Update: 20-09-2024

cs_istio.md

@@ -2,7 +2,7 @@
 
 copyright:
   years: 2014, 2024
-lastupdated: "2024-07-24"
+lastupdated: "2024-09-20"
 
 
 keywords: kubernetes, envoy, sidecar, mesh, bookinfo, istio
@@ -68,7 +68,7 @@ Before you begin
     ```
     {: pre}
 
-3. Enable the `istio` add-on. The default version of the generally available Istio managed add-on, 1.22.1, is installed.
+3. Enable the `istio` add-on. The default version of the generally available Istio managed add-on, 1.23.1, is installed.
     ```sh
     ibmcloud ks cluster addon enable istio --cluster <cluster_name_or_ID>
     ```
@@ -84,7 +84,7 @@ Before you begin
 
     ```sh
     NAME            Version     Health State   Health Status
-    istio           1.22.1       normal         Addon Ready
+    istio           1.23.1       normal         Addon Ready
     ```
     {: screen}
 
@@ -292,13 +292,13 @@ For example, the patch version of your add-on might be updated automatically by
 
     ```sh
     client version: version.BuildInfo{Version:"1.11.2"}
-    pilot version: version.BuildInfo{Version:1.22.1}
-    pilot version: version.BuildInfo{Version:1.22.1}
-    data plane version: version.ProxyInfo{ID:"istio-egressgateway-77bf75c5c-vp97p.istio-system", IstioVersion:1.22.1}
-    data plane version: version.ProxyInfo{ID:"istio-egressgateway-77bf75c5c-qkhgm.istio-system", IstioVersion:1.22.1}
-    data plane version: version.ProxyInfo{ID:"istio-ingressgateway-6dcb67b64d-dffhq.istio-system", IstioVersion:1.22.1}
-    data plane version: version.ProxyInfo{ID:"httpbin-74fb669cc6-svc8x.default", IstioVersion:1.22.1}
-    data plane version: version.ProxyInfo{ID:"istio-ingressgateway-6dcb67b64d-cs9r9.istio-system", IstioVersion:1.22.1}
+    pilot version: version.BuildInfo{Version:1.23.1}
+    pilot version: version.BuildInfo{Version:1.23.1}
+    data plane version: version.ProxyInfo{ID:"istio-egressgateway-77bf75c5c-vp97p.istio-system", IstioVersion:1.23.1}
+    data plane version: version.ProxyInfo{ID:"istio-egressgateway-77bf75c5c-qkhgm.istio-system", IstioVersion:1.23.1}
+    data plane version: version.ProxyInfo{ID:"istio-ingressgateway-6dcb67b64d-dffhq.istio-system", IstioVersion:1.23.1}
+    data plane version: version.ProxyInfo{ID:"httpbin-74fb669cc6-svc8x.default", IstioVersion:1.23.1}
+    data plane version: version.ProxyInfo{ID:"istio-ingressgateway-6dcb67b64d-cs9r9.istio-system", IstioVersion:1.23.1}
     ...
     ```
     {: screen}
@@ -307,14 +307,14 @@ For example, the patch version of your add-on might be updated automatically by
     1. Download the `istioctl` client of the same version as the control plane components.
     
         ```sh
-        curl -L https://istio.io/downloadIstio | ISTIO_VERSION=1.22.1 sh -
+        curl -L https://istio.io/downloadIstio | ISTIO_VERSION=1.23.1 sh -
         ```
         {: pre}
 
     2. Navigate to the Istio package directory.
     
         ```sh
-        cd istio-1.22.1
+        cd istio-1.23.1
         ```
         {: pre}
 
@@ -434,16 +434,16 @@ You can customize a set of Istio configuration options by editing the `managed-i
         Example output
 
