1.5 Change Notes
Improved performance of the
ServiceEntry resource by avoiding unnecessary full pushes
Improved Envoy sidecar readiness probe to more accurate determine readiness #18164.
Improved performance of Envoy proxy configuration updates via xDS by sending partial updates where possible #18354.
Added an option to configure locality load balancing settings for each targeted service via destination rule #18406.
Fixed an issue where pods crashing would trigger excessive Envoy proxy configuration pushes #18574.
Fixed issues with applications such as headless services to call themselves directly without going through Envoy proxy #19308.
Added detection of
iptables failure when using Istio CNI
consecutive5xxErrors as outlier detection options within destination rule
EnvoyFilter matching performance
Added support for
iptables setup to use
iptables-restore by default
Improved Gateway performance by filtering unused clusters. This setting is disabled by default #20124. Security
Graduated SDS to stable and enabled by default. It provides identity provisioning for Istio Envoy proxies.
Added Beta authentication API. The new API separates peer (i.e mutual TLS) and origin (JWT) authentication into and
respectively. Both new APIs are workload-oriented, as opposed to service-oriented in alpha
Added deny semantics and exclusion matching to Authorization Policy.
Graduated auto mutual TLS from alpha to beta. This feature is now enabled by default.
Improved SDS security by merging Node Agent with Pilot Agent as Istio Agent and removing cross-pod UDS, which no longer requires users to deploy Kubernetes pod security policies for UDS connections.
Improved Istio by including certificate provisioning functionality within Istiod.
Added Support Kubernetes as a fallback token for CSR authentication in clusters where
is not supported.
Added Support Istio CA and Kubernetes CA to provision certificates for the control plane, configurable via
Added Istio Agent provisions a key and certificates for Prometheus. Telemetry
Added TCP protocol support for v2 telemetry.
Added gRPC response status code support in metrics/logs.
Added support for Istio Canonical Service.
Improved stability of v2 telemetry pipeline.
Added alpha-level support for configurability in v2 telemetry.
Added support for populating AWS platform metadata in Envoy node metadata.
Improved Stackdriver adapter for Mixer to support configurable flush intervals for tracing data.
Added support for a headless collector service to the Jaeger addon.
kubernetesenv adapter to provide proper support for pods that contain a dot in their name.
Improved the Fluentd adapter for Mixer to provide millisecond-resolution in exported timestamps. Configuration management
Replaced the alpha
IstioControlPlane API with the new
API to align with existing
istioctl operator init and
istioctl operator remove commands.
Improved reconciliation speed with caching .
Graduated out of experimental.
Added various analyzers: mutual TLS, JWT,
ServiceAssociation, Secret, sidecar image, port name and policy deprecated analyzers.
Updated more validation rules for
Added a new flag
to analyze the entire cluster.
Added support for analyzing content passed via
Added to show a list of all analyzers available.
istioctl analyze -L
Added the ability to suppress messages from .
Added structured format options to .
Added links to relevant documentation to output.
Updated annotation methods provided by Istio API in .
Updated now loads files from a directory.
Updated to try to associate message with their source filename.
Updated to print the namespace that is being analyzed.
Updated to analyze in-cluster resources by default.
Fixed bug where suppressed cluster-level resource messages.
Added support for multiple input files to
IstioControlPlane API with the
Added selector for .
Added support for slices and lists in flag.
istioctl manifest --set
Added support for to read profiles from
docker/istioctl image #19079.
Was this information useful?
Thanks for your feedback!