Introduction

The release notes include important installation changes and known issues. They also highlight ways that you can take advantage of new features or enhancements to improve your product usage.

For more information, see the following related resources:

đŸ”Ĩ Breaking changes

Review details about the following breaking changes. The severity is intended as a guide to help you assess how much attention to pay to this area during the upgrade, but can vary depending on your environment.

🚨 High

Review severe changes that can impact production and require manual intervention.

  • No high-severity changes are currently reported.

🔔 Medium

Review changes that might have impact to production and require manual intervention, but possibly not until the next version is released.

  • No medium-severity changes are currently reported.

ℹī¸ Low

Review informational updates that you might want to implement but that are unlikely to materially impact production.

  • Dashboard upgrades: The gloo-mesh-ui deployment no longer watches secrets and config maps that are used to secure access to the dashboard. If you update these resources, such as to rotate a secret, you must now restart the gloo-mesh-ui deployment after the Helm upgrade. Note that this change does not impact if you customize the secret or config map names during the initial Helm installation.

⚒ī¸ Installation changes

In addition to comparing differences across versions in the changelog, review the following installation changes from the previous minor version to version 2.7.

Disable Redis stream pipeline by default

The logs/redis_stream_cilium_flows pipeline is now set to false by default. The pipeline is dependent on the logs/cilium_flows pipeline, which was already false by default. This change was made to better align the pipeline values and reduce the complexity of the installation settings.

If you updated your installation to enable the Cilium flow logs and you want to keep the Redis stream logs enabled, make sure to explicitly set the logs/redis_stream_cilium_flows pipeline to true before you upgrade to version 2.7.

🌟 New features

Review the following new features that are introduced in version 2.7 and that you can enable in your environment.

Deployment overrides and other options for external auth service and rate limiter

Now, you can set deployment overrides for the external auth service and rate limiter in the Helm values file for your Gloo Mesh Core installation. This way, you can customize the default deployment settings, such as the metadata or resource limits for CPU and memory. Or, you might want to provide your own resource such as a config map, service account, or volume that you mount to the deployment. For more information, see Overrides for default components.

You also now can set the number of replicas for the rate limiter with the new rateLimiter.rateLimiter.replicas setting. For more information, see the Helm reference docs.

🔄 Feature changes

Review the following changes that might impact how you use certain features in your Gloo environment.

  • No feature changes are currently reported.

🚧 Known issues

The Solo team fixes bugs, delivers new features, and makes changes on a regular basis as described in the changelog. Some issues, however, might impact many users for common use cases. These known issues are as follows:

  • Cluster names: Do not use underscores (_) in the names of your clusters or in the kubeconfig context for your clusters.
  • Istio:
    • Due to a lack of support for the Istio CNI and iptables for the Istio proxy, you cannot run Istio (and therefore Gloo Mesh Core) on AWS Fargate. For more information, see the Amazon EKS issue.
      • In Gloo Mesh Core version 2.6, ambient mode requires the Solo distribution of Istio version 1.22.3 or later (1.22.3-solo).
      • In Istio 1.22.0-1.22.3, the ISTIO_DELTA_XDS environment variable must be set to false. For more information, see this upstream Istio issue. Note that this issue is resolved in Istio 1.22.4.
      • Istio 1.20 is supported only as patch version 1.20.1-patch1 and later. Do not use patch versions 1.20.0 and 1.20.1, which contain bugs that impact several Gloo Mesh Core features that rely on Istio ServiceEntries.
    • OTel pipeline: FIPS-compliant builds are not currently supported for the OTel collector agent image.