Announcing Istio 1.9.4
Istio 1.9.4 patch release.
This release contains bug fixes to improve robustness. This release note describes what’s different between Istio 1.9.3 and Istio 1.9.4
BEFORE YOU UPGRADE
Things to know and prepare before upgrading.
DOWNLOAD
Download and install this release.
DOCS
Visit the documentation for this release.
SOURCE CHANGES
Inspect the full set of source code changes.
Changes
Fixed an issue where the Istio operator prunes all resources created by the operator, including itself. Now the operator will only remove resources belonging to the custom resource. (Issue #30833)
Fixed an issue ensuring lease duration is always greater than the user configured
RENEW_DEADLINEfor Istio operator manager. (Issue #27509)Fixed an issue where a certificate provisioned by sidecar proxy cannot be used by Prometheus. (Issue #29919)
Fixed an issue that creates an IOP under
istio-systemwhen installing Istio in another namespace. (Issue #31517)Fixed an issue when using
PeerAuthenticationto turn off mTLS while using multi-network. Now non-mTLS endpoints will be removed from cross-network load-balancing endpoints to prevent 500 errors. (Issue #28798)Fixed
istiodnever becoming ready when it fails to read resources from clusters configured via remote secrets. After a timeout configured byPILOT_REMOTE_CLUSTER_TIMEOUT(default30s),istiodwill become ready without syncing remote clusters. The statremote_cluster_sync_timeoutswill be incremented when this occurs. (Issue #30838)Fixed an issue where
istiodwill not create a self-signed root CA andistio-ca-root-certconfigmap whenvalues.global.pilotCertProvideriskubernetes. (Issue #32023)Improved the
istioctl x workloadcommand to configure VMs to disable inboundiptablescapture for admin ports, matching the behavior of Kubernetes Pods. (Issue #29412)Improved performance of
istiodwhen running on clusters with thousands of namespaces. (Issue #32269Improved detection of Server Side Apply in Kubernetes. (Issue #32101)