istio
/
istio.io
mirror of https://github.com/istio/istio.io.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
istio.io/archive/v1.3/news/2019/announcing-1.3/index.html

39 lines
38 KiB
HTML
Raw Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

<!doctype html><html lang=en itemscope itemtype=https://schema.org/WebPage><head><meta charset=utf-8><meta http-equiv=x-ua-compatible content="IE=edge"><meta name=viewport content="width=device-width,initial-scale=1,shrink-to-fit=no"><meta name=theme-color content=#466BB0><meta name=title content="Announcing Istio 1.3"><meta name=description content="Istio 1.3 release announcement."><meta name=author content="The Istio Team"><meta name=keywords content=microservices,services,mesh><meta property=og:title content="Announcing Istio 1.3"><meta property=og:type content=website><meta property=og:description content="Istio 1.3 release announcement."><meta property=og:url content=/v1.3/news/2019/announcing-1.3/><meta property=og:image content=/v1.3/img/istio-whitelogo-bluebackground-framed.svg><meta property=og:image:alt content="Istio Logo"><meta property=og:image:width content=112><meta property=og:image:height content=150><meta property=og:site_name content=Istio><meta name=twitter:card content=summary><meta name=twitter:site content=@IstioMesh><title>Istioldie 1.3 / Announcing Istio 1.3</title><script async src="https://www.googletagmanager.com/gtag/js?id=UA-98480406-2"></script><script>window.dataLayer=window.dataLayer||[];function gtag(){dataLayer.push(arguments);}
gtag('js',new Date());gtag('config','UA-98480406-2');</script><link rel=alternate type=application/rss+xml title="Istio Blog" href=/v1.3/blog/feed.xml><link rel=alternate type=application/rss+xml title="Istio News" href=/v1.3/news/feed.xml><link rel=alternate type=application/rss+xml title="Istio Blog and News" href=/v1.3/feed.xml><link rel="shortcut icon" href=/v1.3/favicons/favicon.ico><link rel=apple-touch-icon href=/v1.3/favicons/apple-touch-icon-180x180.png sizes=180x180><link rel=icon type=image/png href=/v1.3/favicons/favicon-16x16.png sizes=16x16><link rel=icon type=image/png href=/v1.3/favicons/favicon-32x32.png sizes=32x32><link rel=icon type=image/png href=/v1.3/favicons/android-36x36.png sizes=36x36><link rel=icon type=image/png href=/v1.3/favicons/android-48x48.png sizes=48x48><link rel=icon type=image/png href=/v1.3/favicons/android-72x72.png sizes=72x72><link rel=icon type=image/png href=/v1.3/favicons/android-96x96.png sizes=96xW96><link rel=icon type=image/png href=/v1.3/favicons/android-144x144.png sizes=144x144><link rel=icon type=image/png href=/v1.3/favicons/android-192x192.png sizes=192x192><link rel=manifest href=/v1.3/manifest.json><meta name=apple-mobile-web-app-title content=Istio><meta name=application-name content=Istio><link rel=stylesheet href="https://fonts.googleapis.com/css?family=Work+Sans:400|Chivo:400|Work+Sans:500,300,600,300italic,400italic,500italic,600italic|Chivo:500,300,600,300italic,400italic,500italic,600italic"><link rel=stylesheet href=/v1.3/css/all.css><script src=/v1.3/js/themes_init.min.js></script></head><body class="language-unknown archive-site"><script>const branchName="release-1.3";const docTitle="Announcing Istio 1.3";const iconFile="\/v1.3/img/icons.svg";const buttonCopy='Copy to clipboard';const buttonPrint='Print';const buttonDownload='Download';</script><script src="https://www.google.com/cse/brand?form=search-form" defer></script><script src=/v1.3/js/all.min.js data-manual defer></script><header><nav><a id=brand href=/v1.3/><span class=logo><svg viewBox="0 0 300 300"><circle cx="150" cy="150" r="146" stroke-width="2" /><path d="M65 240H225L125 270z"/><path d="M65 230l60-10V110z"/><path d="M135 220l90 10L135 30z"/></svg></span><span class=name>Istioldie 1.3</span></a><div id=hamburger><svg class="icon"><use xlink:href="/v1.3/img/icons.svg#hamburger"/></svg></div><div id=header-links><a title="Learn how to deploy, use, and operate Istio." href=/v1.3/docs/>Docs</a>
<a title="Posts about using Istio." href=/v1.3/blog/2019/proxy/>Blog</a>
<span title="Timely news about the Istio project.">News</span>
<a title="Frequently Asked Questions about Istio." href=/v1.3/faq/>FAQ</a>
