement/index.md Normal file
View File

@ -0,0 +1,94 @@
---
title: "Istio has deprecated its In-Cluster Operator"
description: What you need to know if you are running the Operator controller in your cluster.
publishdate: 2024-08-14
attribution: "Mitch Connors (Microsoft), for the Istio Technical Oversight Committee"
keywords: [operator,deprecation]
---
Istios In-Cluster Operator has been deprecated in Istio 1.23. Users leveraging the operator — which we estimate to be fewer than 10% of our user base — will need to migrate to other install and upgrade mechanisms in order to upgrade to Istio 1.24 or above. Read on to learn why we are making this change, and what operator users need to do.
## Does this affect you?
This deprecation only affects users of the [In-Cluster Operator](/docs/setup/install/operator/). **Users who install Istio with the <code>istioctl install</code> command and an `IstioOperator` YAML file are not affected**.
To determine if you are affected, run `kubectl get deployment -n istio-system istio-operator` and `kubectl get IstioOperator`. If both commands return non-empty values, your cluster will be affected. Based on recent polls, we expect that this will affect fewer than 10% of Istio users.
Operator-based Installations of Istio will continue to run indefinitely, but cannot be upgraded past 1.23.x.
## When do I need to migrate?
In keeping with Istios deprecation policy for Beta features, the Istio In-Cluster Operator will be removed with the release of Istio 1.24, roughly three months from this announcement. Istio 1.23 will be supported through March 2025, at which time operator users will need to migrate to another install mechanism to retain support.
## How do I migrate?
The Istio project will continue to support installation and upgrade via the `istioctl` command, as well as with Helm. Because of Helms popularity within the platform engineering ecosystem, we recommend most users migrate to Helm. `istioctl install` is based on Helm templates, and future versions may integrate deeper with Helm.
Helm installs can also be managed with GitOps tools like [Flux](https://fluxcd.io/) or [Argo CD](https://argo-cd.readthedocs.io/).
Users who prefer the operator pattern for running Istio can migrate to either of two new Istio Ecosystem projects, the Classic Operator Controller, or the Sail Operator.
### Migrating to Helm
Helm migration requires translating your `IstioOperator` YAML into a Helm `values.yaml` file. Tooling to support this migration will be provided alongside the Istio 1.24 release.
### Migrating to istioctl
Identify your `IstioOperator` custom resource: there should be only one result.
{{< text bash >}}
$ kubectl get IstioOperator
{{< /text >}}
Using the name of your resource, download your operator configuration in YAML format:
{{< text bash >}}
$ kubectl get IstioOperator <name> > istio.yaml
{{< /text >}}
Disable the In-Cluster Operator. This will not disable your control plane or disrupt your current mesh traffic.
{{< text bash >}}
$ kubectl scale deployment -n istio-system istio-operator replicas 0
{{< /text >}}
When you are ready to upgrade Istio to version 1.24 or later, follow [the upgrade instructions](/docs/setup/upgrade/canary/), using the `istio.yaml` file you downloaded above.
Once you have completed and verified your migration, run the following commands to clean up your operator resources:
{{< text bash >}}
$ kubectl delete deployment -n istio-system istio-operator
$ kubectl delete customresourcedefinition istiooperator
{{< / text >}}
### Migrating to the Classic Operator Controller
A new ecosystem project, the [Classic Operator Controller](https://github.com/istio-ecosystem/classic-operator-controller), is a fork of the original controller built into Istio. This project maintains the same API and code base as the original operator, but is maintained outside of Istio core.
Because the API is the same, migration is straightforward: only the installation of the new operator will be required.
Classic Operator Controller is not supported by the Istio project.
### Migrating to Sail Operator
A new ecosystem project, the [Sail Operator](https://github.com/istio-ecosystem/sail-operator), is able to install and manage the lifecycle of the Istio control plane in a Kubernetes or OpenShift cluster.
Sail Operator APIs are built around Istio's Helm chart APIs. All installation and configuration options that are exposed by Istio's Helm charts are available through the Sail Operator CRD's `values:` fields.
Sail Operator is not supported by the Istio project.
## What is an operator, and why did Istio have one?
The [operator pattern](https://kubernetes.io/docs/concepts/extend-kubernetes/operator/) was popularized by CoreOS in 2016 as a method for codifying human intelligence into code. The most common use case is a database operator, where a user might have multiple database instances in one cluster, with multiple ongoing operational tasks (backups, vacuums, sharding).
Istio introduced istioctl and the in-cluster operator in version 1.4, in response to problems with Helm v2. Around the same time, Helm v3 was introduced, which addressed the communitys concerns, and is a preferred method for installing software on Kubernetes today. Support for Helm v3 was added in Istio 1.8.
Istios in-cluster operator handled installation of the service mesh components - an operation you generally do one time, and for one instance, per cluster. You can think of it as a way to run istioctl inside your cluster. However, this meant you had a high-privilege controller running inside your cluster, which weakens your security posture. It doesnt handle any ongoing administration tasks (backing up, taking snapshots etc, are not requirements for running Istio).
The Istio operator is something you have to install into the cluster, which means you already have to manage the installation of something. Using it to upgrade the cluster likewise first required you to download and run a new version of istioctl.
Using an operator means you have created a level of indirection, where you have to have options in your custom resource to configure everything you may wish to change about an installation. Istio worked around this by offering the `IstioOperator` API, which allows configuration of installation options. This resource is used by both the in-cluster operator and istioctl install, so there is a trivial migration path for operator users.
Three years ago — around the time of Istio 1.12 — we updated our documentation to say that use of the operator for new Istio installations is discouraged, and that users should use istioctl or Helm to install Istio.
[Having three different installation methods has caused confusion](https://blog.howardjohn.info/posts/istio-install/), and in order to provide the best experience for people using Helm or istioctl - over 90% of our install base - we have decided to formally deprecate the in-cluster operator in Istio 1.23.

