Illumio Core What's New and Release Notes for 23.5

Missing app-tiers label on pod using annotation (E-117004)

In non-CLAS (legacy) container clusters, when applying Illumio labels through Kubernetes annotations, a label key containing a dash (-) is not properly assigned to Container Workloads. For example, a pod annotation of annotation.com.illumio.app-tiers with a label value of AT_A is not created with label type App-Tiers nor the label AT_A.  This issue is now resolved for new Container Workloads created on this release. However, upgrading the PCE to this release does not fix existing Container Workloads that have labels containing a dash character. To fix such existing Container Workloads, you can edit the Container Workload Profile to add another possible value for the dash-containing label. After saving this edit, existing Container Workloads get relabeled correctly to their assigned annotation values.

CLAS - Rules are not created for Kubernetes Workloads and VIPs (E-116721) 

In CLAS-enabled deployments, rules created between a Kubernetes Workload and a VIP (from a virtual server, for example a F5 Virtual Server) are not created even after provisioning. These rules fail to appear in the PCE Web Console. This issue is resolved. The new runtime environment  variable clas_workloads_ipset_only_changes_enabled must be set to false in the PCE runtime_env.yml file (under agent_service:) for the PCE to correctly send Virtual Server instructions to Kubernetes Workloads.