<a title="Get a bit more in-depth info about the Istio project." href=/v1.3/about/>About</a><div class=menu><button id=gearDropdownButton class=menu-trigger title="Options and settings" aria-label="Options and Settings" aria-controls=gearDropdownContent><svg class="icon"><use xlink:href="/v1.3/img/icons.svg#gear"/></svg></button><div id=gearDropdownContent class=menu-content aria-labelledby=gearDropdownButton role=menu><a tabindex=-1 role=menuitem class=active id=light-theme-item>Light Theme</a>
<a tabindex=-1 role=menuitem id=dark-theme-item>Dark Theme</a><div role=separator></div><a tabindex=-1 role=menuitem id=syntax-coloring-item>Color Examples</a><div role=separator></div><h6>Other versions of this site</h6><a tabindex=-1 role=menuitem onclick="navigateToUrlOrRoot('https://istio.io/news\/2019\/announcing-1.3\/');return false;">Current Release</a>
<a tabindex=-1 role=menuitem onclick="navigateToUrlOrRoot('https://preliminary.istio.io/news\/2019\/announcing-1.3\/');return false;">Next Release</a>
<a tabindex=-1 role=menuitem href=https://archive.istio.io>Older Releases</a></div></div><button id=search-show title="Search this site" aria-label=Search><svg class="icon"><use xlink:href="/v1.3/img/icons.svg#magnifier"/></svg></button></div><form id=search-form name=cse role=search><input type=hidden name=cx value=013699703217164175118:iwwf17ikgf4>
<input type=hidden name=ie value=utf-8>
<input type=hidden name=hl value=en>
<input type=hidden id=search-page-url value=/v1.3/search>
<input id=search-textbox class=form-control name=q type=search aria-label="Search this site">
<button id=search-close title="Cancel search" type=reset aria-label="Cancel search"><svg class="icon"><use xlink:href="/v1.3/img/icons.svg#cancel-x"/></svg></button></form></nav></header><main class=primary><div id=sidebar-container class="sidebar-container sidebar-offcanvas"><nav id=sidebar aria-label="Section Navigation"><div class=directory><div class=card><button class="header dynamic" id=card0 title="News items for 2019." aria-controls=card0-body><svg class="icon"><use xlink:href="/v1.3/img/icons.svg#newspaper"/></svg>2019 News</button><div class="body default" aria-labelledby=card0 role=region id=card0-body><ul role=tree aria-expanded=true class=leaf-section aria-labelledby=card0><li role=none><a role=treeitem title="Istio 1.3.5 release announcement." href=/v1.3/news/2019/announcing-1.3.5/>Announcing Istio 1.3.5</a></li><li role=none><a role=treeitem title="Upcoming Istio 1.2 end of life announcement." href=/v1.3/news/2019/announcing-1.2-eol/>Support for Istio 1.2 ends on December 13th, 2019</a></li><li role=none><a role=treeitem title="Security vulnerability disclosure for CVE-2019-18817." href=/v1.3/news/2019/istio-security-2019-006/>Security Update - ISTIO-SECURITY-2019-006</a></li><li role=none><a role=treeitem title="Istio 1.2.9 patch release." href=/v1.3/news/2019/announcing-1.2.9/>Announcing Istio 1.2.9</a></li><li role=none><a role=treeitem title="Istio 1.3.4 release announcement." href=/v1.3/news/2019/announcing-1.3.4/>Announcing Istio 1.3.4</a></li><li role=none><a role=treeitem title="Istio 1.2.8 patch release." href=/v1.3/news/2019/announcing-1.2.8/>Announcing Istio 1.2.8</a></li><li role=none><a role=treeitem title="Istio 1.1.17 patch release." href=/v1.3/news/2019/announcing-1.1.17/>Announcing Istio 1.1.17</a></li><li role=none><a role=treeitem title="Istio 1.1 end of life announcement." href=/v1.3/news/2019/announcing-1.1-eol-final/>Support for Istio 1.1 has ended</a></li><li role=none><a role=treeitem title="Istio 1.3.3 release announcement." href=/v1.3/news/2019/announcing-1.3.3/>Announcing Istio 1.3.3</a></li><li role=none><a role=treeitem title="Istio 1.1.16 patch release." href=/v1.3/news/2019/announcing-1.1.16/>Announcing Istio 1.1.16</a></li><li role=none><a role=treeitem title="Istio 1.2.7 patch release." href=/v1.3/news/2019/announcing-1.2.7/>Announcing Istio 1.2.7</a></li><li role=none><a role=treeitem title="Istio 1.3.2 patch release." href=/v1.3/news/2019/announcing-1.3.2/>Announcing Istio 1.3.2</a></li><li role=none><a role=treeitem title="Security vulnerability disclosure for CVE-2019-15226." href=/v1.3/news/2019/istio-security-2019-005/>Security Update - ISTIO-SECURITY-2019-005</a></li><li role=none><a role=treeitem title="Istio 1.3.1 release announcement." href=/v1.3/news/2019/announcing-1.3.1/>Announcing Istio 1.3.1</a></li><li role=none><a role=treeitem title="Istio 1.2.6 patch release." href=/v1.3/news/2019/announcing-1.2.6/>Announcing Istio 1.2.6</a></li><li role=none><a role=treeitem title="Istio 1.1.15 patch release." href=/v1.3/news/2019/announcing-1.1.15/>Announcing Istio 1.1.15</a></li><li