This release note describes what’s different between Solo builds of Istio versions 1.27.1-patch1 and 1.27.2.

General Changes

  • Built against upstream Istio version 1.27.2, release note can be found here.

Solo Flavor Changes

  • Added support for labeling Namespaces with solo.io/service-scope to allow setting the default scope for all services in the namespace. Labeling individual Services will take precedence over the Namespace label. Setting the scope to “cluster” allows opting out an individual service when the namespace is marked as “global” or “global-only”.

  • Fixed an issue where traffic did not traverse remote-only waypoints with flat networking.

  • Fixed an issue where in connections to east/west gateways from Envoy proxies (sidecar, waypoint, ingress), the outer HBONE connection used port 15008, rather than the HBONE port specified in the istio-remote gateway. This presented a problem when specifying NodePort east/west gateways.

  • Fixed missing gateway reconciliation statuses for service-type changes.

  • Fixed an issue where locality information was not being propagated for peered multi-cluster resources when the istio-remote Gateway’s topology.istio.io/subzone was specified.

  • Fixed an issue where workloads added with the --external flag using istioctl bootstrap or istioctl ecs add-server wouldn’t be able to route traffic due to no networkGateway being attached.

  • Removed an incorrect UnsupportedProtocol warning from Gateway resources for east-west gateways.

FIPS Flavor Changes

No changes in this section.