istio
/
istio.io
mirror of https://github.com/istio/istio.io.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

[release-1.18] Release Notes (#13269) 

* initial draft

* Fix typo

* remove 1.22 k8s warning

* Updating supportStatus table

* Update content/en/news/releases/1.18.x/announcing-1.18/_index.md

Co-authored-by: jacob-delgado <jacob.delgado@volunteers.acasi.info>

* Update content/en/news/releases/1.18.x/announcing-1.18/_index.md

Co-authored-by: Xiaopeng Han <hanxiaop8@outlook.com>

* Review fixes

* Fix trailing -

* Finished first draft

* Minor change

* Fixed linting issues save for link checking

* Update content/en/news/releases/1.18.x/announcing-1.18/_index.md

Co-authored-by: Eric Van Norman <ericvn@us.ibm.com>

* Update content/en/news/releases/1.18.x/announcing-1.18/upgrade-notes/index.md

Co-authored-by: Eric Van Norman <ericvn@us.ibm.com>

* Update content/en/news/releases/1.18.x/announcing-1.18/change-notes/index.md

Co-authored-by: Eric Van Norman <ericvn@us.ibm.com>

* Update content/en/news/releases/1.18.x/announcing-1.18/upgrade-notes/index.md

Co-authored-by: Eric Van Norman <ericvn@us.ibm.com>

* Update content/en/news/releases/1.18.x/announcing-1.18/change-notes/index.md

Co-authored-by: Eric Van Norman <ericvn@us.ibm.com>

* Update content/en/news/releases/1.18.x/announcing-1.18/change-notes/index.md

Co-authored-by: Eric Van Norman <ericvn@us.ibm.com>

* Update content/en/news/releases/1.18.x/announcing-1.18/_index.md

Co-authored-by: Eric Van Norman <ericvn@us.ibm.com>

* Minor wording change

* Update content/en/news/releases/1.18.x/announcing-1.18/change-notes/index.md

Co-authored-by: Eric Van Norman <ericvn@us.ibm.com>

* Update content/en/news/releases/1.18.x/announcing-1.18/change-notes/index.md

Co-authored-by: Eric Van Norman <ericvn@us.ibm.com>

* Update content/en/news/releases/1.18.x/announcing-1.18/change-notes/index.md

Co-authored-by: Eric Van Norman <ericvn@us.ibm.com>

* Update content/en/news/releases/1.18.x/announcing-1.18/change-notes/index.md

Co-authored-by: Eric Van Norman <ericvn@us.ibm.com>

* Update content/en/news/releases/1.18.x/announcing-1.18/change-notes/index.md

Co-authored-by: Eric Van Norman <ericvn@us.ibm.com>

* Fix line break

* Update content/en/news/releases/1.18.x/announcing-1.18/change-notes/index.md

Co-authored-by: Eric Van Norman <ericvn@us.ibm.com>

* Fixing .spelling

* Update content/en/news/releases/1.18.x/announcing-1.18/change-notes/index.md

Co-authored-by: Eric Van Norman <ericvn@us.ibm.com>

* Update content/en/news/releases/1.18.x/announcing-1.18/change-notes/index.md

Co-authored-by: Eric Van Norman <ericvn@us.ibm.com>

* Update content/en/news/releases/1.18.x/announcing-1.18/change-notes/index.md

Co-authored-by: Eric Van Norman <ericvn@us.ibm.com>

* Minor fixes

* Update content/en/news/releases/1.18.x/announcing-1.18/change-notes/index.md

Co-authored-by: Eric Van Norman <ericvn@us.ibm.com>

* Update content/en/news/releases/1.18.x/announcing-1.18/change-notes/index.md

Co-authored-by: Eric Van Norman <ericvn@us.ibm.com>

* Review fixes

* Changes to .spelling

* Update content/en/news/releases/1.18.x/announcing-1.18/change-notes/index.md

Co-authored-by: Eric Van Norman <ericvn@us.ibm.com>

* Update release date

* Added more issue links

---------

Co-authored-by: jacob-delgado <jacob.delgado@volunteers.acasi.info>
Co-authored-by: Xiaopeng Han <hanxiaop8@outlook.com>
Co-authored-by: Eric Van Norman <ericvn@us.ibm.com>
This commit is contained in:
Paul Merrison 2023-06-07 14:06:04 +01:00 committed by GitHub
parent 471975255b
commit dd8967e655
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
7 changed files with 401 additions and 16 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
.spelling
View File

