Introduction

The release notes include important installation changes and known issues. They also highlight ways that you can take advantage of new features or enhancements to improve your product usage.

For more information, see the following related resources:

  • Changelog: A full list of changes, including the ability to compare previous patch and minor versions.
  • Upgrade guide: Steps to upgrade from the previous minor version to the current version.
  • Version reference: Information about Solo’s version support.

🔥 Breaking changes

Review details about the following breaking changes. To review when breaking changes were released, you can use the comparison feature of the changelog. The severity is intended as a guide to help you assess how much attention to pay to this area during the upgrade, but can vary depending on your environment.

Imported VirtualDestination client-side policies

The ImportedVirtualDestinationPolicyLegacyMode feature gate is added to let you temporarily keep client-side policy behavior when importing VirtualDestinations that do not have a backing service in the local cluster.

Previously, client-side policies were not properly applied to VirtualDestinations that were imported from one workspace to another and did not have a backing service in the local cluster.

This bug is fixed. Now by default, the importing behavior matches the expected behavior as described in the policy import docs.

The fix can impact the DestinationRules that are translated from the client-side policies as follows.

  • Many environments get additional DestinationRules to enforce the client-side policies that are now imported to the workspace.
  • Some environments might have modified or fewer translated DestinationRules from the client-side policies, such as if imported client-side policies result in fewer policies being applied from the importing workspace.

🌟 New features

Review the following new features that are introduced in version 2.9 and that you can enable in your environment.

Gloo Operator reference docs

Reference documentation is now published for the Gloo Operator. For more information, check out the following pages:

Istio 1.26 support

You can now run Gloo Mesh Enterprise with Istio 1.26. Istio 1.21 is no longer supported. For more information, see the version support matrix.

🔄 Feature changes

Review the following changes that might impact how you use certain features in your Gloo environment.

Deprecation of the Istio lifecycle manager

The Istio lifecycle manager, provided either by the istioInstallations section of the Helm chart or by the GatewayLifecycleManager and IstioLifecycleManager custom resources, is deprecated in version 2.9. The feature will be removed in future versions.

Instead, you can use the new way of installing Istio with the Gloo Operator. Check out the guides for installing ambient or sidecar meshes, or for migration steps, see Migrate to the Gloo Operator from the Istio lifecycle manager.

🗑️ Removed features

Removed support for Istio 1.21

Istio 1.21 is no longer supported with Gloo Mesh Enterprise version 2.9. For more information, see the version support matrix.

🚧 Known issues

The Solo team fixes bugs, delivers new features, and makes changes on a regular basis as described in the changelog. Some issues, however, might impact many users for common use cases. These known issues are as follows:

  • Cluster names: Do not use underscores (_) in the names of your clusters or in the kubeconfig context for your clusters.
  • Istio:
    • Due to a lack of support for the Istio CNI and iptables for the Istio proxy, you cannot run Istio (and therefore Gloo Mesh Enterprise) on AWS Fargate. For more information, see the Amazon EKS issue.
    • Istio 1.22 is supported only as patch version 1.22.1-patch0 and later. Do not use patch versions 1.22.0 and 1.22.1, which contain bugs that impact several Gloo Mesh Enterprise routing features that rely on virtual destinations. Additionally, in Istio 1.22.0-1.22.3, the ISTIO_DELTA_XDS environment variable must be set to false. For more information, see this upstream Istio issue. Note that this issue is resolved in Istio 1.22.4.
      • If you have multiple external services that use the same host and plan to use Istio 1.21 or 1.22, you must use patch versions 1.21.3 or 1.22.1-patch0 or later to ensure that the Istio service entry that is created for those external services is correct.
      • The WasmDeploymentPolicy Gloo CR is currently unsupported in Istio versions 1.18 and later.
    • OTel pipeline: FIPS-compliant builds are not currently supported for the OTel collector agent image.
    • Workspaces: If you run Istio version 1.21 or earlier and you reconfigure your Gloo workspaces, such as by moving from one workspace to multiple workspaces, routing to services that are exposed with a virtual destination might fail. You must re-apply the virtual destination to fix routing for these services. Note that this issue is fixed in Istio version 1.22 and later.