Loading...

XML

Word

Printable

Type: Epic
Resolution: Done
Priority: Blocker
Fix Version/s: None
Affects Version/s: None
Component/s: Envoy, Istio, Kiali, Sail Operator
Labels:
- FeatureDevelopment

Epic Name:
Update OSSM to Istio 1.26
Blocked:
False
Blocked Reason:

Hide

None

Show
None
Ready:
False
Affects:

Documentation (Ref Guide, User Guide, etc.), Release Notes, Migration
Epic Status:
In Progress
Hierarchy Progress Bar:

0% To Do, 14% In Progress, 86% Done
Release Note Text:

Hide
This release introduces support for Kubernetes traffic distribution feature, part of the Kubernetes Service API, within OpenShift Service Mesh. As of OpenShift Container Platform 4.19, this is a beta feature and requires enabling the ServiceTrafficDistribution feature.

This release introduces developer preview support for the experimental Kubernetes ClusterTrustBundle feature, which provides a new way of distributing X.509 trust anchors (root certificates) to workloads within the cluster. As of OpenShift Container Platform 4.19, this is an Alpha feature and requires enabling the ClusterTrustBundle feature.

This release deprecates the use of ISTIO_META_DNS_AUTO_ALLOCATE in proxyMetadata in favor of a newer version of DNS auto-allocation label on the ServiceEntry.

Show
This release introduces support for Kubernetes traffic distribution feature, part of the Kubernetes Service API, within OpenShift Service Mesh. As of OpenShift Container Platform 4.19, this is a beta feature and requires enabling the ServiceTrafficDistribution feature. This release introduces developer preview support for the experimental Kubernetes ClusterTrustBundle feature, which provides a new way of distributing X.509 trust anchors (root certificates) to workloads within the cluster. As of OpenShift Container Platform 4.19, this is an Alpha feature and requires enabling the ClusterTrustBundle feature. This release deprecates the use of ISTIO_META_DNS_AUTO_ALLOCATE in proxyMetadata in favor of a newer version of DNS auto-allocation label on the ServiceEntry.

Target Version:

OSSM 3.1.0

SFDC Cases Links:
SFDC Cases Open:
SFDC Cases Counter:

Intelligence Requested:
Market:

Goal:

Update OSSM to latest version of Istio (currently 1.26).

Acceptance Criteria:

All OSSM components (Sail-operator, Istio, Envoy, Kiali, Docs, QE) are updated to support the new version of Istio
All unit and integration tests pass on all platforms.
Release notes to note any new features that will not be GA in OSSM (Specify text in the release notes field)
Feature support table is updated to reflect any changes in support status
Issues are created for any new features that require:
- Additional QE tests (upstream or downstream)
- Additional documentation (beyond release notes or feature support)
Istio Proxy container is based on UBI9 minimal (instead of RHEL ELS minimal)

Open questions:

Should we update the BoringSSL compatibility layer to OpenSSL 3.2?
- No - the RHEL team has given assurances that all versions of OpenSSL in RHEL 9.x will be backward compatible with binaries built against OpenSSL 3.0.
Should we update repos to track main and then branch when 1.26 is released?

is cloned by

OSSM-10593 Update OSSM to Istio 1.27

In Progress

OSSM-9366 Update OSSM to Istio 1.26 (Duplicate)

Closed

Assignee:: Yann Liu

Reporter:: Rob Cernich

Contributors:: Cameron Garrison, Dario Cillerai, Yann Liu, Zuzana Miklánková

Votes:: 0 Vote for this issue

Watchers:: 6 Start watching this issue

Created:: 2025/03/25 6:18 PM

Updated:: 2025/08/26 9:32 AM

Resolved:: 2025/07/29 6:51 AM

Details

Description

Goal:

Acceptance Criteria:

Open questions:

Attachments

Issue Links

Easy Agile Planning Poker

Activity

People

Dates