Release notes

Introduction link

The release notes include important installation changes and known issues. They also highlight ways that you can take advantage of new features or enhancements to improve your product usage.

For more information, see the following related resources:

• Upgrade guide: Steps to upgrade from the previous minor version to the current version.
• Version reference: Information about Solo’s version support.

🔥 Breaking changes link

Review details about the following breaking changes. The severity is intended as a guide to help you assess how much attention to pay to this area during the upgrade, but can vary depending on your environment.

🚨 High link

Review severe changes that can impact production and require manual intervention.

• No high-severity changes are currently reported.

🔔 Medium link

Review changes that might have impact to production and require manual intervention, but possibly not until the next version is released.

• No medium-severity changes are currently reported.

ℹ️ Low link

Review informational updates that you might want to implement but that are unlikely to materially impact production.

• No low-severity changes are currently reported.

🚧 New known issues link

No new known issues are currently reported.

🌟 New features link

Review the following new features that are introduced in version 2.12 and that you can enable in your environment.

Istio 1.29 support link

You can now run Solo Enterprise for Istio with Istio 1.29. Istio 1.24 is no longer supported. For more information, see the version support matrix, and the Solo distribution of Istio changelog for 1.29.

New features in the Solo distribution of Istio 1.29 include the following.

New public image repo for the Solo distribution of Istio link

You can now get the Solo distribution of Istio images from the us-docker.pkg.dev/soloio-img/istio public image repo, and Helm charts from the us-docker.pkg.dev/soloio-img/istio-helm repo. Private repo keys are no longer required for versions 1.29 and later. However, to use the features enabled by these images, and to use distributions like -fips, you must still provide a valid license key. Contact your account representative to obtain a license.

For more information, see the Istio images built by Solo.io support article.

Peering Helm chart link

In the Solo distribution of Istio 1.29, a new peering chart (us-docker.pkg.dev/soloio-img/istio-helm/peering:1.28.1-solo) is added to facilitate connecting clusters in a multicluster ambient mesh. You can use this Helm chart to create east-west and remote peering gateways in each cluster.

For more information, review the following guides:

• For steps on how to use this chart to connect clusters in a multicluster ambient mesh, see the ambient multicluster installation guides.
• For recommendations on customizing the east-west gateway for resiliency and availability with the Helm chart, see the best practices for multicluster peering.
• For more information about each field, see the Helm values reference.

Solo distribution of istioctl command reference link

Reference documentation is now available for the Solo distribution of istioctl commands. You can find command descriptions, options, and examples in the istioctl command reference for commands such as:

• istioctl multicluster link
• istioctl multicluster check
• istioctl multicluster expose
• istioctl bootstrap
• istioctl ecs add-service
• istioctl zc endpoints

Multicluster peering and ztunnel metrics link

New metrics are available to help you monitor and debug your ambient mesh setup. You can access metrics that are collected for Istio components by using the Prometheus server that is built into the Solo Enterprise for Istio management plane. For more information, see the built-in Prometheus overview and sample PromQL queries.

The following metrics for istiod can help you monitor the peering connections between clusters in a multicluster ambient mesh:

• peer_connection_state
• peer_convergence_time_bucket
• peer_convergence_time_count
• peer_convergence_time_sum
• peer_xds_config_size_bytes_bucket
• peer_xds_config_size_bytes_count
• peer_xds_config_size_bytes_sum

The following metrics for ztunnel can help you monitor ztunnel outlier detection:

• istio_outlier_detection_endpoints
• istio_outlier_detection_endpoints_unhealthy

Global service aliases link

When you add clusters to a segment, any service that is globally exposed is assigned a dedicated segment-specific hostname in the format <svc_name>.<namespace>.<segment_domain>. This hostname replaces the default hostname that is assigned to globally exposed services.

You might want to use a different hostname pattern for your global services. For example, you might already use a specific hostname pattern within your organization that ensures unique hostnames within and across segments. Starting in the Solo distribution of Istio version 1.29, you can now specify hostname alias patterns in the Segment resource. To learn more about global service aliasing, see Global service aliasing.

