Use when the user asks about upgrading Istio, checking Istio version compatibility, planning an Istio migration, performing pre-upgrade checks, preparing for a version bump, or creating an Istio upgrade plan. Checks CRD compatibility and storage version changes, validates sidecar proxy version skew against control-plane skew limits, reviews EnvoyFilter deprecated xDS API usage and Wasm ABI compatibility, analyzes east-west gateway upgrade ordering in multi-cluster environments, assesses federation controller compatibility and trust bundle exchange, identifies breaking changes across all intermediate Istio releases, and produces a scored upgrade readiness assessment with a go/no-go recommendation and rollback strategy.
84
97%
Does it follow best practices?
Impact
96%
1.18xAverage score across 1 eval scenario
Advisory
Suggest reviewing before use
Use this document to evaluate the upgrade risks and compute final readiness and confidence scores.
Fill out this matrix for all evaluated areas:
| Area | Status | Severity | Explanation |
|---|---|---|---|
| Control Plane | |||
| Data Plane / Proxy Skew | |||
| Revisions & Webhooks | |||
| Sidecar Injection | |||
| CRDs | |||
| EnvoyFilters | |||
| East-West Gateways | |||
| Federation | |||
| Service Discovery | |||
| Security (mTLS / AuthzPolicy) | |||
| Telemetry | |||
| Kubernetes Compatibility |
Start at 100 points. Deduct points for each compatibility or risk finding based on its severity:
| Score | Decision | Recommendation |
|---|---|---|
| 90-100 | [OK] Ready | Upgrade is safe to proceed. |
| 75-89 | [WARN] Ready with remediation | Upgrade can proceed after addressing warnings/remediations. |
| 50-74 | [RISK] Significant risk | Not recommended; significant risks or blockers must be resolved first. |
| 0-49 | [NO] Not recommended | Blocker issues exist; upgrade is unsafe. |
Start at 100% confidence. Deduct to reflect unknowns or unverified configurations: