Announcing Istio 1.9.4
This release contains bug fixes to improve robustness. This release note describes what’s different between Istio 1.9.3 and Istio 1.9.4
BEFORE YOU UPGRADE
Things to know and prepare before upgrading.
Download and install this release.
Visit the documentation for this release.
Inspect the full set of source code changes.
Fixed an issue where the Istio operator prunes all resources created by the operator, including itself. Now the operator will only remove resources belonging to the custom resource. (Issue #30833)
Fixed an issue ensuring lease duration is always greater than the user configured
RENEW_DEADLINEfor Istio operator manager. (Issue #27509)
Fixed an issue where a certificate provisioned by sidecar proxy cannot be used by Prometheus. (Issue #29919)
Fixed an issue that creates an IOP under
istio-systemwhen installing Istio in another namespace. (Issue #31517)
Fixed an issue when using
PeerAuthenticationto turn off mTLS while using multi-network. Now non-mTLS endpoints will be removed from cross-network load-balancing endpoints to prevent 500 errors. (Issue #28798)
istiodnever becoming ready when it fails to read resources from clusters configured via remote secrets. After a timeout configured by
istiodwill become ready without syncing remote clusters. The stat
remote_cluster_sync_timeoutswill be incremented when this occurs. (Issue #30838)
Fixed an issue where
istiodwill not create a self-signed root CA and
kubernetes. (Issue #32023)
istioctl x workloadcommand to configure VMs to disable inbound
iptablescapture for admin ports, matching the behavior of Kubernetes Pods. (Issue #29412)
Improved performance of
istiodwhen running on clusters with thousands of namespaces. (Issue #32269
Improved detection of Server Side Apply in Kubernetes. (Issue #32101)