role=none><span role=treeitem class=current title="Istio 1.3 release announcement.">Announcing Istio 1.3</span></li><li role=none><a role=treeitem title="An erroneous 1.2.4 sidecar image was available due to a faulty release operation." href=/v1.3/news/2019/incorrect-sidecar-image-1.2.4/>Istio 1.2.4 sidecar image vulnerability</a></li><li role=none><a role=treeitem title="Istio 1.1.14 patch release." href=/v1.3/news/2019/announcing-1.1.14/>Announcing Istio 1.1.14</a></li><li role=none><a role=treeitem title="Istio 1.2.5 patch release." href=/v1.3/news/2019/announcing-1.2.5/>Announcing Istio 1.2.5</a></li><li role=none><a role=treeitem title="Upcoming Istio 1.1 end of life announcement." href=/v1.3/news/2019/announcing-1.1-eol/>Support for Istio 1.1 ends on September 19th, 2019</a></li><li role=none><a role=treeitem title="Istio 1.1.13 patch release." href=/v1.3/news/2019/announcing-1.1.13/>Announcing Istio 1.1.13</a></li><li role=none><a role=treeitem title="Istio 1.2.4 patch release." href=/v1.3/news/2019/announcing-1.2.4/>Announcing Istio 1.2.4</a></li><li role=none><a role=treeitem title="Security vulnerability disclosure for multiple CVEs." href=/v1.3/news/2019/istio-security-003-004/>Security Update - ISTIO-SECURITY-2019-003 and ISTIO-SECURITY-2019-004</a></li><li role=none><a role=treeitem title="Istio 1.1.12 patch release." href=/v1.3/news/2019/announcing-1.1.12/>Announcing Istio 1.1.12</a></li><li role=none><a role=treeitem title="Istio 1.2.3 patch release." href=/v1.3/news/2019/announcing-1.2.3/>Announcing Istio 1.2.3</a></li><li role=none><a role=treeitem title="Istio 1.1.11 patch release." href=/v1.3/news/2019/announcing-1.1.11/>Announcing Istio 1.1.11</a></li><li role=none><a role=treeitem title="Istio 1.0.9 patch release." href=/v1.3/news/2019/announcing-1.0.9/>Announcing Istio 1.0.9</a></li><li role=none><a role=treeitem title="Istio 1.1.10 patch release." href=/v1.3/news/2019/announcing-1.1.10/>Announcing Istio 1.1.10</a></li><li role=none><a role=treeitem title="Istio 1.2.2 patch release." href=/v1.3/news/2019/announcing-1.2.2/>Announcing Istio 1.2.2</a></li><li role=none><a role=treeitem title="Security vulnerability disclosure for CVE-2019-12995." href=/v1.3/news/2019/cve-2019-12995/>Security Update - CVE-2019-12995</a></li><li role=none><a role=treeitem title="Istio 1.2.1 patch release." href=/v1.3/news/2019/announcing-1.2.1/>Announcing Istio 1.2.1</a></li><li role=none><a role=treeitem title="Istio 1.0 end of life announcement." href=/v1.3/news/2019/announcing-1.0-eol-final/>Support for Istio 1.0 has ended</a></li><li role=none><a role=treeitem title="Istio 1.2 release announcement." href=/v1.3/news/2019/announcing-1.2/>Announcing Istio 1.2</a></li><li role=none><a role=treeitem title="Istio 1.1.9 patch release." href=/v1.3/news/2019/announcing-1.1.9/>Announcing Istio 1.1.9</a></li><li role=none><a role=treeitem title="Istio 1.0.8 patch release." href=/v1.3/news/2019/announcing-1.0.8/>Announcing Istio 1.0.8</a></li><li role=none><a role=treeitem title="Istio 1.1.8 patch release." href=/v1.3/news/2019/announcing-1.1.8/>Announcing Istio 1.1.8</a></li><li role=none><a role=treeitem title="Security vulnerability disclosure for CVE-2019-12243." href=/v1.3/news/2019/cve-2019-12243/>Security Update - CVE-2019-12243</a></li><li role=none><a role=treeitem title="Upcoming Istio 1.0 end of life announcement." href=/v1.3/news/2019/announcing-1.0-eol/>Support for Istio 1.0 ends on June 19th, 2019</a></li><li role=none><a role=treeitem title="Istio 1.1.7 patch release." href=/v1.3/news/2019/announcing-1.1.7/>Announcing Istio 1.1.7</a></li><li role=none><a role=treeitem title="Istio 1.1.6 patch release." href=/v1.3/news/2019/announcing-1.1.6/>Announcing Istio 1.1.6</a></li><li role=none><a role=treeitem title="Istio 1.1.5 patch release." href=/v1.3/news/2019/announcing-1.1.5/>Announcing Istio 1.1.5</a></li><li role=none><a role=treeitem title="Istio 1.1.4 patch release." href=/v1.3/news/2019/announcing-1.1.4/>Announcing Istio 1.1.4</a></li><li role=none><a role=treeitem title="Istio 1.1.3 patch release." href=/v1.3/news/2019/announcing-1.1.3/>Announcing Istio 1.1.3</a></li><li role=none><a role=treeitem title="Istio 1.0.7 patch releases." href=/v1.3/news/2019/announcing-1.0.7/>Announcing Istio 1.0.7 with Important Security Update</a></li><li role=none><a role=treeitem title="Istio 1.1.2 patch release." href=/v1.3/news/2019/announcing-1.1.2/>Announcing Istio 