8
content/en/news/releases/1.23.x/_index.md Normal file
View File

@ -0,0 +1,8 @@
---
title: 1.23.x Releases
description: Announcements for the 1.23 release and its associated patch releases.
weight: 6
list_by_publishdate: true
layout: release-grid
decoration: dot
---

82
content/en/news/releases/1.23.x/announcing-1.23/_index.md Normal file
View File

@ -0,0 +1,82 @@
---
title: Announcing Istio 1.23.0
linktitle: 1.23.0
subtitle: Major Release
description: Istio 1.23 Release Announcement.
publishdate: 2024-08-14
release: 1.23.0
aliases:
- /news/announcing-1.23
- /news/announcing-1.23.0
---
We are pleased to announce the release of Istio 1.23. Thank you to all our contributors, testers, users and enthusiasts for helping us get the 1.23.0 release published! We would like to thank the Release Managers for this release, **Sumit Vij** from Credit Karma, **Zhonghu Xu** from Huawei and **Mike Morris** from Microsoft.
{{< relnote >}}
{{< tip >}}
Istio 1.23.0 is officially supported on Kubernetes versions `1.27` to `1.30`.
{{< /tip >}}
## Whats new?
### Ambient, ambient, ambient
Hot on the tail of the recent promotion of [ambient mode to Beta in Istio 1.22](/blog/2024/ambient-reaches-beta/), Istio 1.23 comes with a huge set of improvements. Working closely with the many users who have been adopting ambient mode, we have been working diligently to address all the feedback we have received. These improvements include broader platform support, added features, bug fixes, and performance improvements.
A small sample of the highlights:
* Support for `DestinationRule` in waypoint proxies.
* Support for DNS `ServiceEntries` in waypoints and ztunnel.
* Support for sharing waypoints across namespaces.
* Support for the new `Service` field `trafficDistribution`, allowing keeping traffic in local zones/regions.
* Support for Dual Stack and IPv6 clusters.
* A new Grafana dashboard for ztunnel.
* A single Helm chart for installing all the ambient mode components at once.
* Performance improvements: our testing shows up to a 50% improvement in throughput compared to Istio 1.22.
* Tons of bug fixes: improvements to pod startup, support for Services without selectors, improvements to logging, and more!
### DNS auto-allocation improvements
For years, Istio has has an [address allocation option](/docs/ops/configuration/traffic-management/dns-proxy/#address-auto-allocation) for use with the DNS proxy mode. This solves a number of problems for Service routing.
In Istio 1.23, a new implementation of this feature was added. In the new approach, the allocated IP addresses are persisted in the `ServiceEntry` `status` field, ensuring that they are never changed. This fixes long-standing reliability issues with the old approach, where the allocation would occasionally shuffle and cause issues. Additionally, this approach is more standard, easier to debug, and makes the feature work with ambient mode!
This mode is off by default in 1.23, but can be enabled with `PILOT_ENABLE_IP_AUTOALLOCATE=true`.
### Retry improvements preview
In this release, a new feature preview for an enhancement to the default retry policy has been implemented. Historically, retries were done only on *outbound* traffic. For many cases, this is what you want: the request can be retried to a different pod, which has a better chance to succeed. However, this left a gap: often, a request would fail simply because the application had closed a connection we had kept alive and tried to re-use.
We have added to detect this scenario, and retry. This is expected to reduce a common source of 503 errors in the mesh.
This can be enabled with `ENABLE_INBOUND_RETRY_POLICY=true`. It is expected to be on by default in future releases.
### A coat of paint for Bookinfo
Improvements in 1.23 are not limited to Istio itself: in this release, everyone's favorite sample application, Bookinfo, also gets a facelift!
The new application features a more modern design, and performance improvements that resolve some unexpected slowness in the `productpage` and `details` services.
{{< image width="80%" link="/docs/setup/getting-started/bookinfo-browser.png" caption="The improved Bookinfo application" >}}
### Other highlights
* The distroless images were upgraded to use the [Wolfi](https://github.com/wolfi-dev) container base OS.
* The `istioctl proxy-status` command was improved to include the time since last change, and more relevant status values.
## Deprecating the in-cluster Operator
Three years ago, we [updated our documentation](/docs/setup/install/operator/) to discourage the use of the in-cluster operator for new Istio installations. We are now ready to formally mark it as deprecated in Istio 1.23. People leveraging the operator — which we estimate to be fewer than 10% of our user base — will need to migrate to other install and upgrade mechanisms in order to upgrade to Istio 1.24 or above. The expected release date for 1.24 is November 2024.
We recommend users move to Helm and istioctl, which remain supported by the Istio project. Migrating to istioctl is trivial; migrating to Helm will require tooling which we will publish along with the 1.24 release.
Users who wish to stick with the operator pattern have two third-party options in the [istio-ecosystem](https://github.com/istio-ecosystem/) org.
Please check out [our deprecation announcement blog post](/blog/2024/in-cluster-operator-deprecation-announcement/) for more details on the change.
## Upgrading to 1.23
We would like to hear from you regarding your experience upgrading to Istio 1.23. You can provide feedback in the `#release-1.23` channel in our [Slack workspace](https://slack.istio.io/).
Would you like to contribute directly to Istio? Find and join one of our [Working Groups](https://github.com/istio/community/blob/master/WORKING-GROUPS.md) and help us improve.

