Istio 1.0.3
This release addresses some critical issues found by the community when using Istio 1.0.2. This release note describes what's different between Istio 1.0.2 and Istio 1.0.3.
Behavior changes
Validating webhook is now mandatory. Disabling it may result in Pilot crashes.
Service entry no longer allows wildcard (
*
) DNS resolution. The API has never allowed this, howeverServiceEntry
was erroneously excluded from validation in the previous release.The core dump path for
istio-proxy
has changed to/var/lib/istio
.
Networking
Mutual TLS Permissive mode is enabled by default.
Pilot performance and scalability has been greatly enhanced. Pilot now delivers endpoint updates to 500 sidecars in under 1 second.
Default trace sampling is set to 1%.
Policy and telemetry
Mixer (
istio-telemetry
) now supports load shedding based on request rate and expected latency.Mixer client (
istio-policy
) now supportsFAIL_OPEN
setting.Istio Performance dashboard added to Grafana.
Reduced
istio-telemetry
CPU usage by 10%.Eliminated
statsd-to-prometheus
deployment. Prometheus now directly scrapes fromistio-proxy
.