1.1.2 with Important Security Update</a></li><li role=none><a role=treeitem title="Istio 1.1.1 patch release." href=/v1.3/news/2019/announcing-1.1.1/>Announcing Istio 1.1.1</a></li><li role=none><a role=treeitem title="Istio 1.1 release announcement." href=/v1.3/news/2019/announcing-1.1/>Announcing Istio 1.1</a></li><li role=none><a role=treeitem title="Istio 1.0.6 patch release." href=/v1.3/news/2019/announcing-1.0.6/>Announcing Istio 1.0.6</a></li><li role=none><a role=treeitem title="Istio has a new discussion board." href=/v1.3/news/2019/announcing-discuss.istio.io/>Announcing discuss.istio.io</a></li></ul></div></div><div class=card><button class="header dynamic" id=card1 title="News items for 2018." aria-controls=card1-body><svg class="icon"><use xlink:href="/v1.3/img/icons.svg#newspaper"/></svg>2018 News</button><div class=body aria-labelledby=card1 role=region id=card1-body><ul role=tree aria-expanded=true class=leaf-section aria-labelledby=card1><li role=none><a role=treeitem title="Istio 1.0.5 patch release." href=/v1.3/news/2018/announcing-1.0.5/>Announcing Istio 1.0.5</a></li><li role=none><a role=treeitem title="Istio 1.0.4 patch release." href=/v1.3/news/2018/announcing-1.0.4/>Announcing Istio 1.0.4</a></li><li role=none><a role=treeitem title="Istio 1.0.3 patch release." href=/v1.3/news/2018/announcing-1.0.3/>Announcing Istio 1.0.3</a></li><li role=none><a role=treeitem title="Istio 1.0.2 patch release." href=/v1.3/news/2018/announcing-1.0.2/>Announcing Istio 1.0.2</a></li><li role=none><a role=treeitem title="Istio 1.0.1 patch release." href=/v1.3/news/2018/announcing-1.0.1/>Announcing Istio 1.0.1</a></li><li role=none><a role=treeitem title="Istio is ready for production use with its 1.0 release." href=/v1.3/news/2018/announcing-1.0/>Announcing Istio 1.0</a></li><li role=none><a role=treeitem title="Istio 0.8 announcement." href=/v1.3/news/2018/announcing-0.8/>Announcing Istio 0.8</a></li><li role=none><a role=treeitem title="Istio 0.7 announcement." href=/v1.3/news/2018/announcing-0.7/>Announcing Istio 0.7</a></li><li role=none><a role=treeitem title="Istio 0.6 announcement." href=/v1.3/news/2018/announcing-0.6/>Announcing Istio 0.6</a></li><li role=none><a role=treeitem title="Istio 0.5 announcement." href=/v1.3/news/2018/announcing-0.5/>Announcing Istio 0.5</a></li></ul></div></div><div class=card><button class="header dynamic" id=card2 title="News items for 2017." aria-controls=card2-body><svg class="icon"><use xlink:href="/v1.3/img/icons.svg#newspaper"/></svg>2017 News</button><div class=body aria-labelledby=card2 role=region id=card2-body><ul role=tree aria-expanded=true class=leaf-section aria-labelledby=card2><li role=none><a role=treeitem title="Istio 0.4 announcement." href=/v1.3/news/2017/announcing-0.4/>Announcing Istio 0.4</a></li><li role=none><a role=treeitem title="Istio 0.3 announcement." href=/v1.3/news/2017/announcing-0.3/>Announcing Istio 0.3</a></li><li role=none><a role=treeitem title="Istio 0.2 announcement." href=/v1.3/news/2017/announcing-0.2/>Announcing Istio 0.2</a></li><li role=none><a role=treeitem title="Istio 0.1 announcement." href=/v1.3/news/2017/announcing-0.1/>Introducing Istio</a></li></ul></div></div></div></nav></div><div class=article-container><button tabindex=-1 id=sidebar-toggler title="Toggle the navigation bar"><svg class="icon"><use xlink:href="/v1.3/img/icons.svg#pull"/></svg></button><nav aria-label=Breadcrumb><ol><li><a href=/v1.3/ title="Connect, secure, control, and observe services.">Istio</a></li><li><a href=/v1.3/news/ title="Timely news about the Istio project.">News</a></li><li><a href=/v1.3/news/2019/ title="News items for 2019.">2019 News</a></li><li>Announcing Istio 1.3</li></ol></nav><article aria-labelledby=title><div class=title-area><div><h1 id=title>Announcing Istio 1.3</h1><p class=subtitle>Major Update</p><p class=byline><span>By</span>
