Icon Istio 1.0.3

This release addresses some critical issues found by the community when using Istio 1.0.2. This release note describes what’s different between Istio 1.0.2 and Istio 1.0.3.

Behavior changes

  • Validating webhook is now mandatory. Disabling it may result in Pilot crashes.

  • Service entry no longer allows wildcard (*) DNS resolution. The API has never allowed this, however ServiceEntry was erroneously excluded from validation in the previous release.

  • The core dump path for istio-proxy has changed to /var/lib/istio.

Networking

  • Mutual TLS Permissive mode is enabled by default.

  • Pilot performance and scalability has been greatly enhanced. Pilot now delivers endpoint updates to 500 sidecars in under 1 second.

  • Default trace sampling is set to 1%.

Policy and telemetry

  • Mixer (istio-telemetry) now supports load shedding based on request rate and expected latency.

  • Mixer client (istio-policy) now supports FAIL_OPEN setting.

  • Istio Performance dashboard added to Grafana.

  • Reduced istio-telemetry CPU usage by 10%.

  • Eliminated statsd-to-prometheus deployment. Prometheus now directly scrapes from istio-proxy.