         ```sh
-        data plane version: version.ProxyInfo{ID:"test-6f86fc4677-vsbsf.default", IstioVersion:"1.22.1"}
-        data plane version: version.ProxyInfo{ID:"rerun-xfs-f8958bb94-j6n89.default", IstioVersion:"1.22.1"}
-        data plane version: version.ProxyInfo{ID:"test2-5cbc75859c-jh6bx.default", IstioVersion:"1.22.1"}
-        data plane version: version.ProxyInfo{ID:"minio-test-78b5d4597d-hkpvt.default", IstioVersion:"1.22.1"}
-        data plane version: version.ProxyInfo{ID:"sb-887f89d7d-7s8ts.default", IstioVersion:"1.22.1"}
-        data plane version: version.ProxyInfo{ID:"gid-deployment-5dc86db4c4-kdshs.default", IstioVersion:"1.22.1"}
+        data plane version: version.ProxyInfo{ID:"test-6f86fc4677-vsbsf.default", IstioVersion:"1.23.1"}
+        data plane version: version.ProxyInfo{ID:"rerun-xfs-f8958bb94-j6n89.default", IstioVersion:"1.23.1"}
+        data plane version: version.ProxyInfo{ID:"test2-5cbc75859c-jh6bx.default", IstioVersion:"1.23.1"}
+        data plane version: version.ProxyInfo{ID:"minio-test-78b5d4597d-hkpvt.default", IstioVersion:"1.23.1"}
+        data plane version: version.ProxyInfo{ID:"sb-887f89d7d-7s8ts.default", IstioVersion:"1.23.1"}
+        data plane version: version.ProxyInfo{ID:"gid-deployment-5dc86db4c4-kdshs.default", IstioVersion:"1.23.1"}
         ```
         {: screen}
 
-    2. Restart each pod by deleting it. In the output of the previous step, the pod name and namespace are listed in each entry as `data plane version: version.ProxyInfo{ID:"<pod_name>.<namespace>", IstioVersion:"1.22.1"}`.
+    2. Restart each pod by deleting it. In the output of the previous step, the pod name and namespace are listed in each entry as `data plane version: version.ProxyInfo{ID:"<pod_name>.<namespace>", IstioVersion:"1.23.1"}`.
         ```sh
         kubectl delete pod <pod_name> -n <namespace>
         ```
@@ -616,7 +616,7 @@ If you previously installed Istio in the cluster by using the IBM Helm chart or
 - If you previously installed BookInfo in the cluster, clean up those resources.
     1. Change the directory to the Istio file location.
         ```sh
-        cd <filepath>/istio-1.22.1
+        cd <filepath>/istio-1.23.1
         ```
         {: pre}
 
@@ -652,13 +652,13 @@ Install the `istioctl` CLI client on your computer. For more information, see th
 
 2. Download the version of `istioctl` that matches your cluster's Istio version to your computer.
     ```sh
-    curl -L https://istio.io/downloadIstio | ISTIO_VERSION=1.22.1 sh -
+    curl -L https://istio.io/downloadIstio | ISTIO_VERSION=1.23.1 sh -
     ```
     {: pre}
 
 3. Navigate to the Istio package directory.
     ```sh
-    cd istio-1.22.1
+    cd istio-1.23.1
     ```
     {: pre}
 
@@ -823,7 +823,3 @@ kubectl delete cm -n ibm-operators managed-istio-custom
 {: pre}
 
 The removal of the add-on is complete and you can continue to use and upgrade the community Istio as needed.
-
-
-
-

cs_istio_about.md

@@ -2,7 +2,7 @@
 
 copyright:
   years: 2014, 2024
-lastupdated: "2024-06-20"
+lastupdated: "2024-09-20"
 
 
 keywords: kubernetes, envoy, sidecar, mesh, bookinfo, istio
@@ -72,7 +72,7 @@ If you need to use the latest version of Istio or customize your Istio installat
 ## What comes with the Istio add-on?
 {: #istio_ov_components}
 
-In Kubernetes clusters, you can install the generally available managed Istio add-on, which runs Istio version 1.22.1.
+In Kubernetes clusters, you can install the generally available managed Istio add-on, which runs Istio version 1.23.1.
 {: shortdesc}
 
 The Istio add-on installs the core components of Istio. For more information about any of the following control plane components, see the [Istio documentation](https://istio.io/latest/about/service-mesh/){: external}.
@@ -92,8 +92,3 @@ Review the following limitations for the managed Istio add-on.
 * You can't modify any Istio resources that are created for you in the `istio-system` namespace. If you need to customize the Istio installation, you can [edit the `managed-istio-custom` configmap resource](/docs/containers?topic=containers-istio#customize).
 * The following features are not supported in the managed Istio add-on:
     * [Any features by the community that are in alpha release stages](https://istio.io/latest/docs/releases/feature-stages/){: external}
-
-
-
-
-

cs_istio_custom_gateway.md

@@ -2,7 +2,7 @@
 
 copyright:
   years: 2014, 2024
-lastupdated: "2024-06-20"
+lastupdated: "2024-09-20"
 
 
 keywords: kubernetes, envoy, sidecar, mesh, bookinfo
@@ -65,7 +65,7 @@ Use an `IstioOperator` (IOP) to create a custom ingress gateway deployment and p
     spec:
       profile: empty
       hub: icr.io/ext/istio
-      # tag: 1.22.1
+      # tag: 1.23.1
       components:
         ingressGateways:
           - name: custom-ingressgateway
@@ -323,7 +323,7 @@ Note the following considerations:
 Manually update and control the managed Istio version of custom ingress gateways.
 {: shortdesc}
 