<span class=attribution>The Istio Team</span><span> | </span><span><svg class="icon"><use xlink:href="/v1.3/img/icons.svg#calendar"/></svg><span>&nbsp;</span>September 12, 2019</span><span> | </span><span title="1349 words"><svg class="icon"><use xlink:href="/v1.3/img/icons.svg#clock"/></svg><span>&nbsp;</span>7 minute read</span></p></div></div><nav class=toc-inlined aria-label="Table of Contents"><div><hr><ol><li role=none aria-label="Intelligent protocol detection (experimental)"><a href=#intelligent-protocol-detection-experimental>Intelligent protocol detection (experimental)</a><li role=none aria-label="Mixer-less telemetry (experimental)"><a href=#mixer-less-telemetry-experimental>Mixer-less telemetry (experimental)</a><li role=none aria-label="Container ports are no longer required"><a href=#container-ports-are-no-longer-required>Container ports are no longer required</a><li role=none aria-label="Fully customize generated Envoy configuration"><a href=#fully-customize-generated-envoy-configuration>Fully customize generated Envoy configuration</a><li role=none aria-label="Other enhancements"><a href=#other-enhancements>Other enhancements</a><li role=none aria-label="Release notes"><a href=#release-notes>Release notes</a><ol><li role=none aria-label=Installation><a href=#installation>Installation</a><li role=none aria-label="Traffic management"><a href=#traffic-management>Traffic management</a><li role=none aria-label=Security><a href=#security>Security</a><li role=none aria-label=Telemetry><a href=#telemetry>Telemetry</a><li role=none aria-label=Policy><a href=#policy>Policy</a><li role=none aria-label="Configuration management"><a href=#configuration-management>Configuration management</a><li role=none aria-label=istioctl><a href=#istioctl><code>istioctl</code></a><li role=none aria-label=Other><a href=#other>Other</a></ol></li></ol><hr></div></nav><p>We are pleased to announce the release of Istio 1.3!</p><div class=call-to-action><button class="btn update-notice" data-title="Update Notice" data-downloadhref=https://github.com/istio/istio/releases/tag/1.3.0 data-updateadvice="Before you download 1.3, you should know that there's a newer patch release with the latest bug fixes and perf improvements." data-updatebutton="LEARN ABOUT ISTIO 1.3.5" data-updatehref=/v1.3/news/2019/announcing-1.3.5/>
DOWNLOAD 1.3</button>
<a class=btn href=https://istio.io/docs>1.3 DOCS</a></div><p>The theme of Istio 1.3 is User Experience:</p><ul><li>Improve the experience of new users adopting Istio</li><li>Improve the experience of users debugging problems</li><li>Support more applications without any additional configuration</li></ul><p>Every few releases, the Istio team delivers dramatic improvements to usability, APIs, and the overall system performance. Istio 1.3 is one such release, and the team is very excited to roll out some key updates.</p><h2 id=intelligent-protocol-detection-experimental>Intelligent protocol detection (experimental)</h2><p>To take advantage of Istio&rsquo;s routing features, service ports must use a special port naming format to explicitly declare the protocol. This requirement can cause problems for users that do not name their ports when they add their applications to the mesh. Starting with 1.3, the protocol for outbound traffic is automatically detected as HTTP or TCP when the ports are not named according to Istio&rsquo;s conventions. We will be polishing this feature in the upcoming releases with support for protocol sniffing on inbound traffic as well as identifying protocols other than HTTP.</p><h2 id=mixer-less-telemetry-experimental>Mixer-less telemetry (experimental)</h2><p>Yes, you read that right! We implemented most of the common security policies, such as RBAC, directly into Envoy. We previously turned off the <code>istio-policy</code> service by default and are now on track to migrate most of Mixer&rsquo;s telemetry functionality into Envoy as well. In this release, we have enhanced the Istio proxy to emit HTTP metrics directly to Prometheus, without requiring the <code>istio-telemetry</code> service to enrich the information. This enhancement is great if all you care about is telemetry for HTTP services. Follow the <a href=https://github.com/istio/istio/wiki/Mixerless-HTTP-Telemetry>Mixer-less HTTP telemetry instructions</a> to experiment with this feature. We are polishing this feature in the coming months to add telemetry support for TCP services when you enable Istio mutual TLS.</p><h2 id=container-ports-are-no-longer-required>Container ports are no longer required</h2><p>Previous releases required that pods explicitly declare the Kubernetes <code>containerPort</code> for each container as a security measure against trampolining traffic. Istio 1.3 has a secure and simpler way of handling all inbound traffic on any port into a <span class=term data-title="Workload Instance" data-body='&lt;p&gt;A single instantiation of a &lt;a href="#workload"&gt;workload&amp;rsquo;s&lt;/a&gt; binary.
