istio.io/istio@v0.0.0-20240520182934-d79c90f27776/releasenotes/notes/49700.yaml

istio.io/istio@v0.0.0-20240520182934-d79c90f27776/releasenotes/notes/49700.yaml (about)

     1  apiVersion: release-notes/v2
     2  
     3  # This YAML file describes the format for specifying a release notes entry for Istio.
     4  # This should be filled in for all user facing changes.
     5  
     6  # kind describes the type of change that this represents.
     7  # Valid Values are:
     8  # - bug-fix -- Used to specify that this change represents a bug fix.
     9  # - security-fix -- Used to specify that this change represents a vulnerability fix.
    10  # - feature -- Used to specify a new feature that has been added.
    11  # - test -- Used to describe additional testing added. This file is optional for
    12  #   tests, but included for completeness.
    13  kind: feature
    14  
    15  # area describes the area that this change affects.
    16  # Valid values are:
    17  # - traffic-management
    18  # - security
    19  # - telemetry
    20  # - installation
    21  # - istioctl
    22  # - documentation
    23  area: traffic-management
    24  
    25  # issue is a list of GitHub issues resolved in this note.
    26  # If issue is not in the current repo, specify its full URL instead.
    27  issue:
    28  - 49436
    29  
    30  # releaseNotes is a markdown listing of any user facing changes. This will appear in the
    31  # release notes.
    32  releaseNotes:
    33  - |
    34    **Added** capability to annotate pods, services, namespaces and other similar kinds with an annotation, `istio.io/use-waypoint`, to specify a waypoint in the form `[<namespace name>]/<waypoint name>`. This replaces the old requirement for waypoints either being scoped to the entire namespace or to a single service account. Opting out of a waypoint can also be done with a value of `none` to allow a namespace-wide waypoint where specific pods or services are not guarded by a waypoint allowing greater flexibility in waypoint specification and use.
    35       
    36  
    37  # upgradeNotes is a markdown listing of any changes that will affect the upgrade
    38  # process. This will appear in the release notes.
    39  upgradeNotes:
    40    - title: New ambient mode waypoint attachment method
    41      content: |
    42        Waypoints in Istio's ambient mode no longer use the original service account or namespace attachment semantics. If you were using a namespace-scope waypoint previously migration should be fairly straight forward. Annotate your namespace with the appropriate waypoint and it should function in a similar way.
    43  
    44        If you were using service account attachment there will be more to understand. Under the old waypoint logic all types of traffic, both addressed to a service as well as addressed to a workload, were treated similarly because there wasn't a good way to properly associate a waypoint to a service. With the new attachment this limitation has been resolved. This includes adding a distinction between service addressed and workload addressed traffic. Annotating a service, or service-like kind, will redirect traffic which is service addressed to your waypoint. Likewise annotating a workload will redirect workload addressed traffic. It is therefore important to understand how consumers address your providers and select a waypoint attachment method which corresponds to this method of access. 
    45