@ -25,9 +25,11 @@ _v3_
1.15.x
1.16.x
1.17.x
1.18.x
1.23.x
1.24.x
1.25.x
1.26.x
1.2.x
1.2.x.
1.3.x

12
content/en/docs/releases/supported-releases/index.md
View File

@ -61,10 +61,6 @@ As of now, data plane to data plane is compatible across all versions; however,
{{< support_status_table >}}
{{< warning >}}
[Kubernetes 1.22 removed some deprecated APIs](https://kubernetes.io/blog/2021/07/14/upcoming-changes-in-kubernetes-1-22/) and as a result versions of Istio prior to 1.10.0 will no longer work. If you are upgrading your Kubernetes version, make sure that your Istio version is still supported.
{{< /warning >}}
## Supported releases without known Common Vulnerabilities and Exposures (CVEs)
{{< warning >}}
@ -74,10 +70,10 @@ Please keep up-to-date and use a supported version.
| Minor Releases | Patched versions with no known CVEs |
| ---------------- | ---------------------------------------------------- |
| 1.17.x | 1.17.2+ |
| 1.16.x | 1.16.4+ |
| 1.18.x | 1.18.0 |
| 1.17.x | 1.17.2+ |
| 1.16.x | 1.16.4+ |
| 1.15.x | 1.15.7 - End of life. A new CVE will NOT be patched |
| 1.14 and earlier | None, all versions have known vulnerabilities. |
## Supported Envoy Versions
@ -87,8 +83,8 @@ The relationship between the two project's versions:
| Istio version | Envoy version |
| ------------- | ------------- |
| 1.18.x | 1.26.x |
| 1.17.x | 1.25.x |
| 1.16.x | 1.24.x |
| 1.15.x | 1.23.x |
In general, Istio releases tend to map one to one with Envoy releases. You can find the precise Envoy commit used by Istio in [`istio/proxy`](https://github.com/istio/proxy/blob/master/WORKSPACE#L38).

8
content/en/news/releases/1.18.x/_index.md Normal file
View File

@ -0,0 +1,8 @@
---
title: 1.18.x Releases
description: Announcements for the 1.18 release and its associated patch releases.
weight: 11
list_by_publishdate: true
layout: release-grid
decoration: dot
---

45
content/en/news/releases/1.18.x/announcing-1.18/_index.md Normal file
View File

@ -0,0 +1,45 @@
---
title: Announcing Istio 1.18.0
linktitle: 1.18.0
subtitle: Major Release
description: Istio 1.18 Release Announcement.
publishdate: 2023-06-07
release: 1.18.00
aliases:
- /news/announcing-1.18
- /news/announcing-1.18.0
---
We are pleased to announce the release of Istio 1.18. This is the second Istio release of 2023, and the first to ship with Ambient mode! We would like to thank the entire Istio community for helping get the 1.18.0 release published. We would like to thank the Release Managers for this release, `Paul Merrison` from Tetrate, `Kalya Subramanian` from Microsoft and `Xiaopeng Han` from DaoCloud. The release managers would specially like to thank the Test & Release WG lead Eric Van Norman (IBM) for his help and guidance throughout the release cycle. We would also like to thank the maintainers of the Istio work groups and the broader Istio community for helping us throughout the release process with timely feedback, reviews, community testing and for all your support to help ensure a timely release.
{{< relnote >}}
{{< tip >}}
Istio 1.18.0 is officially supported on Kubernetes versions `1.24` to `1.27`.
{{< /tip >}}
## What's new
### Ambient Mesh
Istio 1.18 marks the first release of ambient mesh, a new Istio data plane mode thats designed for simplified operations, broader application compatibility, and reduced infrastructure cost. For more details see the [announcement blog](/blog/2022/introducing-ambient-mesh/).
### Gateway API Support Improvements
Istio 1.18 improves support for the Kubernetes Gateway API, including support for extra v1beta1 resources and enhancements to automated deployment logic to no longer rely on pod injection. Users of Gateway API on Istio should review this release's upgrade notes for important guidance on upgrading.
### Proxy Concurrency Changes
Previously, the proxy `concurrency` setting, which configures how many worker threads the proxy runs,
was inconsistently configured between sidecars and different gateway installation mechanisms. In Istio 1.18, concurrency configuration has been tweaked to be consistent across deployment types. More details on this change can be found in the upgrade notes for this release.
### Enhancements to the `istioctl` command
Added a number of enhancements to the istioctl command including enhancements to the bug reporting process and various improvements to the istioctl analyze command.
## Upgrading to 1.18
We would like to hear from you regarding your experience upgrading to Istio 1.17. Please take a few minutes to respond to a [brief survey](https://forms.gle/99uiMML96AmsXY5d6) and let us know how we are doing and what we can do to improve.
You can also join the conversation at [Discuss Istio](https://discuss.istio.io/), or join our [Slack workspace](https://slack.istio.io/).
Would you like to contribute directly to Istio? Find and join one of our [Working Groups](https://github.com/istio/community/blob/master/WORKING-GROUPS.md) and help us improve.