A workload instance can expose zero or more &lt;a href="#service-endpoint"&gt;service endpoints&lt;/a&gt;,
and can consume zero or more &lt;a href="#service"&gt;services&lt;/a&gt;.&lt;/p&gt;
&lt;p&gt;Workload instances have a number of properties:&lt;/p&gt;
&lt;ul&gt;
&lt;li&gt;Name and namespace&lt;/li&gt;
&lt;li&gt;Unique ID&lt;/li&gt;
&lt;li&gt;IP Address&lt;/li&gt;
&lt;li&gt;Labels&lt;/li&gt;
&lt;li&gt;Principal&lt;/li&gt;
&lt;/ul&gt;
&lt;p&gt;These properties are available in policy and telemetry configuration
using the many &lt;a href="/docs/reference/config/policy-and-telemetry/attribute-vocabulary/"&gt;&lt;code&gt;source.*&lt;/code&gt; and &lt;code&gt;destination.*&lt;/code&gt; attributes&lt;/a&gt;.&lt;/p&gt;'>workload instance</span> without requiring the <code>containerPort</code> declarations. We have also completely eliminated the infinite loops caused in the IP tables rules when workload instances send traffic to themselves.</p><h2 id=fully-customize-generated-envoy-configuration>Fully customize generated Envoy configuration</h2><p>While Istio 1.3 focuses on usability, expert users can use advanced features in Envoy that are not part of the Istio Networking APIs. We enhanced the <code>EnvoyFilter</code> API to allow users to fully customize:</p><ul><li>The HTTP/TCP listeners and their filter chains returned by LDS</li><li>The Envoy HTTP route configuration returned by the RDS</li><li>The set of clusters returned by CDS</li></ul><p>You get the best of both worlds:</p><p>Leverage Istio to integrate with Kubernetes and handle large fleets of Envoys in an efficient manner, while you still can customize the generated Envoy configuration to meet specific requirements within your infrastructure.</p><h2 id=other-enhancements>Other enhancements</h2><ul><li><p><code>istioctl</code> gained many debugging features to help you highlight various issues in your mesh installation. Checkout the <code>istioctl</code> <a href=/v1.3/docs/reference/commands/istioctl/>reference page</a> for the set of all supported features.</p></li><li><p>Locality aware load balancing graduated from experimental to default in this release too. Istio now takes advantage of existing locality information to prioritize load balancing pools and favor sending requests to the closest backends.</p></li><li><p>Better support for headless services with Istio mutual TLS</p></li><li><p>We enhanced control plane monitoring in the following ways:</p><ul><li>Added new metrics to monitor configuration state</li><li>Added metrics for sidecar injector</li><li>Added a new Grafana dashboard for Citadel</li><li>Improved the Pilot dashboard to expose additional key metrics</li></ul></li><li><p>Added the new <a href=/v1.3/docs/concepts/deployment-models/>Istio Deployment Models concept</a> to help you decide what deployment model suits your needs.</p></li><li><p>Organized the content in of our <a href=/v1.3/docs/ops/>Operations Guide</a> and created a <a href=/v1.3/docs/ops/troubleshooting>section with all troubleshooting tasks</a> to help you find the information you seek faster.</p></li></ul><p>As always, there is a lot happening in the <a href=https://github.com/istio/community#community-meeting>Community Meeting</a>; join us every other Thursday at 11 AM Pacific.</p><p>The growth and success of Istio is due to its 400+ contributors from over 300 companies. Join one of our <a href=https://github.com/istio/community/blob/master/WORKING-GROUPS.md>Working Groups</a> and help us make Istio even better.</p><p>To join the conversation, go to <a href=https://discuss.istio.io>discuss.istio.io</a>, log in with your GitHub credentials and join us!</p><h2 id=release-notes>Release notes</h2><h3 id=installation>Installation</h3><ul><li><strong>Added</strong> experimental <a href=/v1.3/docs/setup/install/operator/>manifest and profile commands</a> to install and manage the Istio control plane for evaluation.</li></ul><h3 id=traffic-management>Traffic management</h3><ul><li><strong>Added</strong> <a href=/v1.3/docs/ops/traffic-management/protocol-selection/>automatic determination</a> of HTTP or TCP for outbound traffic when ports are not named according to Istios <a href=/v1.3/docs/setup/additional-setup/requirements/>conventions</a>.</li><li><strong>Added</strong> a mode to the Gateway API for mutual TLS operation.</li><li><strong>Fixed</strong> issues present when a service communicates over the network first in permissive mutual TLS mode for protocols like MySQL and MongoDB.</li><li><strong>Improved</strong> Envoy proxy readiness checks. They now check Envoy&rsquo;s readiness status.</li><li><strong>Improved</strong> container ports are no longer required in the pod spec. All ports are <a href=/v1.3/faq/traffic-management/#controlling-inbound-ports>captured by default</a>.</li><li><strong>Improved</strong> the <code>EnvoyFilter</code> API. You can now add or update all configurations.</li><li><strong>Improved</strong> the Redis load balancer to now default to <a href=https://www.envoyproxy.io/docs/envoy/v1.6.0/intro/arch_overview/load_balancing#maglev><code>MAGLEV</code></a> when using the Redis proxy.</li><li><strong>Improved</strong> load balancing to direct traffic to the <a href=/v1.3/faq/traffic-management/#controlling-inbound-ports>same region and zone</a> by default.</li><li><strong>Improved</strong> Pilot by reducing CPU utilization. The reduction approaches 90% depending on the specific deployment.</li><li><strong>Improved</strong> the <code>ServiceEntry</code> API to allow for the same hostname in different namespaces.