-
Notifications
You must be signed in to change notification settings - Fork 7.6k
Istio Release 1.5
All dates are tentative
- January 24th Code freeze
- February 18th Community Testing Day 1
- February 25th Community Testing Day 2
- March 5th 1.5.0 release date
- Francois Pesce @fpesce
- Mariam John @johnma14
- Daniel Grimm @dgn
Available to the community here
For any new, user facing changes targeting Istio 1.5, please add a note below. Examples can be found from the previous release: https://istio.io/news/2019/announcing-1.3/#release-notes
Traffic Management:
- Added support for configuring locality load balancing settings in Destination Rule (https://github.com/istio/istio/pull/18406)
- Enable protocol sniffing on inbound traffic by default (https://github.com/istio/istio/pull/18666)
- Enhance Pilot to send only partial XDS updates when config changes (https://github.com/istio/istio/pull/18354)
- Enhance Envoy readiness probe (TODO Rama Chavali)
- Optimize EDS pushes (https://github.com/istio/istio/pull/18412)
- Virtual Service, Destination Rule, Gateway, Sidecar and Service Entry APIs now support the v1beta1 version (https://github.com/istio/api/pull/1232)
Security:
- Graduated SDS to stable and enabled by default. It provides identity provisioning for Istio Envoy proxies.
- Added Beta authentication API. The new API separates peer (i.e mutual TLS) and origin (JWT) authentication into PeerAuthentication and RequestAuthentication respectively. Both new APIs are workload-oriented, as opposed to service-oriented in alpha AuthenticationPolicy.
- Added deny semantics to Authorization Policy
- Graduated auto mutual TLS from alpha to beta. This feature is now enabled by default.
- Improved SDS security by merging Node Agent with Pilot Agent as Istio Agent and removing cross-pod UDS, which no longer requires users to deploy Kubernetes pod security policies for UDS connections.
- Improved Istio by including certificate provisioning functionality within istiod.
- Added Support Kubernetes first-party-jwt as a fallback token for CSR authentication in clusters where third-party-jwt is not supported.
- Added Support Istio CA and Kubernetes CA to provision certificates for the control plane, configurable via values.global.pilotCertProvider.
- Added Istio Agent provisions a key and certificates for Prometheus.
Telemetry:
Policy:
Configuration Management:
Installation & Upgrades:
Istioctl and Kubectl:
Others:
- Use golang implementation for istio-iptables instead of bash script (https://github.com/istio/istio/pull/18962)
- Return an error upon fail to obtain pod info (https://github.com/istio/cni/pull/223)
On January 21st, the release-1.5
branch will be created, based on master
. Any changes on master
before this date will be included in the release. Any changes after will have to be cherry picked.
To get a PR merged into the release branch, it must first be merged into the master
branch. PRs can automatically be cherrypicked by typing by adding the cherrypick/release-1.5
label to the PR.
A PR on the release branch will only be approved if:
- The change is already on
master
.- exception: if a change only applies to the release branch, and should not go to
master
, a change can be submitted directly to the release branch, but please note this in the PR description.
- exception: if a change only applies to the release branch, and should not go to
- The change is a bug fix, documentation enhancement, or testing enhancement.
- Changes that are risky may require a feature flag, especially after the 1.5.0 release.
- Any change not meeting the above, such as a new feature or API, may require TOC approval.
Note: on the istio.io repo, changes should go directly to master
until after the 1.5.0 launch. The changes will appear on preliminary istio.io.
Visit istio.io to learn how to use Istio.
- Preparing for Development Mac
- Preparing for Development Linux
- Troubleshooting Development Environment
- Repository Map
- GitHub Workflow
- Github Gmail Filters
- Using the Code Base
- Developing with Minikube
- Remote Debugging
- Verify your Docker Environment
- Istio Test Framework
- Working with Prow
- Test Grid
- Code Coverage FAQ
- Writing Good Integration Tests
- Test Flakes
- Release Manager Expectations
- Preparing Istio Releases
- 1.5 Release Information
- 1.6 Release Information
- 1.7 Release Information
- 1.8 Release Information
- 1.9 Release Information
- 1.10 Release Information
- 1.11 Release Information
- 1.12 Release Information
- 1.13 Release Information
- 1.14 Release Information
- 1.15 Release Information
- 1.16 Release Information
- 1.17 Release Information
- 1.18 Release Information
- 1.19 Release Information
- 1.20 Release Information
- 1.21 Release Information
- 1.22 Release Information
- Collecting Logs and Debug Info
- Dependency FAQ
- Working with discuss.istio.io
- Developing with and hosting upon OpenShift
- Adapter Dev Guide
- Adapter Walkthrough
- Attribute Generating Adapter Walkthrough
- Route Directive Adapter Development Guide
- Out of Tree Adapter Walkthrough
- Running a Local Instance
- Template Dev Guide
- Using a Custom Adapter
- Publishing Adapters and Templates to istio.io
- Enabling Envoy Authorization Service and gRPC Access Log Service With Mixer