-{{site.data.keyword.cloud_notm}} keeps all your Istio components up-to-date by automatically rolling out patch updates to the most recent version of Istio that is supported by {{site.data.keyword.containerlong_notm}}. For example, when patch version 1.22.1 is released, all ingress gateway pods are automatically updated to this latest patch version. Patch versions are completed by using the rolling update strategy to avoid downtime for your apps. However, you might want to prevent automatic updates of custom gateway pods, such as if you want to test for any potential regressions with the latest patch version.
+{{site.data.keyword.cloud_notm}} keeps all your Istio components up-to-date by automatically rolling out patch updates to the most recent version of Istio that is supported by {{site.data.keyword.containerlong_notm}}. For example, when patch version 1.23.1 is released, all ingress gateway pods are automatically updated to this latest patch version. Patch versions are completed by using the rolling update strategy to avoid downtime for your apps. However, you might want to prevent automatic updates of custom gateway pods, such as if you want to test for any potential regressions with the latest patch version.
 
 To manage updates for your custom ingress gateways, you might use the following rollout strategy:
 1. [Create a custom ingress gateway IOPs](#custom-ingress-gateway-public). In the `tag` field, specify a patch version that is the same or earlier than the control plane version. You can find the control plane version by running `istioctl version`.
@@ -354,7 +354,7 @@ metadata:
 spec:
   profile: empty
   hub: icr.io/ext/istio
-  # tag: 1.22.1 # Force the gateway to a specific managed Istio version
+  # tag: 1.23.1 # Force the gateway to a specific managed Istio version
   components:
     ingressGateways:
       - name: custom-ingressgateway
@@ -423,7 +423,7 @@ metadata:
 spec:
   profile: empty
   hub: icr.io/ext/istio
-  # tag: 1.22.1 # Force the Gateway to a specific version
+  # tag: 1.23.1 # Force the Gateway to a specific version
   components:
     egressGateways:
       - name: custom-egressgateway
@@ -474,9 +474,3 @@ If you want you apps to be accessible to clients, ensure that at least one gatew
     kubectl get svc -n istio-system
     ```
     {: pre}
-
-
-
-
-
-

cs_istio_mesh.md

@@ -2,7 +2,7 @@
 
 copyright:
   years: 2014, 2024
-lastupdated: "2024-08-20"
+lastupdated: "2024-09-20"
 
 
 keywords: kubernetes, envoy, sidecar, mesh, bookinfo, istio
@@ -47,13 +47,13 @@ The deployment YAMLs for each of these microservices are modified so that Envoy
 
 1. Install BookInfo in your cluster. Download the latest Istio package for your operating system, which includes the configuration files for the BookInfo app.
     ```sh
-    curl -L https://istio.io/downloadIstio | ISTIO_VERSION=1.22.1 sh -
+    curl -L https://istio.io/downloadIstio | ISTIO_VERSION=1.23.1 sh -
     ```
     {: pre}
 
 1. Navigate to the Istio package directory.
     ```sh
-    cd istio-1.22.1
+    cd istio-1.23.1
     ```
     {: pre}
 
@@ -426,7 +426,7 @@ Do not enable sidecar injection for the `kube-system`, `ibm-system,` or `ibm-ope
 
 1. Navigate to the Istio package directory.
     ```sh
-    cd istio-1.22.1
+    cd istio-1.23.1
     ```
     {: pre}
 
@@ -845,9 +845,3 @@ Enable encryption for workloads in a namespace to achieve mutual TLS (mTLS) insi
 
 Destination rules are also used for non-authentication reasons, such as routing traffic to different versions of a service. Any destination rule that you create for a service must also contain the same TLS block that is set to `mode: ISTIO_MUTUAL`. This block prevents the rule from overriding the mesh-wide mTLS settings that you configured in this section.
 {: note}
-
-
-
-
-
-

cs_istio_qs.md

@@ -2,7 +2,7 @@
 
 copyright:
   years: 2014, 2024
-lastupdated: "2024-08-06"
+lastupdated: "2024-09-20"
 
 
 keywords: kubernetes, envoy, sidecar, mesh, bookinfo, istio
@@ -50,7 +50,7 @@ Set up the managed Istio add-on in your cluster.
 