</li><li><strong>Improved</strong> the <a href=/v1.3/docs/reference/config/networking/v1alpha3/sidecar/#OutboundTrafficPolicy>Sidecar API</a> to customize the <code>OutboundTrafficPolicy</code> policy.</li></ul><h3 id=security>Security</h3><ul><li><strong>Added</strong> trust domain validation for services using mutual TLS. By default, the server only authenticates the requests from the same trust domain.</li><li><strong>Added</strong> <a href=/v1.3/docs/concepts/security/#how-citadel-determines-whether-to-create-service-account-secrets>labels</a> to control service account secret generation by namespace.</li><li><strong>Added</strong> SDS support to deliver the private key and certificates to each Istio control plane service.</li><li><strong>Added</strong> support for <a href=/v1.3/docs/ops/troubleshooting/controlz/>introspection</a> to Citadel.</li><li><strong>Added</strong> metrics to the <code>/metrics</code> endpoint of Citadel Agent on port 15014 to monitor the SDS service.</li><li><strong>Added</strong> diagnostics to the Citadel Agent using the <code>/debug/sds/workload</code> and <code>/debug/sds/gateway</code> on port 8080.</li><li><strong>Improved</strong> the ingress gateway to <a href=/v1.3/docs/tasks/traffic-management/ingress/secure-ingress-sds/#configure-a-mutual-tls-ingress-gateway>load the trusted CA certificate from a separate secret</a> when using SDS.</li><li><strong>Improved</strong> SDS security by enforcing the usage of <a href=/v1.3/blog/2019/trustworthy-jwt-sds>Kubernetes Trustworthy JWTs</a>.</li><li><strong>Improved</strong> Citadel Agent logs by unifying the logging pattern.</li><li><strong>Removed</strong> support for Istio SDS when using <a href=/v1.3/blog/2019/trustworthy-jwt-sds>Kubernetes versions earlier than 1.13</a>.</li><li><strong>Removed</strong> integration with Vault CA temporarily. SDS requirements caused the temporary removal but we will reintroduce Vault CA integration in a future release.</li><li><strong>Enabled</strong> the Envoy JWT filter by default to improve security and reliability.</li></ul><h3 id=telemetry>Telemetry</h3><ul><li><strong>Added</strong> Access Log Service <a href=https://www.envoyproxy.io/docs/envoy/latest/api-v2/service/accesslog/v2/als.proto#grpc-access-log-service-als>ALS</a> support for Envoy gRPC.</li><li><strong>Added</strong> a Grafana dashboard for Citadel monitoring.</li><li><strong>Added</strong> <a href=/v1.3/docs/reference/commands/sidecar-injector/#metrics>metrics</a> for monitoring the sidecar injector webhook.</li><li><strong>Added</strong> control plane metrics to monitor Istio&rsquo;s configuration state.</li><li><strong>Added</strong> telemetry reporting for traffic destined to the <code>Passthrough</code> and <code>BlackHole</code> clusters.</li><li><strong>Added</strong> alpha support for in-proxy generation of service metrics using Prometheus.</li><li><strong>Added</strong> alpha support for environmental metadata in Envoy node metadata.</li><li><strong>Added</strong> alpha support for Proxy Metadata Exchange.</li><li><strong>Added</strong> alpha support for the OpenCensus trace driver.</li><li><strong>Improved</strong> reporting for external services by removing requirements to add a service entry.</li><li><strong>Improved</strong> the mesh dashboard to provide monitoring of Istio&rsquo;s configuration state.</li><li><strong>Improved</strong> the Pilot dashboard to expose additional key metrics to more clearly identify errors.</li><li><strong>Removed</strong> deprecated <code>Adapter</code> and <code>Template</code> custom resource definitions (CRDs).</li><li><strong>Deprecated</strong> the HTTP API spec used to produce API attributes. We will remove support for producing API attributes in Istio 1.4.</li></ul><h3 id=policy>Policy</h3><ul><li><strong>Improved</strong> rate limit enforcement to allow communication when the quota backend is unavailable.</li></ul><h3 id=configuration-management>Configuration management</h3><ul><li><strong>Fixed</strong> Galley to stop too many gRPC pings from closing connections.</li><li><strong>Improved</strong> Galley to avoid control plane upgrade failures.</li></ul><h3 id=istioctl><code>istioctl</code></h3><ul><li><strong>Added</strong> <a href=/v1.3/docs/reference/commands/istioctl/#istioctl-experimental-manifest><code>istioctl experimental manifest</code></a> to manage the new experimental install manifests.</li><li><strong>Added</strong> <a href=/v1.3/docs/reference/commands/istioctl/#istioctl-experimental-profile><code>istioctl experimental profile</code></a> to manage the new experimental install profiles.</li><li><strong>Added</strong> <a href=/v1.3/docs/reference/commands/istioctl/#istioctl-experimental-metrics><code>istioctl experimental metrics</code></a></li><li><strong>Added</strong> <a href=/v1.3/docs/reference/commands/istioctl/#istioctl-experimental-describe-pod><code>istioctl experimental describe pod</code></a> to describe an Istio pod&rsquo;s configuration.</li><li><strong>Added</strong> <a href=/v1.3/docs/reference/commands/istioctl/#istioctl-experimental-add-to-mesh><code>istioctl experimental add-to-mesh</code></a> to add Kubernetes services or virtual machines to an existing Istio service mesh.</li><li><strong>Added</strong> <a href=/v1.3/docs/reference/commands/istioctl/#istioctl-experimental-remove-from-mesh><code>istioctl experimental remove-from-mesh</code></a> to remove Kubernetes services or virtual machines from an existing Istio service mesh.</li><li><strong>Promoted</strong> the <a href=/v1.3/docs/reference/commands/istioctl/#istioctl-convert-ingress><code>istioctl experimental convert-ingress</code></a> command to <code>istioctl convert-ingress</code>.