diff --git a/calico-cloud/compliance/istio/about-istio-ambient.mdx b/calico-cloud/compliance/istio/about-istio-ambient.mdx index bd2f8328dd..67d3c6587f 100644 --- a/calico-cloud/compliance/istio/about-istio-ambient.mdx +++ b/calico-cloud/compliance/istio/about-istio-ambient.mdx @@ -7,6 +7,13 @@ description: An overview of Calico's bundled version of Istio Ambient Mode You can use $[prodname] to deploy and manage an Istio service mesh on your cluster. $[prodname] installs Istio in ambient mode, which conserves resources while providing the same robust mTLS encryption for your services. +:::note + +Istio Ambient Mode is a tech preview feature. +Tech preview features are subject to significant changes before they become GA. + +::: + ## About Istio Ambient Mode Istio is a service mesh that manages and secures communication between microservices. diff --git a/calico-cloud/compliance/istio/deploy-istio-ambient.mdx b/calico-cloud/compliance/istio/deploy-istio-ambient.mdx index 4f3c7c2b3f..a2f650eb59 100644 --- a/calico-cloud/compliance/istio/deploy-istio-ambient.mdx +++ b/calico-cloud/compliance/istio/deploy-istio-ambient.mdx @@ -6,6 +6,13 @@ description: This page explains how to deploy Calico's bundled version of Istio You can deploy Calico's bundled version of Istio in ambient mode to provide mTLS encryption to your workloads. +:::note + +Istio Ambient Mode is a tech preview feature. +Tech preview features are subject to significant changes before they become GA. + +::: + ## Limitations * [Application layer network policies](../../network-policy/application-layer-policies/alp.mdx) are not compatible with the Istio service mesh. diff --git a/calico-enterprise/compliance/istio/about-istio-ambient.mdx b/calico-enterprise/compliance/istio/about-istio-ambient.mdx index bd2f8328dd..67d3c6587f 100644 --- a/calico-enterprise/compliance/istio/about-istio-ambient.mdx +++ b/calico-enterprise/compliance/istio/about-istio-ambient.mdx @@ -7,6 +7,13 @@ description: An overview of Calico's bundled version of Istio Ambient Mode You can use $[prodname] to deploy and manage an Istio service mesh on your cluster. $[prodname] installs Istio in ambient mode, which conserves resources while providing the same robust mTLS encryption for your services. +:::note + +Istio Ambient Mode is a tech preview feature. +Tech preview features are subject to significant changes before they become GA. + +::: + ## About Istio Ambient Mode Istio is a service mesh that manages and secures communication between microservices. diff --git a/calico-enterprise/compliance/istio/deploy-istio-ambient.mdx b/calico-enterprise/compliance/istio/deploy-istio-ambient.mdx index 4f3c7c2b3f..a2f650eb59 100644 --- a/calico-enterprise/compliance/istio/deploy-istio-ambient.mdx +++ b/calico-enterprise/compliance/istio/deploy-istio-ambient.mdx @@ -6,6 +6,13 @@ description: This page explains how to deploy Calico's bundled version of Istio You can deploy Calico's bundled version of Istio in ambient mode to provide mTLS encryption to your workloads. +:::note + +Istio Ambient Mode is a tech preview feature. +Tech preview features are subject to significant changes before they become GA. + +::: + ## Limitations * [Application layer network policies](../../network-policy/application-layer-policies/alp.mdx) are not compatible with the Istio service mesh. diff --git a/calico-enterprise_versioned_docs/version-3.22-2/compliance/istio/about-istio-ambient.mdx b/calico-enterprise_versioned_docs/version-3.22-2/compliance/istio/about-istio-ambient.mdx index 1487b9aa2f..67d3c6587f 100644 --- a/calico-enterprise_versioned_docs/version-3.22-2/compliance/istio/about-istio-ambient.mdx +++ b/calico-enterprise_versioned_docs/version-3.22-2/compliance/istio/about-istio-ambient.mdx @@ -7,6 +7,13 @@ description: An overview of Calico's bundled version of Istio Ambient Mode You can use $[prodname] to deploy and manage an Istio service mesh on your cluster. $[prodname] installs Istio in ambient mode, which conserves resources while providing the same robust mTLS encryption for your services. +:::note + +Istio Ambient Mode is a tech preview feature. +Tech preview features are subject to significant changes before they become GA. + +::: + ## About Istio Ambient Mode Istio is a service mesh that manages and secures communication between microservices. @@ -43,4 +50,4 @@ Existing network policies need to be adapted to allow communication to port 1500 ## Additional resources * [Overview of Istio ambient mode](https://istio.io/latest/docs/ambient/overview/). -* [Ambient and Kubernetes NetworkPolicy](https://istio.io/latest/docs/ambient/usage/networkpolicy/) \ No newline at end of file +* [Ambient and Kubernetes NetworkPolicy](https://istio.io/latest/docs/ambient/usage/networkpolicy/) diff --git a/calico-enterprise_versioned_docs/version-3.22-2/compliance/istio/deploy-istio-ambient.mdx b/calico-enterprise_versioned_docs/version-3.22-2/compliance/istio/deploy-istio-ambient.mdx index 4f3c7c2b3f..a2f650eb59 100644 --- a/calico-enterprise_versioned_docs/version-3.22-2/compliance/istio/deploy-istio-ambient.mdx +++ b/calico-enterprise_versioned_docs/version-3.22-2/compliance/istio/deploy-istio-ambient.mdx @@ -6,6 +6,13 @@ description: This page explains how to deploy Calico's bundled version of Istio You can deploy Calico's bundled version of Istio in ambient mode to provide mTLS encryption to your workloads. +:::note + +Istio Ambient Mode is a tech preview feature. +Tech preview features are subject to significant changes before they become GA. + +::: + ## Limitations * [Application layer network policies](../../network-policy/application-layer-policies/alp.mdx) are not compatible with the Istio service mesh. diff --git a/calico-enterprise_versioned_docs/version-3.22-2/release-notes/index.mdx b/calico-enterprise_versioned_docs/version-3.22-2/release-notes/index.mdx index 3afb904c98..e9ad426440 100644 --- a/calico-enterprise_versioned_docs/version-3.22-2/release-notes/index.mdx +++ b/calico-enterprise_versioned_docs/version-3.22-2/release-notes/index.mdx @@ -30,6 +30,10 @@ This release adds customization options for specifying external load balancers f For more information, see [Customize gateway deployment and features](../networking/ingress-gateway/customize-ingress-gateway.mdx#customize-gateway-deployment-and-features). +### Istio Ambient Mode (tech preview) +Calico now provides a bundled version of Istio in ambient mode, a sidecarless architecture that delivers robust mTLS encryption and service mesh security while significantly reducing resource consumption and operational overhead. This implementation, managed by the Tigera Operator, features an enhanced zTunnel proxy that preserves original destination ports to ensure existing Calico and Kubernetes network policies continue to function seamlessly without requiring rewrites. + +For more information, see [Istio Ambient Mode](../compliance/istio/about-istio-ambient.mdx). ### HTTP header-based matching for application layer policies This release includes support for HTTP header-based matching for application layer policies. @@ -176,6 +180,9 @@ Calico Enterprise 3.22.1 is now available as a general availability release. This release is supported for use in production. +This release adds the following features: +* [Istio Ambient Mode](#istio-ambient-mode-tech-preview) + #### Enhancements * TBD diff --git a/calico-enterprise_versioned_docs/version-3.22-2/variables.js b/calico-enterprise_versioned_docs/version-3.22-2/variables.js index 42aa775c75..996835be68 100644 --- a/calico-enterprise_versioned_docs/version-3.22-2/variables.js +++ b/calico-enterprise_versioned_docs/version-3.22-2/variables.js @@ -2,13 +2,13 @@ const releases = require('./releases.json'); const componentImage = require('../../src/components/utils/componentImage'); const variables = { - releaseTitle: 'v3.22.0-2.0', + releaseTitle: 'v3.22.1', prodname: 'Calico Enterprise', prodnamedash: 'calico-enterprise', version: 'v3.22', openSourceVersion: releases[0].calico.minor_version.slice(1), baseUrl: '/calico-enterprise/latest', - filesUrl: 'https://downloads.tigera.io/ee/v3.22.0-2.0', + filesUrl: 'https://downloads.tigera.io/ee/v3.22.1', rpmsUrl: 'https://downloads.tigera.io/ee/rpms/' + releases[0].title.slice(0, 5), tutorialFilesURL: 'https://docs.tigera.io/files', tmpScriptsURL: 'https://docs.tigera.io/calico-enterprise/3.22', @@ -20,7 +20,7 @@ const variables = { rootDirWindows: 'C:\\TigeraCalico', registry: 'quay.io/', envoyVersion: '1.5.0', - chart_version_name: 'v3.22.0-2.0-0', + chart_version_name: 'v3.22.1-0', tigeraOperator: releases[0]['tigera-operator'], dikastesVersion: releases[0].components.dikastes.version, releases,