istio.io/istio@v0.0.0-20240520182934-d79c90f27776/releasenotes/notes/multicuster-secret-auth.yaml

istio.io/istio@v0.0.0-20240520182934-d79c90f27776/releasenotes/notes/multicuster-secret-auth.yaml (about)

     1  apiVersion: release-notes/v2
     2  kind: bug-fix
     3  area: installation
     4  releaseNotes:
     5  - |
     6    **Removed** support for a number of nonstandard kubeconfig authentication methods when using multicluster secret.
     7  
     8  upgradeNotes:
     9  - title: Multicluster Secret Authentication Changes
    10    content: |
    11      When kubeconfig files are created to [enable endpoint discovery](https://istio.io/latest/docs/setup/install/multicluster/multi-primary/#enable-endpoint-discovery)
    12      in multicluster installations, the authentication methods allowed in the configuration is now limited.
    13  
    14      The two authentication methods output but `istioctl create-remote-secret` (`oidc` and `token`), are not impacted.
    15      As a result, only users that are creating custom kubeconfig files will be impacted.
    16  
    17      A new environment variable, `PILOT_INSECURE_MULTICLUSTER_KUBECONFIG_OPTIONS`, is added to Istiod to enable the methods that were removed.
    18      For example, if `exec` authentication is used, set `PILOT_INSECURE_MULTICLUSTER_KUBECONFIG_OPTIONS=exec`.