285
content/en/news/releases/1.18.x/announcing-1.18/change-notes/index.md Normal file
View File

@ -0,0 +1,285 @@
---
title: Istio 1.18.0 Change Notes
linktitle: 1.18.0
subtitle: Minor Release
description: Istio 1.18.0 change notes.
publishdate: 2023-06-07
release: 1.18.0
weight: 20
---
## Deprecation Notices
These notices describe functionality that will be removed in a future release according to [Istio's deprecation policy](/docs/releases/feature-stages/#feature-phase-definitions). Please consider upgrading your environment to remove the deprecated functionality.
- There are no new deprecations in Istio 1.18.0
## Traffic Management
- **Improved** [Gateway API Automated Deployment](/docs/tasks/traffic-management/ingress/gateway-api/#automated-deployment) management logic. See Upgrade Notes for more information.
- **Updated** the VirtualService validation to fail on empty prefix header matcher. ([Issue #44424](https://github.com/istio/istio/issues/44424))
- **Updated** `ProxyConfig` resources with workload selector will be applied to Kubernetes `Gateway` pods
only if the specified label is `istio.io/gateway-name`. Other labels are ignored.
- **Added** provision to provide overridden/explicit value for `failoverPriority` label. This provided value is used while assigning priority for endpoints instead of the client's value.
([Issue #39111](https://github.com/istio/istio/issues/39111))
- **Added** prefix matching on query parameter. ([Issue #43710](https://github.com/istio/istio/issues/43710))
- **Added** health checks for those VMs that are not using auto-registration.
([Issue #44712](https://github.com/istio/istio/issues/44712))
- **Fixed** admission webhook fails with custom header value format.
([Issue #42749](https://github.com/istio/istio/issues/42749))
- **Fixed** fixed bug of Istio cannot be deployed on IPv6-first DS clusters for Dual Stack support in Istio.
([Optimized Design]( https://docs.google.com/document/d/15LP2XHpQ71ODkjCVItGacPgzcn19fsVhyE7ruMGXDyU/))([Original Design]( https://docs.google.com/document/d/1oT6pmRhOw7AtsldU0-HbfA0zA26j9LYiBD_eepeErsQ/)) ([Issue #40394](https://github.com/istio/istio/issues/40394))([Issue #41462](https://github.com/istio/istio/issues/41462))
- **Fixed** an issue where `EnvoyFilter` for `Cluster.ConnectTimeout` was affecting unrelated `Clusters`.
([Issue #43435](https://github.com/istio/istio/issues/43435))
- **Fixed** reporting Programmed condition on Gateway API Gateway resources.
([Issue #43498](https://github.com/istio/istio/issues/43498))
- **Fixed** an issue that when there are different Binds specified in the Gateways with the same port and different protocols, listeners are not generated correctly.
([Issue #43688](https://github.com/istio/istio/issues/43688))
- **Fixed** an issue that when there are different Binds specified in the Gateways with the same port and TCP protocol, listeners are not generated correctly.
([Issue #43775](https://github.com/istio/istio/issues/43775))
- **Fixed** an issue with service entry deletion not deleting the corresponding endpoints in some cases.
([Issue #43853](https://github.com/istio/istio/issues/43853))
- **Fixed** an issue where auto allocated service entry IPs change on host reuse.
([Issue #43858](https://github.com/istio/istio/issues/43858))
- **Fixed** `WorkloadEntry` resources never being cleaned up if multiple
`WorkloadEntries` were auto-registered with the same IP and network.
([Issue #43950](https://github.com/istio/istio/issues/43950))
- **Fixed** the `dns_upstream_failures_total` metric was mistakenly deleted in the previous release.
([Issue #44151](https://github.com/istio/istio/issues/44151))
- **Fixed** an issue where ServiceEntry and Service had undefined or empty workload selectors. If the workload selector is undefined or empty, ServiceEntry and Service should not select any `WorkloadEntry` or endpoint.
- **Fixed** An issue where a Service Entry configured with partial wildcard hosts generates a warning during validation as the config can some times generate invalid server name match. ([Issue #44195](https://github.com/istio/istio/issues/44195))
- **Fixed** an issue where `Istio Gateway` (Envoy) would crash due to a duplicate `istio_authn` network filter in the Envoy filter chain.
([Issue #44385](https://github.com/istio/istio/issues/44385))
- **Fixed** a bug where services are missing in gateways if `PILOT_FILTER_GATEWAY_CLUSTER_CONFIG` is enabled. ([Issue #44439](https://github.com/istio/istio/issues/44439))
- **Fixed** CPU usage abnormally high when cert specified by DestinationRule are invalid.
([Issue #44986](https://github.com/istio/istio/issues/44986))
- **Fixed** an issue where changing a label on a workload instance with a previously matched `ServiceEntry` would not properly get removed.
([Issue #42921](https://github.com/istio/istio/issues/42921))
- **Fixed** istiod not reconciling k8s gateway deployments and services when they are changed.
([Issue #43332](https://github.com/istio/istio/issues/43332))
- **Fixed** an issue where istiod does not retry resolving east-west gateway hostnames on failure.
([Issue #44155](https://github.com/istio/istio/issues/44155))
- **Fixed** an issue where istiod generates incorrect endpoints when it fails to resolve east-west gateway hostnames.
([Issue #44155](https://github.com/istio/istio/issues/44155))
- **Fixed** an issue where sidecars do not proxy DNS properly for a hostname backed by multiple services.
([Issue #43152](https://github.com/istio/istio/pull/43152))
- **Fixed** an issue where updating Service ExternalName does not take effect.
([Issue #43440](https://github.com/istio/istio/issues/43440))
