diff --git a/README.md b/README.md index a8f3662232..816e4fa7af 100644 --- a/README.md +++ b/README.md @@ -5,26 +5,22 @@ Istio logo -Istio is an open-source service mesh that provides a uniform way to manage, connect, and secure microservices. It helps to manage traffic, enhance security capabilities, and provide telemetry data for understanding service behavior. Read the [Istio documentation](https://istio.io/latest/) to learn more. +Istio is an open-source service mesh that provides a uniform way to manage, connect, and secure microservices. It helps to manage traffic, enhance security capabilities, and provide telemetry data for understanding service behavior. See the [open-source Istio documentation](https://istio.io/latest/docs/). -## Kyma Istio Operator - -Kyma Istio Operator is a component of the Kyma runtime that handles the management and configuration of the Istio service mesh. Within Kyma Istio Operator, [Istio Controller](/docs/user/00-10-overview-istio-controller.md) is responsible for installing, uninstalling, and upgrading Istio. - -The latest release includes the following versions of Istio and Envoy: +The Istio module installs and manages Istio in your Kyma cluster. The latest release includes the following versions of Istio and Envoy: **Istio version:** 1.23.2 **Envoy version:** 1.31.2 > [!NOTE] -> If you want to enable compatibility with the previous minor version of Istio, see [Compatibility Mode](https://kyma-project.io/#/istio/user/00-10-overview-istio-controller?id=compatibility-mode). +> If you want to enable compatibility with the previous minor version of Istio, see [Compatibility Mode](./docs/user/00-10-istio-version.md#compatibility-mode). -## Install Kyma Istio Operator and Istio from the latest release +## Install the Latest Release of the Istio Module ### Prerequisites -- Access to a Kubernetes (v1.24 or higher) cluster +- Access to a Kubernetes cluster (v1.24 or higher) - [kubectl](https://kubernetes.io/docs/tasks/tools/) ### Procedure @@ -36,30 +32,25 @@ The latest release includes the following versions of Istio and Envoy: kubectl label namespace kyma-system istio-injection=enabled --overwrite ``` -2. To install Istio, you must install the latest version of Kyma Istio Operator and Istio CRD first. - In order to install the standard version, run : - ```bash - kubectl apply -f https://github.com/kyma-project/istio/releases/latest/download/istio-manager.yaml - ``` +2. Install the latest version of Istio Operator and Istio CustomResourceDefinition. You can install either the standard or experimental version. + + - To install the standard version, run: + ```bash + kubectl apply -f https://github.com/kyma-project/istio/releases/latest/download/istio-manager.yaml + ``` - In order to install the experimental version, run : - ```bash - kubectl apply -f https://github.com/kyma-project/istio/releases/latest/download/istio-manager-experimental.yaml - ``` + - To install the experimental version, run: + ```bash + kubectl apply -f https://github.com/kyma-project/istio/releases/latest/download/istio-manager-experimental.yaml + ``` -3. To get Istio installed, apply the default Istio CR: +3. To install Istio, apply the default Istio custom resource (CR): ```bash kubectl apply -f https://github.com/kyma-project/istio/releases/latest/download/istio-default-cr.yaml ``` - You should get a result similar to this example: - - ```bash - istio.operator.kyma-project.io/default created - ``` - -4. Check the state of Istio CR to verify if Istio was installed successfully: +4. To verify the Istio was installed successfully, check the state of the Istio CR. ```bash kubectl get -n kyma-system istios/default @@ -76,9 +67,9 @@ For more installation options, visit [the installation guide](/docs/contributor/ ## Useful links -To learn how to use Kyma Istio Operator, read the documentation in the [`user`](/docs/user) directory. +To learn how to use the Istio module, read the documentation in the [`user`](/docs/user) directory. -If you are interested in the detailed documentation of the Kyma Istio Operator's design and technical aspects, check the [`contributor`](/docs/contributor) directory. +If you are interested in the detailed documentation of the Istio module's design and technical aspects, check the [`contributor`](/docs/contributor) directory. ## Contributing diff --git a/docs/release-notes/1.3.0.md b/docs/release-notes/1.3.0.md index 7df63a8d70..06f8bb210d 100644 --- a/docs/release-notes/1.3.0.md +++ b/docs/release-notes/1.3.0.md @@ -1,7 +1,7 @@ ## New features -- Introduce conditions to Istio CR status [#468](https://github.com/kyma-project/istio/issues/468). Read [Istio Controller Overview](https://github.com/kyma-project/istio/blob/main/docs/user/00-10-overview-istio-controller.md) for more details +- Introduce conditions to Istio CR status [#468](https://github.com/kyma-project/istio/issues/468). Read [Istio Controller Overview](https://github.com/kyma-project/istio/blob/release-1.3/docs/user/00-10-overview-istio-controller.md) for more details. - To ensure consistency between the Istio trace settings, the Telemetry module's trace feature, and OpenTelemetry's semantic conventions, we have decided to improve the `service.name` value which is attached to every span emitted by the Istio proxy. To determine the service name, the Istio module now follows the same conventions as the Telemetry module. First, it tries to leverage the `kubernetes.io/name` label. If not available, it checks for the `app` label. If