</li><li><strong>Promoted</strong> the <a href=/v1.3/docs/reference/commands/istioctl/#istioctl-dashboard><code>istioctl experimental dashboard</code></a> command to <code>istioctl dashboard</code>.</li></ul><h3 id=other>Other</h3><ul><li><strong>Added</strong> new images based on <a href=/v1.3/docs/ops/security/harden-docker-images/>distroless</a> base images.</li><li><strong>Improved</strong> the Istio CNI Helm chart to have consistent versions with Istio.</li><li><strong>Improved</strong> Kubernetes Jobs behavior. Kubernetes Jobs now exit correctly when the job manually calls the <code>/quitquitquit</code> endpoint.</li></ul></article><nav class=pagenav><div class=left><a title="Istio 1.1.15 patch release." href=/v1.3/news/2019/announcing-1.1.15/><svg class="icon"><use xlink:href="/v1.3/img/icons.svg#left-arrow"/></svg>Announcing Istio 1.1.15</a></div><div class=right><a title="An erroneous 1.2.4 sidecar image was available due to a faulty release operation." href=/v1.3/news/2019/incorrect-sidecar-image-1.2.4/>Istio 1.2.4 sidecar image vulnerability<svg class="icon"><use xlink:href="/v1.3/img/icons.svg#right-arrow"/></svg></a></div></nav><div id=endnotes-container aria-hidden=true><h2>Links</h2><ol id=endnotes></ol></div></div><div class=toc-container><nav class=toc aria-label="Table of Contents"><div id=toc><ol><li role=none aria-label="Intelligent protocol detection (experimental)"><a href=#intelligent-protocol-detection-experimental>Intelligent protocol detection (experimental)</a><li role=none aria-label="Mixer-less telemetry (experimental)"><a href=#mixer-less-telemetry-experimental>Mixer-less telemetry (experimental)</a><li role=none aria-label="Container ports are no longer required"><a href=#container-ports-are-no-longer-required>Container ports are no longer required</a><li role=none aria-label="Fully customize generated Envoy configuration"><a href=#fully-customize-generated-envoy-configuration>Fully customize generated Envoy configuration</a><li role=none aria-label="Other enhancements"><a href=#other-enhancements>Other enhancements</a><li role=none aria-label="Release notes"><a href=#release-notes>Release notes</a><ol><li role=none aria-label=Installation><a href=#installation>Installation</a><li role=none aria-label="Traffic management"><a href=#traffic-management>Traffic management</a><li role=none aria-label=Security><a href=#security>Security</a><li role=none aria-label=Telemetry><a href=#telemetry>Telemetry</a><li role=none aria-label=Policy><a href=#policy>Policy</a><li role=none aria-label="Configuration management"><a href=#configuration-management>Configuration management</a><li role=none aria-label=istioctl><a href=#istioctl><code>istioctl</code></a><li role=none aria-label=Other><a href=#other>Other</a></ol></li></ol></div></nav></div></main><footer><div class=user-links><a class=channel title="Go download Istio 1.3.5 now" href=/v1.3/docs/setup#downloading-the-release aria-label="Download Istio"><span>download</span><svg class="icon"><use xlink:href="/v1.3/img/icons.svg#download"/></svg>
</a><a class=channel title="Join the Istio discussion board to participate in discussions and get help troubleshooting problems" href=https://discuss.istio.io aria-label="Istio discussion board"><span>discuss</span><svg class="icon"><use xlink:href="/v1.3/img/icons.svg#discourse"/></svg></a>
<a class=channel title="Stack Overflow is where you can ask questions and find curated answers on deploying, configuring, and using Istio" href=https://stackoverflow.com/questions/tagged/istio aria-label="Stack Overflow"><span>stack overflow</span><svg class="icon"><use xlink:href="/v1.3/img/icons.svg#stackoverflow"/></svg></a>
<a class=channel title="Interactively discuss issues with the Istio community on Slack" href=https://istio.slack.com aria-label=slack><span>slack</span><svg class="icon"><use xlink:href="/v1.3/img/icons.svg#slack"/></svg></a>
<a class=channel title="Follow us on Twitter to get the latest news" href=https://twitter.com/IstioMesh aria-label=Twitter><span>twitter</span><svg class="icon"><use xlink:href="/v1.3/img/icons.svg#twitter"/></svg></a><div class=tag>for everyone</div></div><div class=info><p class=copyright>Istio Archive
1.3.5<br>&copy; 2019 Istio Authors, <a href=https://policies.google.com/privacy>Privacy Policy</a><br>Archived on November 14, 2019</p></div><div class=dev-links><a class=channel title="GitHub is where development takes place on Istio code" href=https://github.com/istio/community aria-label=GitHub><span>github</span><svg class="icon"><use xlink:href="/v1.3/img/icons.svg#github"/></svg></a>
<a class=channel title="Access our team drive if you'd like to take a look at the Istio technical design documents" href=https://groups.google.com/forum/#!forum/istio-team-drive-access aria-label="team drive"><span>drive</span><svg class="icon"><use xlink:href="/v1.3/img/icons.svg#drive"/></svg></a>
<a class=channel title="If you'd like to contribute to the Istio project, consider participating in our working groups" href=https://github.com/istio/community/blob/master/WORKING-GROUPS.md aria-label="working groups"><span>working groups</span><svg class="icon"><use xlink:href="/v1.3/img/icons.svg#working-groups"/></svg></a><div class=tag>for developers</div></div></footer><script src=https://cdnjs.cloudflare.com/ajax/libs/popper.js/1.14.7/umd/popper.min.js defer></script><div id=scroll-to-top-container aria-hidden=true><button id=scroll-to-top title="Back to top"><svg class="icon"><use xlink:href="/v1.3/img/icons.svg#top"/></svg></button></div></body></html>
Reference in New Issue View Git Blame Copy Permalink