- **Fixed** an issue causing VMs using auto-registration to ignore labels other than those defined in a `WorkloadGroup`.
([Issue #32210](https://github.com/istio/istio/issues/32210))
- **Upgraded** the gateway-api integration to read `v1beta1` resources for `ReferenceGrant`, `Gateway`, and `GatewayClass`. Users of the gateway-api must be on `v0.6.0+` before upgrading Istio. `istioctl x precheck` can detect this issue before upgrading.
- **Removed** support for `proxy.istio.io/config` annotation applied to Kubernetes `Gateway` pods.
- **Removed** support for `Ingress` version `networking.k8s.io/v1beta1`. The `v1` version has been available since Kubernetes 1.19.
- **Removed** `alpha` Gateway API types by default. They can be explicitly re-enabled with `PILOT_ENABLE_ALPHA_GATEWAY_API=true`.
- **Removed** the experimental "taint controller" for Istio CNI.
- **Removed** support for `EndpointSlice` version `discovery.k8s.io/v1beta1`. The `v1` version has been available since Kubernetes 1.21.
`EndpointSlice` `v1` is automatically used on Kubernetes 1.21+, while `Endpoints` is used on older versions.
This change only impacts users explicitly enabling `PILOT_USE_ENDPOINT_SLICE` on Kubernetes versions older than 1.21, which is no longer supported.
- **Removed** deprecated and unsupported status conditions `Ready`, `Scheduled`, and `Detached` from Gateway API.
## Security
- **Added** `--profiling` flag to allow enabling or disabling profiling on pilot-agent status port.
([Issue #41457](https://github.com/istio/istio/issues/41457))
- **Added** support for pushing additional federated trust domains from `caCertificates` to the peer SAN validator.
([Issue #41666](https://github.com/istio/istio/issues/41666))
- **Added** support for using P384 curves when using ECDSA ([PR #44459](https://github.com/istio/istio/pull/44459))
- **Added** `ecdh_curves` support for non `ISTIO_MUTUAL` traffic through MeshConfig API.
([Issue #41645](https://github.com/istio/istio/issues/41645))
- **Enabled** the `AUTO_RELOAD_PLUGIN_CERTS` env var by default for istiod to notice `cacerts` file changes in common cases (e.g. reload intermediate certs).
([Issue #43104](https://github.com/istio/istio/issues/43104))
- **Fixed** ignoring default CA certificate when `PeerCertificateVerifier` is created.
- **Fixed** issue with metadata handling for Azure platform. Support added for
`tagsList` serialization of tags on instance metadata.
([Issue #31176](https://github.com/istio/istio/issues/31176))
- **Fixed** an issue where RBAC updates were not sent to older proxies after upgrading istiod to 1.17.
([Issue #43785](https://github.com/istio/istio/issues/43785))
- **Fixed** handling of remote SPIFFE trust bundles containing multiple certs.
([Issue #44831](https://github.com/istio/istio/issues/44831))
- **Removed** support for the `certificates` field in `MeshConfig`. This was deprecated in 1.15, and does not work on Kubernetes 1.22+.
([Issue #36231](https://github.com/istio/istio/issues/36231))
## Telemetry
- **Added** support to control trace id length on Zipkin tracing provider.
([Issue #43359](https://github.com/istio/istio/issues/43359))
- **Added** support for `METADATA` command operator in access log.
([Issue #44074](https://github.com/istio/istio/issues/44074))
- **Added** metric expiry support, when env flags `METRIC_ROTATION_INTERVAL` and
`METRIC_GRACEFUL_DELETION_INTERVAL` are enabled.
- **Fixed** an issue where you could not disable tracing in `ProxyConfig`.
([Issue #31809](https://github.com/istio/istio/issues/31809))
- **Fixed** an issue where `ALL_METRICS` does not disable metrics as expected. ([PR #43179](https://github.com/istio/istio/pull/43179))
- **Fixed** a bug that would cause unexpected behavior when applying access logging configuration based on the direction of traffic. With this fix, access logging configuration for `CLIENT` or `SERVER` will not affect each other.
- **Fixed** pilot has an additional invalid gateway metric that was not created by the user.
- **Fixed** an issue where grpc stats are absent.
([Issue #43908](https://github.com/istio/istio/issues/43908)),([Issue #44144](https://github.com/istio/istio/issues/44144))
## Installation
- **Improved** `istioctl operator remove` command to run without the confirmation in the dry-run mode. ([PR #43120](https://github.com/istio/istio/pull/43120))
- **Improved** the `downloadIstioCtl.sh` script to not change to the home directory at the end. ([Issue #43771](https://github.com/istio/istio/issues/43771))
- **Improved** the default telemetry installation to configure `meshConfig.defaultProviders` instead of custom `EnvoyFilter`s
when advanced customizations are not used, improving performance.
- **Updated** the proxies `concurrency` configuration to always be detected based on CPU limits, unless explicitly configured. See upgrade notes for more info. ([PR #36884](https://github.com/istio/istio/pull/36884))
- **Updated** `Kiali` addon to version `v1.67.0`. ([PR #44498](https://github.com/istio/istio/pull/44498))
- **Added** env variables to support modifying grpc keepalive values.
([Issue #43256](https://github.com/istio/istio/issues/43256))
- **Added** support for scraping metrics in dual stack clusters.
([Issue #35915](https://github.com/istio/istio/issues/35915))
- **Added** make inbound port configurable.
([Issue #43655](https://github.com/istio/istio/issues/43655))
- **Added** injection of `istio.io/rev` annotation to sidecars and gateways for multi-revision observability.
- **Added** an automatically set GOMEMLIMIT to `istiod` to reduce the risk of out-of-memory issues.
([Issue #40676](https://github.com/istio/istio/issues/40676))
- **Added** support for labels to be added to the Gateway pod template via `.Values.labels`.