     ```sh
     Name            Version     Health State   Health Status
-    istio           1.22       normal         Addon Ready
+    istio           1.23       normal         Addon Ready
     ```
     {: screen}
 
@@ -88,13 +88,13 @@ The BookInfo app is also already exposed on a public IP address by an Istio Gate
 1. Install BookInfo in your cluster.
     1. Download the latest Istio package, which includes the configuration files for the BookInfo app.
         ```sh
-        curl -L https://istio.io/downloadIstio | ISTIO_VERSION=1.22.1 sh -
+        curl -L https://istio.io/downloadIstio | ISTIO_VERSION=1.23.1 sh -
         ```
         {: pre}
 
     2. Navigate to the Istio package directory.
         ```sh
-        cd istio-1.22.1
+        cd istio-1.23.1
         ```
         {: pre}
 
@@ -317,7 +317,3 @@ Enable encryption for workloads in a namespace to achieve mutual TLS (mTLS) insi
 
 Destination rules are also used for non-authentication reasons, such as routing traffic to different versions of a service. Any destination rule that you create for a service must also contain the same TLS block that is set to `mode: ISTIO_MUTUAL`. This block prevents the rule from overriding the mesh-wide mTLS settings that you configured in this section.
 {: note}
-
-
-
-

release-notes.md

@@ -38,6 +38,13 @@ Looking for {{site.data.keyword.cloud_notm}} status, platform announcements, sec
 :   {{site.data.keyword.containerlong_notm}} version [1.31](/docs/containers?topic=containers-cs_versions_131) is now Kubernetes certified.
 
 
+
+Istio add-on version `1.23.1` is available.
+:   For more information, see the [change log](/docs/containers?topic=containers-istio-changelog).
+
+
+
+
 ### 18 September 2024
 {: #containers-sep1824}
 {: release-note}

sitemap.md

@@ -244,6 +244,8 @@ subcollection: containers
 
         * {{site.data.keyword.containerlong_notm}} version 1.31 Kubernetes certification
 
+        * Istio add-on version `1.23.1` is available.
+
     * [18 September 2024](/docs/containers?topic=containers-containers-relnotes#containers-sep1824)
 
         * {{site.data.keyword.containerlong_notm}} CLI plug-in version `1.0.665` is available.
@@ -7005,6 +7007,10 @@ subcollection: containers
 
 [Istio add-on change log](/docs/containers?topic=containers-istio-changelog#istio-changelog)
 
+* [Version 1.23](/docs/containers?topic=containers-istio-changelog#v123)
+
+    * [Change log for 1.23.1, released 20 September 2024](/docs/containers?topic=containers-istio-changelog#1231)
+
 * [Version 1.22](/docs/containers?topic=containers-istio-changelog#v122)
 
     * [Change log for 1.22.4, released 18 August 2024](/docs/containers?topic=containers-istio-changelog#1224)

versions-istio.md

@@ -2,7 +2,7 @@
 
 copyright:
   years: 2014, 2024
-lastupdated: "2024-09-18"
+lastupdated: "2024-09-20"
 
 
 keywords: kubernetes, istio, add-on, change log, add-on version, istio version
@@ -31,6 +31,27 @@ ibmcloud ks cluster addon versions
 ```
 {: pre}
 
+## Version 1.23
+{: #v123}
+
+### Change log for 1.23.1, released 20 September 2024
+{: #1231}
+
+Review the changes that are included in version 1.23.1 of the managed Istio add-on.
+{: shortdesc}
+
+Previous version
+:   1.22.4
+
+Current version
+:   1.23.1
+
+Updates in this version
+:   See the Istio release notes for [Istio 1.23.0](https://istio.io/latest/news/releases/1.23.x/announcing-1.23/){: external} and [Istio 1.23.1](https://istio.io/latest/news/releases/1.23.x/announcing-1.23.1/.){: external}.
+:   Resolves the following CVEs:
+    - [CVE-2024-6119](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-6119){: external}
+    - [usn-6986-1](https://ubuntu.com/security/notices/USN-6986-1){: external}
+
 ## Version 1.22
 {: #v122}