162
content/en/news/releases/1.23.x/announcing-1.23/change-notes/index.md Normal file
View File

@ -0,0 +1,162 @@
---
title: Istio 1.23.0 Change Notes
linktitle: 1.23.0
subtitle: Major Release
description: Istio 1.23.0 release notes.
publishdate: 2024-08-14
release: 1.23.0
weight: 10
aliases:
- /news/announcing-1.23.0
---
## Deprecations
- **Deprecated** the in-cluster Operator. Please check out [our deprecation announcement blog post](/blog/2024/in-cluster-operator-deprecation-announcement/) for more details on the change.
## Traffic Management
- **Added** support for proxying `100 Continue` headers. This can be disabled by setting `ENABLE_100_CONTINUE_HEADERS` to `false`.
- **Added** a way to read the traffic type for a waypoint from the `istio.io/waypoint-for` label on the parent Gateway class. This value overrides the global default and will be overridden if the label is applied to the waypoint resource.
([Issue #50933](https://github.com/istio/istio/issues/50933))
- **Added** support for matching multiple service VIPs in a waypoint proxy.
([Issue #51886](https://github.com/istio/istio/issues/51886))
- **Added** an experimental feature to enable cluster creation on worker threads inline during requests.
This will save memory and CPU cycles in cases where there are lots of inactive clusters and > 1 worker thread.
This can be disabled by setting `ENABLE_DEFERRED_CLUSTER_CREATION` to `false` in agent Deployment.
- **Added** support for the new `reset-before-request` retry policy added in Envoy 1.31.
([Issue #51704](https://github.com/istio/istio/issues/51704))
- **Fixed** a bug where UDP traffic in the `ISTIO_OUTPUT` iptables chain exits early.
([Issue #51377](https://github.com/istio/istio/issues/51377))
- **Fixed** `ServiceEntry` status addresses field not supporting IP address assignments to individual hosts, which led to an undesired divergence in behavior between the new and old implementations for automatic allocations. Added a "Host" field to the Address in order to support mapping allocated IP to a host.
- **Fixed** an issue where CORS filter forwarded preflight requests if the origin was not allowed.
- **Fixed** retry logic to make getting envoy metrics safer on `EXIT_ON_ZERO_ACTIVE_CONNECTIONS` mode.
([Issue #50596](https://github.com/istio/istio/issues/50596))
- **Fixed** propagation of IPv6 config to the `istio-cni`. Note that IPv6 support is still unstable.
([Issue #50162](https://github.com/istio/istio/issues/50162))
- **Fixed** an issue where ZDS did not pass down `trust_domain`.
([Issue #51182](https://github.com/istio/istio/issues/51182))
- **Fixed** an issue with iptables rules for ambient when dealing with IPv6.
- **Fixed** IP auto allocation for `ServiceEntry` to allocate per-host rather than per-`ServiceEntry`.
([Issue #52319](https://github.com/istio/istio/issues/52319))
- **Fixed** `ServiceEntry` validation to suppress the "address required" warning when using the auto IP allocation controller.
([Issue #52422](https://github.com/istio/istio/issues/52422))
- **Fixed** an issue where TLS settings in `DestinationRule` are not respected when connecting from a gateway or sidecar to a backend enrolled using ambient mode.
- **Fixed** an issue preventing `DestinationRule` `proxyProtocol` from working when TLS is disabled.
- **Removed** the `ISTIO_ENABLE_OPTIMIZED_SERVICE_PUSH` feature flag.
- **Removed** the `ENABLE_OPTIMIZED_CONFIG_REBUILD` feature flag.
- **Removed** the experimental `PILOT_ENABLE_CONFIG_DISTRIBUTION_TRACKING` feature flag and corresponding `istioctl experimental wait` command.
- **Updated** `istio-cni` config map to only expose environment variables that are user-configurable.
## Security
- **Added** stricter validation of CSRs when Istio is functioning as the RA and is configured with an external CA for workload certificate signing.
([Issue #51966](https://github.com/istio/istio/issues/51966))
- **Improved** the ability to use SPIRE for SDS by allowing a custom server socket filename. Previously, SPIRE docs forced the SPIRE SDS server be configured to use the Istio-default SDS socket name. This release introduces `WORKLOAD_IDENTITY_SOCKET_FILE` as an agent environment variable. If set to a non-default value, the agent will expect to find a non-Istio SDS server socket at the hard-coded path: `WorkloadIdentityPath/WORKLOAD_IDENTITY_SOCKET_FILE` and will throw an error if no healthy socket was found. Otherwise, it will listen to it. If this is unset, the agent will start and Istio default SDS server instance with a hard-coded path and hard-coded socket file of: `WorkloadIdentityPath/DefaultWorkloadIdentitySocketFile` and listen to it. This removes/replaces the agent environment variable `USE_EXTERNAL_WORKLOAD_SDS` (added in #45941)([Issue #48845](https://github.com/istio/istio/issues/48845))