([Issue #41057](https://github.com/istio/istio/issues/41057)),([Issue #43585](https://github.com/istio/istio/issues/43585))
- **Added** check to limit the `clusterrole` for k8s CSR permissions for
external CA `usecases` by verifying `.Values.pilot.env.EXTERNAL_CA` and `.Values.global.pilotCertProvider` parameters.
- **Added** configurable node affinity to istio-cni `values.yaml`. Can be used to allow excluding istio-cni from being scheduled on specific nodes.
- **Fixed** SELinux issue on `CentOS9`/RHEL9 where iptables-restore isn't allowed
to open files in `/tmp`. Rules passed to iptables-restore are no longer written
to a file, but are passed via `stdin`.
([Issue #42485](https://github.com/istio/istio/issues/42485))
- **Fixed** an issue where webhook configuration was being modified in dry-run mode when installing Istio with istioctl. ([PR #44345](https://github.com/istio/istio/pull/44345))
- **Removed** injecting label `istio.io/rev` to gateways to avoid creating pods indefinitely when `istio.io/rev=<tag>`.
([Issue #33237](https://github.com/istio/istio/issues/33237))
- **Removed** operator skip reconcile for `iop` resources with names starting with `installed-state`. It now relies solely on the annotation `install.istio.io/ignoreReconcile`.
This won't affect the behavior of `istioctl install`.
([Issue #29394](https://github.com/istio/istio/issues/29394))
- **Removed** `kustomization.yaml` and `pre-generated` installation manifests (`gen-istio.yaml`, etc) from published releases.
These previously installed unsupported testing images, which led to accidental usage by users and tools such as Argo CD.
## istioctl
- **Improved** the `istioctl pc secret` output to display the certificate serial number in HEX. ([Issue #43765](https://github.com/istio/istio/issues/43765))
- **Improved** the `istioctl analyze` to output mismatched proxy image messages as IST0158 on namespace level instead of IST0105 on pod level, which is more succinct.
- **Added** `istioctl analyze` will display a error when encountering two additional erroneous Telemetry scenarios.
([Issue #43705](https://github.com/istio/istio/issues/43705))
- **Added** `--output-dir` flag to specify the output directory for the `bug-report` command's generated archive file.
([Issue #43842](https://github.com/istio/istio/issues/43842))
- **Added** credential validation when using `istioctl analyze` to validate the secrets specified with `credentialName` in Gateway resources.
([Issue #43891](https://github.com/istio/istio/issues/43891))
- **Added** an analyzer for showing warning messages when the deprecated `lightstep` provider is still being used.
([Issue #40027](https://github.com/istio/istio/issues/40027))
- **Added** istiod metrics to `bug-report`, and a few more debug points like `telemetryz`.
([Issue #44062](https://github.com/istio/istio/issues/44062))
- **Added** a "VHOST NAME" column to the output of `istioctl pc route`.
([Issue #44413](https://github.com/istio/istio/issues/44413))
- **Added** local flags `--ui-port` for different `istioctl dashboard` commands to allow users to specify the component UI port to use for the dashboard.
- **Fixed** Server Side Apply is enabled by default for Kubernetes cluster versions above 1.22
or be detected if it can be run in Kubernetes versions 1.18-1.21.
- **Fixed** `istioctl install --set <boolvar>=<bool>` and `istioctl manifests generate --set <boolvar>=<bool>` improperly converting a boolean into a string. ([Issue #43355](https://github.com/istio/istio/issues/43355))
- **Fixed** `istioctl experimental describe` not showing all weighted routes when the VirtualService is defined to split traffic across multiple services.
([Issue #43368](https://github.com/istio/istio/issues/43368))
- **Fixed** `istioctl x precheck` displays unwanted IST0136 messages which are set by Istio as default.
([Issue #36860](https://github.com/istio/istio/issues/36860))
- **Fixed** a bug in `istioctl analyze` where some messages are missed when there are services with no selector in the analyzed namespace.
- **Fixed** resource namespace resolution for `istioctl` commands.
- **Fixed** an issue where specifying the directory for temporary artifacts with `--dir` when using `istioctl bug-report` did not work.
([Issue #43835](https://github.com/istio/istio/issues/43835))
- **Fixed** `istioctl experimental revision describe` warning gateway is not enabled when gateway exists.
([Issue #44002](https://github.com/istio/istio/issues/44002))
- **Fixed** `istioctl experimental revision describe` has incorrect number of egress gateways.
([Issue #44002](https://github.com/istio/istio/issues/44002))
- **Fixed** inaccuracies in analysis results when analyzing configuration files with empty content.
- **Fixed** `istioctl analyze` no longer expects pods and runtime resources when analyzing files.
([Issue #40861](https://github.com/istio/istio/issues/40861))
- **Fixed** `istioctl analyze` to prevent panic when the server port in Gateway is nil. ([Issue #44318](https://github.com/istio/istio/issues/44318))
- **Fixed** the `istioctl experimental revision list` `REQD-COMPONENTS` column data being incomplete and general output format.
- **Fixed** `istioctl operator remove` cannot remove the operator controller due to a `no Deployment detected` error.
([Issue #43659](https://github.com/istio/istio/issues/43659))
- **Fixed** `istioctl verify-install` fails when using multiple `iops`.
([Issue #42964](https://github.com/istio/istio/issues/42964))
- **Fixed** `istioctl experimental wait` has undecipherable message when `PILOT_ENABLE_CONFIG_DISTRIBUTION_TRACKING` is not enabled. ([PR #43023](https://github.com/istio/istio/pull/43023))

