diff --git a/modules/ossm-rn-deprecated-features.adoc b/modules/ossm-rn-deprecated-features.adoc index 8220ca5edb..37e3a98b05 100644 --- a/modules/ossm-rn-deprecated-features.adoc +++ b/modules/ossm-rn-deprecated-features.adoc @@ -5,7 +5,7 @@ Module included in the following assemblies: [id="ossm-deprecated-features_{context}"] //// -Description - Description of the any features (including technology previews) that have been removed from the product. Write the description from a customer perspective, what UI elements, commands, or options are no longer available. +Description - Description of the any features (including technology previews) that have been removed from the product. Write the description from a customer perspective, what UI elements, commands, or options are no longer available. Consequence or a recommended replacement - Description of what the customer can no longer do, and recommended replacement (if known). //// = Deprecated features @@ -15,11 +15,11 @@ Deprecated functionality is still included in {product-title} and continues to b == Deprecated features {ProductName} 2.0 -The Mixer component was deprecated in release 2.0 and will be removed in release 2.1. While using Mixer for implementing extensions was still supported in release 2.0, extensions should have been migrated to the new link:https://istio.io/latest/blog/2020/wasm-announce/[WebAssembly] mechanism. +The Mixer component was deprecated in release 2.0 and will be removed in release 2.1. While using Mixer for implementing extensions was still supported in release 2.0, extensions should have been migrated to the new link:https://istio.io/latest/blog/2020/wasm-announce/[WebAssembly] mechanism. The following resource types are no longer supported in {ProductName} 2.0: -* `Policy` (authentication.istio.io/v1alpha1) is no longer supported. Depending on the specific configuration in your Policy resource, you may have to configure multiple resources to achieve the same effect. +* `Policy` (authentication.istio.io/v1alpha1) is no longer supported. Depending on the specific configuration in your Policy resource, you may have to configure multiple resources to achieve the same effect. ** Use `RequestAuthentication` (security.istio.io/v1beta1) ** Use `PeerAuthentication` (security.istio.io/v1beta1) * `ServiceMeshPolicy` (maistra.io/v1) is no longer supported. diff --git a/modules/ossm-rn-fixed-issues.adoc b/modules/ossm-rn-fixed-issues.adoc index f5c8b74914..db15e3ef2a 100644 --- a/modules/ossm-rn-fixed-issues.adoc +++ b/modules/ossm-rn-fixed-issues.adoc @@ -8,10 +8,10 @@ Module included in the following assemblies: //// Provide the following info for each issue if possible: -Consequence - What user action or situation would make this problem appear (If you have the foo option enabled and did x)? What did the customer experience as a result of the issue? What was the symptom? +Consequence - What user action or situation would make this problem appear (If you have the foo option enabled and did x)? What did the customer experience as a result of the issue? What was the symptom? Cause - Why did this happen? Fix - What did we change to fix the problem? -Result - How has the behavior changed as a result? Try to avoid “It is fixed” or “The issue is resolved” or “The error no longer presents”. +Result - How has the behavior changed as a result? Try to avoid “It is fixed” or “The issue is resolved” or “The error no longer presents”. //// The following issues been resolved in the current release: @@ -58,9 +58,9 @@ Upgrading the operator to 2.0 might break client tools that read the SMCP status + This also causes the READY and STATUS columns to be empty when you run `oc get servicemeshcontrolplanes.v1.maistra.io`. -* link:https://issues.jboss.org/browse/MAISTRA-1089[MAISTRA-1089] _Migration to 2.0_ Gateways created in a non-control plane namespace are automatically deleted. Users will need to manually delete these resources after removing the gateway definition from the SMCP spec. +* link:https://issues.jboss.org/browse/MAISTRA-1089[MAISTRA-1089] _Migration to 2.0_ Gateways created in a non-control plane namespace are automatically deleted. Users will need to manually delete these resources after removing the gateway definition from the SMCP spec. -* link:https://issues.redhat.com/browse/MAISTRA-1983[MAISTRA-1983] _Migration to 2.0_ Upgrading to 2.0.0 with an existing invalid `ServiceMeshControlPlane` cannot easily be repaired. The invalid items in the `ServiceMeshControlPlane` resource caused an unrecoverable error. The fix makes the errors recoverable. You can delete the invalid resource and replace it with a new one or edit the resource to fix the errors. For more information about editing your resource, see [Configuring the Red Hat OpenShift Service Mesh installation]. +* link:https://issues.redhat.com/browse/MAISTRA-1983[MAISTRA-1983] _Migration to 2.0_ Upgrading to 2.0.0 with an existing invalid `ServiceMeshControlPlane` cannot easily be repaired. The invalid items in the `ServiceMeshControlPlane` resource caused an unrecoverable error. The fix makes the errors recoverable. You can delete the invalid resource and replace it with a new one or edit the resource to fix the errors. For more information about editing your resource, see [Configuring the Red Hat OpenShift Service Mesh installation]. * link:https://issues.redhat.com/browse/MAISTRA-1502[Maistra-1502] As a result of CVEs fixes in version 1.0.10, the Istio dashboards are not available from the *Home Dashboard* menu in Grafana. The Istio dashboards still exist. To access them, click the *Dashboard* menu in the navigation panel and select the *Manage* tab. diff --git a/modules/ossm-rn-known-issues.adoc b/modules/ossm-rn-known-issues.adoc index 3fa1f84ddd..5d29dd007c 100644 --- a/modules/ossm-rn-known-issues.adoc +++ b/modules/ossm-rn-known-issues.adoc @@ -7,9 +7,9 @@ Module included in the following assemblies: = Known issues //// -Consequence - What user action or situation would make this problem appear (Selecting the Foo option with the Bar version 1.3 plugin enabled results in an error message)? What did the customer experience as a result of the issue? What was the symptom? +Consequence - What user action or situation would make this problem appear (Selecting the Foo option with the Bar version 1.3 plugin enabled results in an error message)? What did the customer experience as a result of the issue? What was the symptom? Cause (if it has been identified) - Why did this happen? -Workaround (If there is one)- What can you do to avoid or negate the effects of this issue in the meantime? Sometimes if there is no workaround it is worthwhile telling readers to contact support for advice. Never promise future fixes. +Workaround (If there is one)- What can you do to avoid or negate the effects of this issue in the meantime? Sometimes if there is no workaround it is worthwhile telling readers to contact support for advice. Never promise future fixes. Result - If the workaround does not completely address the problem. //// @@ -34,9 +34,9 @@ These are the known issues in {ProductName}: * link:https://issues.redhat.com/browse/OSSM-285[OSSM-285] When trying to access the Kiali console, receive the following error message "Error trying to get OAuth Metadata". The workaround is to restart the Kiali pod. -* link:https://issues.jboss.org/browse/MAISTRA-1947[MAISTRA-1947] _Technology Preview_ Updates to ServiceMeshExtensions are not applied. The workaround is to remove and recreate the ServiceMeshExtensions. +* link:https://issues.jboss.org/browse/MAISTRA-1947[MAISTRA-1947] _Technology Preview_ Updates to ServiceMeshExtensions are not applied. The workaround is to remove and recreate the ServiceMeshExtensions. -* link:https://issues.jboss.org/browse/MAISTRA-1959[MAISTRA-1959] _Migration to 2.0_ Prometheus scraping (`spec.addons.prometheus.scrape` set to `true`) does not work when mTLS is enabled. Additionally, Kiali displays extraneous graph data when mTLS is disabled. +* link:https://issues.jboss.org/browse/MAISTRA-1959[MAISTRA-1959] _Migration to 2.0_ Prometheus scraping (`spec.addons.prometheus.scrape` set to `true`) does not work when mTLS is enabled. Additionally, Kiali displays extraneous graph data when mTLS is disabled. + This problem can be addressed by excluding port 15020 from proxy configuration, for example, + @@ -51,6 +51,8 @@ spec: - 15020 ---- + +* link:https://issues.redhat.com/browse/MAISTRA-1314[MAISTRA-1314] {ProductName} does not yet support IPv6. + * link:https://issues.jboss.org/browse/MAISTRA-806[MAISTRA-806] Evicted Istio Operator Pod causes mesh and CNI not to deploy. + If the `istio-operator` pod is evicted while deploying the control pane, delete