## Telemetry
- **Added** [access log formatter](https://www.envoyproxy.io/docs/envoy/latest/api-v3/config/formatter/formatter) support for OpenTelemetry. Users can add `CEL`/`METADATA`/`REQ_WITHOUT_QUERY` commands after all proxies are upgraded to Istio 1.23+.
- **Fixed** an issue where the status code was unset when using OpenTelemetry tracing.
([Issue #50195](https://github.com/istio/istio/issues/50195))
- **Fixed** an issue where the span name was not set when using the OpenTelemetry tracing provider.
- **Fixed** `statsMatcher`'s regular expression not matching a route's `stat_prefix`.
- **Fixed** an issue where the `cluster_name` and `http_conn_manager_prefix` labels were incorrectly truncated for services without a `.svc.cluster.local` suffix.
- **Removed** Istio Stackdriver metrics from XDS.
([Issue #50808](https://github.com/istio/istio/issues/50808))
- **Removed** the OpenCensus tracer from Istio XDS.
([Issue #50808](https://github.com/istio/istio/issues/50808))
- **Removed** the feature flag `ENABLE_OTEL_BUILTIN_RESOURCE_LABELS`.
## Extensibility
- **Removed** internal multi-version protobuf files from the API. This is an internal change for most users. If you directly consume Istio APIs as protobufs, read the upgrade notes.
([Issue #3127](https://github.com/istio/api/issues/3127))
## Installation
- **Added** `.Values.pilot.trustedZtunnelNamespace` to the `istiod` Helm chart. Set this if installing ztunnel to a different namespace from `istiod`. This value supersedes `.Values.pilot.env.CA_TRUSTED_NODE_ACCOUNTS` (which is still respected if set).
- **Added** the `releaseChannel:extended` flag to non-GA features and APIs. ([Issue #173](https://github.com/istio/enhancements/issues/173))
- **Added** outlier log path configuration to the mesh proxy config which allows users to configure the path to the outlier detection log file.
([Issue #50781](https://github.com/istio/istio/issues/50781))
- **Added** an `ambient` umbrella Helm chart that wraps the baseline Istio components required for installing Istio with ambient support.
- **Added** support for readiness checks over https to istiod for use in clusters utilizing a remote control plane for sidecar injection.
([Issue #51506](https://github.com/istio/istio/issues/51506))
- **Fixed** an issue where the CNI plugin inherited the CNI agent log level.
- **Fixed** an issue with service account annotation formatting by removing dashes.
([Issue #51289](https://github.com/istio/istio/issues/51289))
- **Fixed** an issue where custom annotations were not propagated to the ztunnel chart.
- **Fixed** an issue where `sidecar.istio.io/proxyImage` annotation was ignored during the gateway injection.
([Issue #51888](https://github.com/istio/istio/issues/51888))
- **Fixed** an issue where netlink errors were not be correctly parsed, leading to `istio-cni` not properly ignoring leftover ipsets.
- **Improved** CNI logging config.
([Issue #50958](https://github.com/istio/istio/issues/50958))
- **Improved** the Helm installation for Istiod multi-cluster for primary-remote. Now, Helm installations only require setting `global.externalIstiod`, instead of also requiring `pilot.env.EXTERNAL_ISTIOD` to be set.
([Issue #51595](https://github.com/istio/istio/issues/51595))
- **Removed** `values.cni.logLevel` is now deprecated. Use `values.{cni|global}.logging.level` instead.
- **Updated** the [`distroless`](/docs/ops/configuration/security/harden-docker-images/) images to be based on [Wolfi](https://wolfi.dev).
This should have no user-facing impact.
- **Updated** Kiali addon to version 1.87.0.
- **Upgraded** base debug images to use the latest Ubuntu LTS, `ubuntu:noble`. Previously, `ubuntu:focal` was used.
## istioctl
- **Added** a status subcommand that prints out the status of gateway(s) for a given namespace. ([Issue #51294](https://github.com/istio/istio/issues/51294))
- **Added** the ability for users to set the `seccompProfile.type` (e.g. to `RuntimeDefault`) for auto deployed waypoints by setting `values.gateways.seccompProfile.type` in the istiod injection config.
- **Added** an `overwrite` flag to `istioctl apply` command to allow overwriting existing resources in the cluster (initially, just namespace waypoint enrollments).
([Issue #51312](https://github.com/istio/istio/issues/51312))
- **Improved** the output for `istioctl version` to be more user-friendly. ([Issue #51296](https://github.com/istio/istio/issues/51296))
- **Improved** the `istioctl proxy-status` command.
- Each status now includes the time since the last change.
- If a proxy is not subscribed to a resource, it will now be shown as `IGNORED` instead of `NOT SENT`. `NOT SENT` continues to be used for resources that are requested, but never sent.
- Include a new `ERROR` status when configuration is rejected.
## Samples
- **Improved** the look and feel of the Bookinfo app.