For a setup example, see the Create segments guide.

Multicluster overview documentation link

A new overview document is available that explains the multicluster ambient mesh architecture, including control plane peering, data plane traffic, network setup options, and performance and scale considerations. For more information, see About multicluster.

🔄 Feature changes link

Review the following changes that might impact how you use certain features in your environment.

Product name change: Gloo Mesh (OSS APIs) to Solo Enterprise for Istio link

The product previously known as “Gloo Mesh (OSS APIs)” is now called “Solo Enterprise for Istio” throughout the documentation. All functionality remains the same; only the product name has changed.

NodePort peering changes link

NodePort-based multicluster peering is updated in the following ways:

• The NodePort-based multicluster peering feature is promoted to beta status in the Solo distribution of Istio 1.29. For more information, see Solo feature maturity.
• NodePort peering now uses only InternalIP node addresses. ExternalIP address types are no longer supported. Ensure that your environment is configured so that nodes are reachable via their InternalIP address. If you need to use another address type, contact Solo for engineering design and implementation support.
• When linking clusters for NodePort peering, you can now use the --preferred-data-plane-service-type nodeport flag with the istioctl multicluster link command. This flag automatically configures the peering gateways for NodePort-based cross-cluster traffic.

For more information about these changes, see Best practices for multicluster peering.

🗑️ Removed features link

Removed support for Istio 1.24 link

Istio 1.24 is no longer supported with Solo Enterprise for Istio version 2.12. For more information, see the version support matrix.

Removal of the Istio lifecycle manager link

The Istio lifecycle manager (ILM) feature is removed in version 2.12.

If you still use the Istio lifecycle manager:

• When upgrading to Solo Enterprise for Istio version 2.12, be sure to offboard from the Istio lifecycle manager first. You can change the way that you manage Istio by using either Helm or the Gloo Operator. To get started with an ambient mesh, see the ambient installation guides.
• After you upgrade to version 2.12, any existing Istio resources that were generated by the Istio lifecycle manager remain, but Solo Enterprise for Istio no longer manages them.
• If you cannot offboard yet, continue to use Solo Enterprise for Istio version 2.11. Note that version 2.11 is supported until version 2.15 is released due to the n-5 Solo.io version support policy. However, keep in mind that you can continue to use the Istio lifecycle manager to upgrade to the latest patch updates for Istio 1.27 or earlier only.

🚧 Known issues link

The Solo team fixes bugs, delivers new features, and makes changes on a regular basis as described in the changelog. Some issues, however, might impact many users for common use cases. These known issues are as follows:

• Cluster names: Do not use underscores (_) in the names of your clusters or in the kubeconfig context for your clusters.
• Istio:
  • Patch versions 1.26.0 and 1.26.1 of the Solo distribution of Istio lack support for FIPS-tagged images and ztunnel outlier detection. When upgrading or installing 1.26, be sure to use patch version 1.26.1-patch0 and later only.
  • In the Solo distribution of Istio 1.25 and later, you can access enterprise-level features by passing your Solo license in the license.value or license.secretRef field of the Solo distribution of the istiod Helm chart. The Solo istiod Helm chart is strongly recommended due to the included safeguards, default settings, and upgrade handling to ensure a reliable and secure Istio deployment. Though it is not recommended, you can pass your license key in the open source istiod Helm chart by using the --set pilot.env.SOLO_LICENSE_KEY field.
  • Multicluster setups require the Solo distribution of Istio version 1.24.3 or later (1.24.3-solo), including the Solo distribution of istioctl.
  • Due to a lack of support for the Istio CNI and iptables for the Istio proxy, you cannot run Istio (and therefore Solo Enterprise for Istio) on AWS Fargate. For more information, see the Amazon EKS issue.
• OTel pipeline: FIPS-compliant builds are not currently supported for the OTel collector agent image.