istio(1.26.2): OpenShift TPROXY Fixes and Gateway API Consistency Enhancements
๐ Recommended Actions โ No Immediate Action Required No immediate action required for most users. OpenShift users leveraging TPROXY mode should review the update for critical fixes. All Gateway API users should be aware of internal VirtualService naming changes for generated resources. ๐ Summary Istio 1.26.2 delivers targeted fixes and crucial consistency improvements, especially for OpenShift and Gateway API users. A significant bug has been resolved for OpenShift deployments utilizing TPROXY mode, which previously suffered from incorrect UID and GID assignments for sidecar containers. This fix ensures proper operation and security context enforcement. The release also brings enhanced robustness to Gateway API status reconciliation. Internal logic now intelligently compares desired and live states before writing, dramatically reducing redundant status updates and handling concurrent modifications more gracefully. This means a more stable control plane experience. Furthermore, the naming convention for auto-generated VirtualServices from HTTPRoutes has been refined for consistency, adopting a new scheme that directly reflects the merge key. While an internal detail, this can impact tools relying on generated resource names. Finally, internal integration tests gain greater flexibility with a new flag to control Gateway API deployment, alongside a fix for Kind cluster registry redirection. This patch release focuses on improving stability and correctness for specific deployment scenarios and advanced users. ...