29
content/en/news/releases/1.23.x/announcing-1.23/upgrade-notes/index.md Normal file
View File

@ -0,0 +1,29 @@
---
title: Istio 1.23 Upgrade Notes
description: Important changes to consider when upgrading to Istio 1.23.0.
weight: 20
publishdate: 2024-08-14
---
When upgrading from Istio 1.22.x to Istio 1.23.x, please consider the changes on this page.
These notes detail the changes which purposefully break backwards compatibility with Istio 1.22.x.
The notes also mention changes which preserve backwards compatibility while introducing new behavior.
Changes are only included if the new behavior would be unexpected to a user of Istio 1.22.x.
## Internal API protobuf changes
If you do not use Istio APIs from Go (via `istio.io/api` or `istio.io/client-go`) or Protobuf (from `istio.io/api`), this change does not impact you.
In prior versions, Istio APIs had identical contents replicated across multiple versions.
For example, the same `VirtualService` protobuf message is defined 3 times (`v1alpha3`, `v1beta1`, and `v1`).
These schemas are identical except in the package they reside in.
In this version of Istio, these have been consolidated down to a single version.
For resources that had multiple versions, the oldest version is retained.
* If you use Istio APIs only via Kubernetes (YAML), there is no impact at all.
* If you use Istio APIs by Go types, there is essentially no impact.
Each removed version has been replaced with type aliases to the remaining version, ensuring backwards compatibility.
However, niche use cases (reflection, etc) may have some impact.
* If you use Istio APIs directly by Protobuf, and use newer versions, these will no longer be included as part of the API.
Please reach out to the team if you are impacted.