the evicted `istio-operator` pod. @@ -69,7 +71,7 @@ If the `istio-operator` pod is evicted while deploying the control pane, delete [NOTE] ==== -New issues for Kiali should be created in the link:https://issues.redhat.com/projects/OSSM/[OpenShift Service Mesh] project with the `Component` set to `Kiali`. +New issues for Kiali should be created in the link:https://issues.redhat.com/projects/OSSM/[OpenShift Service Mesh] project with the `Component` set to `Kiali`. ==== These are the known issues in Kiali: diff --git a/modules/ossm-rn-new-features-1x.adoc b/modules/ossm-rn-new-features-1x.adoc index 84663a91c6..7fc24b525f 100644 --- a/modules/ossm-rn-new-features-1x.adoc +++ b/modules/ossm-rn-new-features-1x.adoc @@ -7,8 +7,8 @@ Module included in the following assemblies: = New Features //// -Feature – Describe the new functionality available to the customer. For enhancements, try to describe as specifically as possible where the customer will see changes. -Reason – If known, include why has the enhancement been implemented (use case, performance, technology, etc.). For example, showcases integration of X with Y, demonstrates Z API feature, includes latest framework bug fixes. There may not have been a 'problem' previously, but system behaviour may have changed. +Feature – Describe the new functionality available to the customer. For enhancements, try to describe as specifically as possible where the customer will see changes. +Reason – If known, include why has the enhancement been implemented (use case, performance, technology, etc.). For example, showcases integration of X with Y, demonstrates Z API feature, includes latest framework bug fixes. There may not have been a 'problem' previously, but system behaviour may have changed. Result – If changed, describe the current user experience //// {ProductName} provides a number of key capabilities uniformly across a network of services: @@ -16,7 +16,7 @@ Result – If changed, describe the current user experience * *Traffic Management* - Control the flow of traffic and API calls between services, make calls more reliable, and make the network more robust in the face of adverse conditions. * *Service Identity and Security* - Provide services in the mesh with a verifiable identity and provide the ability to protect service traffic as it flows over networks of varying degrees of trustworthiness. * *Policy Enforcement* - Apply organizational policy to the interaction between services, ensure access policies are enforced and resources are fairly distributed among consumers. Policy changes are made by configuring the mesh, not by changing application code. -* *Telemetry* - Gain understanding of the dependencies between services and the nature and flow of traffic between them, providing the ability to quickly identify issues. +* *Telemetry* - Gain understanding of the dependencies between services and the nature and flow of traffic between them, providing the ability to quickly identify issues. == Component versions included in {ProductName} version {ProductVersion} @@ -27,15 +27,19 @@ Result – If changed, describe the current user experience |1.4.8 |Jaeger -|1.17.8 +|1.24.0 |Kiali -|1.12.16 +|1.12.18 |3scale Istio Adapter |1.0.0 |=== +== New features {ProductName} 1.1.17 + +This release of {ProductName} addresses Common Vulnerabilities and Exposures (CVEs) and bug fixes. + == New features {ProductName} 1.1.16 This release of {ProductName} addresses Common Vulnerabilities and Exposures (CVEs) and bug fixes. diff --git a/modules/ossm-rn-new-features.adoc b/modules/ossm-rn-new-features.adoc index 344b556c7c..5b2f6d6a66 100644 --- a/modules/ossm-rn-new-features.adoc +++ b/modules/ossm-rn-new-features.adoc @@ -7,8 +7,8 @@ Module included in the following assemblies: = New features //// -Feature – Describe the new functionality available to the customer. For enhancements, try to describe as specifically as possible where the customer will see changes. -Reason – If known, include why has the enhancement been implemented (use case, performance, technology, etc.). For example, showcases integration of X with Y, demonstrates Z API feature, includes latest framework bug fixes. There may not have been a 'problem' previously, but system behaviour may have changed. +Feature – Describe the new functionality available to the customer. For enhancements, try to