49
content/en/news/releases/1.18.x/announcing-1.18/upgrade-notes/index.md Normal file
View File

@ -0,0 +1,49 @@
---
title: Istio 1.18 Upgrade Notes
description: Important changes to consider when upgrading to Istio 1.18.0.
weight: 20
publishdate: 2023-06-07
---
When you upgrade from Istio 1.17.x to Istio 1.18.0, you need to consider the changes on this page.
These notes detail the changes which purposefully break backwards compatibility with Istio `1.17.x.`
The notes also mention changes which preserve backwards compatibility while introducing new behavior.
Changes are only included if the new behavior would be unexpected to a user of Istio `1.17.x.`
## Proxy Concurrency changes
Previously, the proxy `concurrency` setting, which configures how many worker threads the proxy runs,
was inconsistently configured between sidecars and different gateway installation mechanisms.
This often led to gateways running with concurrency based on the number of physical cores on the host machine,
despite having CPU limits, leading to decreased performance and increased resource usage.
In this release, concurrency configuration has been tweaked to be consistent across deployment types.
The new logic will use the `ProxyConfig.Concurrency` setting (which can be configured mesh wide or per-pod), if set, and otherwise set concurrency based on the CPU limit allocated to the container. For example, a limit of `2500m` would set concurrency to 3.
Prior to this release, sidecars followed this logic, but sometimes incorrectly determined the CPU limit.
Gateways would never automatically adapt based on concurrency settings.
To retain the old gateway behavior of always utilizing all cores, `proxy.istio.io/config: concurrency: 0` can be set on each gateway. However, it is recommended to instead unset CPU limits if this is desired.
## Gateway API Automated Deployment changes
This change impacts you only if you use [Gateway API Automated Deployment](/docs/tasks/traffic-management/ingress/gateway-api/#automated-deployment).
Note that this only applies to the Kubernetes Gateway API, not the Istio `Gateway`.
You can check if you are using this feature with the following command:
{{< text bash >}}
$ kubectl get gateways.gateway.networking.k8s.io -ojson | jq -r '.items[] | select(.spec.gatewayClassName == "istio") | select((.spec.addresses | length) == 0) | "Found managed gateway: " + .metadata.namespace + "/" + .metadata.name'
Found managed gateway: default/gateway
{{< /text >}}
If you see "Found managed gateway", you may be impacted by this change.
Prior to Istio 1.18, the managed gateway worked by creating a minimal Deployment configuration which
was fully populated at runtime with Pod injection. To upgrade gateways, users would restart the Pods
to trigger a re-injection.
In Istio 1.18, this has changed to create a fully rendered Deployment and no longer rely on injection.
As a result, *Gateways will be updated, via a rolling restart, when their revision changes*.
Additionally, users using this feature must update their control plane to Istio 1.16.5+ or 1.17.3+ before adopting Istio 1.18.
Failure to do so may lead to conflicting writes to the same resources.