neither label is present, it falls back to using the Deployment's name. diff --git a/docs/release-notes/1.4.0.md b/docs/release-notes/1.4.0.md index 5e1e811c2d..53a74b3a88 100644 --- a/docs/release-notes/1.4.0.md +++ b/docs/release-notes/1.4.0.md @@ -1,5 +1,5 @@ ## New Features -- Introduce consistent labeling for the Kyma modules. For more information, see the [documentation](https://kyma-project.io/#/istio/user/00-10-overview-istio-controller?id=labeling-resources). +- Introduce consistent labeling for the Kyma modules. For more information, see the [documentation](https://github.com/kyma-project/istio/blob/release-1.4/docs/user/00-10-overview-istio-controller.md#labeling-resources). - Use the `Warning` state instead of `Error` when there is more than one Istio CR in the cluster. For more information, see the [PR](https://github.com/kyma-project/istio/pull/632). - Allow configuration of external authorizers for Istio AuthorizationPolicies. For more information, see the [Decision record](https://github.com/kyma-project/istio/issues/608) and the [PR](https://github.com/kyma-project/istio/pull/639). diff --git a/docs/release-notes/1.9.0.md b/docs/release-notes/1.9.0.md index 2b58cb8968..23d7be81ff 100644 --- a/docs/release-notes/1.9.0.md +++ b/docs/release-notes/1.9.0.md @@ -2,5 +2,5 @@ - During the Istio upgrade, Pods with the Istio sidecar proxies are now divided into smaller groups and restarted in multiple reconciliations instead of all at once. This increases the stability and reliability of the reconciliation for the Istio module's operator. See [issue #155](https://github.com/kyma-project/istio/issues/155). - We've updated the Istio version to 1.23.2 ([#1024](https://github.com/kyma-project/istio/pull/1024)). Read the Istio 1.23.2 [release announcement](https://istio.io/latest/news/releases/1.23.x/announcing-1.23.2/) and [Istio 1.23.0 Change Notes](https://istio.io/latest/news/releases/1.23.x/announcing-1.23/change-notes/). Take note of the following breaking changes included in the new minor version of Istio: - - **Deferred cluster creation**: In the context of Envoy, a cluster is a group of logically similar upstream hosts that Envoy connects to. Typically, clusters are defined and created at startup. This means that regardless of whether or not a cluster will be used during the lifetime of the Envoy process, it will still be initialized. Envoy has introduced a new optimization that allows these clusters to be created on the worker threads inline during requests, which can save memory and CPU cycles. If you rely on the old behavior, consider using the [compatibility mode](https://kyma-project.io/#/istio/user/00-10-overview-istio-controller?id=compatibility-mode), which disables the deferred cluster creation feature by setting **ENABLE_DEFERRED_CLUSTER_CREATION** to `false`. - - **Updates to Envoy cluster metrics parsing**: Previously, the Envoy cluster metrics for services that did not use the `.svc.cluster.local` suffix were incorrectly truncated and parsed. This was because Envoy cluster metrics use dots `.` as a delimiter between metric namespaces. It is impossible to properly distinguish between those delimiters and the dots in hostnames or cluster names. To address this, the regex for parsing **cluster_name** has been updated to look for a semicolon that indicates the end of a cluster's name. If you have any dependency on the full stat name for cluster metrics, you must update your monitoring system to account for this change. If you require more time to make adjustments, consider using the [compatibility mode](https://kyma-project.io/#/istio/user/00-10-overview-istio-controller?id=compatibility-mode), which reverts this behavior by setting **ENABLE_DELIMITED_STATS_TAG_REGEX** to `false`. \ No newline at end of file + - **Deferred cluster creation**: In the context of Envoy, a cluster is a group of logically similar upstream hosts that Envoy connects to. Typically, clusters are defined and created at startup. This means that regardless of whether or not a cluster will be used during the lifetime of the Envoy process, it will still be initialized. Envoy has introduced a new optimization that allows these clusters to be created on the worker threads inline during requests, which can save memory and CPU cycles. If you rely on the old behavior, consider using the [compatibility mode](https://kyma-project.io/#/istio/user/00-10-istio-version?id=compatibility-mode), which disables the deferred cluster creation feature by setting **ENABLE_DEFERRED_CLUSTER_CREATION** to `false`. + - **Updates to Envoy cluster metrics parsing**: Previously, the Envoy cluster metrics for services that did not use the `.svc.cluster.local` suffix were incorrectly truncated and parsed. This was because Envoy cluster metrics use dots `.` as a delimiter between metric namespaces. It is impossible to properly distinguish between those delimiters and the dots in hostnames or cluster names. To address this, the regex for parsing **cluster_name** has been updated to look for a semicolon that indicates the end of a cluster's name. If you have any dependency on the full stat name for cluster metrics, you must update your monitoring system to account for this change. If you require more time to make adjustments, consider using the [compatibility mode](https://kyma-project.io/#/istio/user/00-10-istio-version?id=compatibility-mode), which reverts this behavior by setting **ENABLE_DELIMITED_STATS_TAG_REGEX** to `false`. \ No newline at end of file