describe as specifically as possible where the customer will see changes. +Reason – If known, include why has the enhancement been implemented (use case, performance, technology, etc.). For example, showcases integration of X with Y, demonstrates Z API feature, includes latest framework bug fixes. There may not have been a 'problem' previously, but system behavior may have changed. Result – If changed, describe the current user experience //// {ProductName} provides a number of key capabilities uniformly across a network of services: @@ -16,7 +16,7 @@ Result – If changed, describe the current user experience * *Traffic Management* - Control the flow of traffic and API calls between services, make calls more reliable, and make the network more robust in the face of adverse conditions. * *Service Identity and Security* - Provide services in the mesh with a verifiable identity and provide the ability to protect service traffic as it flows over networks of varying degrees of trustworthiness. * *Policy Enforcement* - Apply organizational policy to the interaction between services, ensure access policies are enforced and resources are fairly distributed among consumers. Policy changes are made by configuring the mesh, not by changing application code. -* *Telemetry* - Gain understanding of the dependencies between services and the nature and flow of traffic between them, providing the ability to quickly identify issues. +* *Telemetry* - Gain understanding of the dependencies between services and the nature and flow of traffic between them, providing the ability to quickly identify issues. == Component versions included in {ProductName} version {ProductVersion} @@ -27,15 +27,19 @@ Result – If changed, describe the current user experience |1.6.14 |Jaeger -|1.20.3 +|1.24.0 |Kiali -|1.24.8 +|1.24.10 |3scale Istio Adapter |2.0.0 |=== +== New features {ProductName} 2.0.7 + +This release of {ProductName} addresses Common Vulnerabilities and Exposures (CVEs) and bug fixes. + == {ProductName} on {product-dedicated} and Microsoft Azure Red Hat OpenShift {ProductName} is now supported through {product-dedicated} and Microsoft Azure Red Hat OpenShift. @@ -110,7 +114,7 @@ Istio supports the following normalization schemes on the request paths before e |`DECODE_AND_MERGE_SLASHES` |The strictest setting when you allow all traffic by default. This setting is recommended, with the caveat that you must thoroughly test your authorization policies routes. https://tools.ietf.org/html/rfc3986#section-2.1[Percent-encoded] slash and backslash characters (`%2F`, `%2f`, `%5C` and `%5c`) are decoded to `/` or `\`, before the `MERGE_SLASHES` normalization. |`/a%2fb` is normalized to `/a/b`. -|Update to this setting to mitigate CVE-2021-31920. This setting is more secure, but also has the potential to break applications. Test your applications before deploying to production. +|Update to this setting to mitigate CVE-2021-31920. This setting is more secure, but also has the potential to break applications. Test your applications before deploying to production. |==== The normalization algorithms are conducted in the following order: @@ -156,7 +160,7 @@ The normalized URL paths, or the original URL paths if `NONE` is selected, will === Configuring your SMCP for path normalization -To configure path normalization for {ProductName}, specify the following in your `ServiceMeshControlPlane`. Use the configuration examples to help determine the settings for your system. +To configure path normalization for {ProductName}, specify the following in your `ServiceMeshControlPlane`. Use the configuration examples to help determine the settings for your system. .SMCP v2 pathNormalization [source,yaml] @@ -172,7 +176,7 @@ spec: In some environments, it may be useful to have paths in authorization policies compared in a case insensitive manner. For example, treating `https://myurl/get` and `https://myurl/GeT` as equivalent. In those cases, you can use the `EnvoyFilter` shown below. -This filter will change both the path used for comparison and the path presented to the application. In this example, `istio-system` is the name of the control plane project. +This filter will change both the path used for comparison and the path presented to the application. In this example, `istio-system` is the name of the control plane project. Save the `EnvoyFilter` to a file and execute the following command: @@ -225,7 +229,7 @@ In addition, this release has the following new features: == New features {ProductName} 2.0.2 -This release of {ProductName} adds support for IBM Z and IBM Power Systems. It also addresses Common Vulnerabilities and Exposures (CVEs) and bug fixes. +This release of {ProductName} adds support for IBM Z and IBM Power Systems. It also addresses Common Vulnerabilities and Exposures (CVEs) and bug fixes. == New features {ProductName} 2.0.1 @@ -237,7 +241,6 @@ This release of {ProductName} adds support for Istio 1.6.5, Jaeger 1.20.0, Kiali In addition, this release has the following new features: -* Introduces a re-architected control plane. The Mixer component has been deprecated and will be removed in a future release. The other control plane components, Pilot, Galley, Citadel, have been combined into a single binary known as Istiod. The "d" stands for daemon. ** Simplifies installation, upgrades, and management of the control plane. ** Reduces the control plane's resource usage and startup time. ** Improves performance by reducing inter-control plane communication over networking. diff --git a/modules/ossm-rn-technology-preview.adoc b/modules/ossm-rn-technology-preview.adoc index e16a3bf353..ef608c6f80 100644 --- a/modules/ossm-rn-technology-preview.adoc +++ b/modules/ossm-rn-technology-preview.adoc @@ -21,9 +21,9 @@ These features provide early access to upcoming product features, enabling custo {ProductName} 2.0.0 introduces support for WebAssembly extensions to Envoy Proxy. Up through release 1.5, Istio implemented extensions using the Mixer Telemetry and Policy components. In -link:https://istio.io/latest/news/releases/1.5.x/announcing-1.5/upgrade-notes/#mixer-deprecation[Istio 1.5] Mixer was deprecated and link:https://istio.io/latest/news/releases/1.5.x/announcing-1.5/upgrade-notes/#mixer-deprecation[WebAssembly was introduced] as the new mechanism for extensions in Istio. Envoy now allows extensions using WebAssembly (“WASM”) - a format for executing code written in multiple programming languages. Mixer has been deprecated as of Istio 1.5, and will be removed in 1.8. Going forward, extensions to Istio will be implemented with Envoy plugins written with WebAssembly. +link:https://istio.io/latest/news/releases/1.5.x/announcing-1.5/upgrade-notes/#mixer-deprecation[Istio 1.5] Mixer was deprecated and link:https://istio.io/latest/news/releases/1.5.x/announcing-1.5/upgrade-notes/#mixer-deprecation[WebAssembly was introduced] as the new mechanism for extensions in Istio. Envoy now allows extensions using WebAssembly (“WASM”) - a format for executing code written in multiple programming languages. Mixer has been deprecated as of Istio 1.5, and will be removed in 1.8. Going forward, extensions to Istio will be implemented with Envoy plugins written with WebAssembly. -The new Telemetry architecture is based on these WebAssembly extensions. For {ProductShortName} 2.0, we are introducing WebAssembly extensions as a Tech Preview feature. WebAssembly extensions is the new way of extending Istio functionality, replacing the Mixer component, which has been deprecated and will eventually be removed. +The new Telemetry architecture is based on these WebAssembly extensions. For {ProductShortName} 2.0, we are introducing WebAssembly extensions as a Tech Preview feature. WebAssembly extensions is the new way of extending Istio functionality, replacing the Mixer component, which has been deprecated and will eventually be removed. [NOTE] ==== diff --git a/modules/ossm-supported-configurations.adoc b/modules/ossm-supported-configurations.adoc index 3f29acda93..8adce65c48 100644 --- a/modules/ossm-supported-configurations.adoc +++ b/modules/ossm-supported-configurations.adoc @@ -2,12 +2,12 @@ // // * service_mesh/v2x/preparing-ossm-install.adoc // * service_mesh/v2x/servicemesh-release-notes.adoc -// * post_installation_configuration/network-configuration.adoc (once 2.0 released) +// * post_installation_configuration/network-configuration.adoc (once 2.0 released) [id="ossm-supported-configurations_{context}"] = Supported configurations -The following configurations are supported for the current release of {ProductName}: +The following configurations are supported for the current release of {ProductName}: * Red Hat {product-title} version 4.x.