16
data/compatibility/supportStatus.yml
View File

@ -5,8 +5,14 @@
supported: "No, development only"
releaseDate:
eolDate:
k8sVersions: ["1.23", "1.24", "1.25", "1.26"]
testedK8sVersions: ["1.20", "1.21", "1.22"]
k8sVersions: ["1.24", "1.25", "1.26", "1.27"]
testedK8sVersions: ["1.20", "1.21", "1.22", "1.23"]
- version: "1.18"
supported: "Yes"
releaseDate: "Jun 3, 2023"
eolDate: "~Dec 2023 (Expected)"
k8sVersions: ["1.24", "1.25", "1.26", "1.27"]
testedK8sVersions: ["1.20", "1.21", "1.22", "1.23"]
- version: "1.17"
supported: "Yes"
releaseDate: "Feb 14, 2023"
@ -37,9 +43,3 @@
eolDate: "Oct 12, 2022"
k8sVersions: ["1.20", "1.21", "1.22", "1.23"]
testedK8sVersions: ["1.16", "1.17", "1.18", "1.19"]
- version: "1.12"
supported: "No"
releaseDate: "Nov 18, 2021"
eolDate: "Jul 12, 2022"
k8sVersions: ["1.19", "1.20", "1.21", "1.22"]
testedK8sVersions: ["1.16", "1.17", "1.18"]