Supported features

This page describes features that are supported in Anthos Service Mesh 1.5.10. For the supported features in Anthos Service Mesh 1.4.10, see the Supported features page in the archive documentation.

Supported versions

Support for Anthos Service Mesh follows the Anthos Version Support Policy. Google supports the current and previous two (n-2) minor versions of Anthos Service Mesh. The following table shows the supported versions of Anthos Service Mesh and the earliest end-of-life (EOL) date for a version.

Release version Release date Earliest EOL date
1.4 December 20, 2019 Unsupported (September 18, 2020)
1.5 May 20, 2020 Unsupported (February 17, 2021)
1.6 June 30, 2020 Unsupported (March 30, 2021)
1.7 November 3, 2020 December 10, 2021
1.8 December 15, 2020 September 15, 2021
1.9 March 4, 2021 December 4, 2021
1.10 June 24, 2021 March 24, 2022

Anthos Service Mesh 1.6, 1.5, and 1.4 are no longer supported. You must upgrade to Anthos Service Mesh 1.7 or later. For information on how to upgrade, see the following guides:

For more information about our support policies, refer to Getting support.

Platform differences

Anthos Service Mesh provides profiles for the platforms that it supports. In the following tables, any feature with the icon in a Supported column indicates that the feature is fully supported by Google Cloud Support. Features not explicitly listed in the tables receive best-effort support.

  • Supported default indicates a feature that is either enabled by default or enabled in the configuration profile that you use when you install Anthos Service Mesh.

  • Supported optional indicates a feature that you can optionally enable when you install Anthos Service Mesh. For information on enabling a Supported optional feature, see Enabling optional features.

  • Not supported indicates that the feature is not supported in Anthos Service Mesh.

The supported features differ between Google Kubernetes Engine and Anthos clusters on VMware. A configuration profile is provided for each platform to enable the Supported default features when you install Anthos Service Mesh.

Install/upgrade/rollback

Not all of the tools that you use to install Anthos Service Mesh on Anthos clusters on VMware are supported.

Feature GKE Anthos clusters on VMware
istioctl install
istioctl upgrade and downgrade
Anthos CLI install
Anthos CLI upgrade and downgrade
helm install
Migration from Istio on GKE N/A

Security

Certificate distribution/rotation mechanisms

Feature GKE Anthos clusters on VMware
workload certificate management using Envoy SDS
external certificate management on ingress gateway using Envoy SDS
certificate provisioning using secret volume mount

Certificate authority (CA) support

Feature GKE Anthos clusters on VMware
Anthos Service Mesh certificate authority (Mesh CA)
Citadel CA
Integration with custom CAs

Authorization policy

Feature Supported default Supported optional Not supported
Authorization v1beta1 policy

Authentication policy

Peer authentication

Feature Supported default Supported optional Not supported
PERMISSIVE mTLS mode is enabled at mesh level
mTLS STRICT mode
Auto-mTLS

Request authentication

Feature Supported default Supported optional Not supported
JWT authentication

Telemetry

Metrics

Feature GKE Anthos clusters on VMware
Cloud Monitoring (HTTP in-proxy metrics)
Cloud Monitoring (TCP in-proxy metrics)
Mesh telemetry (in-proxy edge data)
Prometheus metrics export to Grafana
Prometheus metrics export to Kiali
Custom adapters/backends, in or out of process
Arbitrary telemetry and logging backends

Access logging

Feature GKE Anthos clusters on VMware
Cloud Logging
Direct Envoy to stdout Supported optional Supported optional

Tracing

Feature GKE Anthos clusters on VMware
Cloud Trace Supported optional
Jaeger tracing
Zipkin tracing

Policy

Feature GKE Anthos clusters on VMware
Policy checks

Networking

Traffic interception/redirection mechanism

Feature Supported default Supported optional Not supported
Traditional use of iptables using init containers with CAP_NET_ADMIN
Istio Container Network Interface (CNI)
Whitebox sidecar

Protocol support

Feature Supported Not supported
IPv4
HTTP/1.1
HTTP/2
TCP byte streams (Note 1)
gRPC
IPv6
L7 support for WebSocket (Note 2)
L7 support for MongoDB (Note 2)
L7 support for Redis (Note 2)
L7 support for Kafka (Note 2)
L7 support for Cassandra (Note 2)
L7 support for RabbitMQ (Note 2)
L7 support for Cloud SQL (Note 2)

Notes:

  1. Although TCP is a supported protocol for networking, TCP metrics aren't collected or reported. Metrics are displayed only for HTTP services in the Cloud Console.
  2. You might be able to make the protocol work by using TCP byte stream support. If TCP byte stream cannot support the protocol (for example, Kafka sends a redirect address in a protocol-specific reply and this redirect is incompatible with Anthos Service Mesh's routing logic), then the protocol isn't supported.

Envoy deployments

Feature Supported default Supported optional Not supported
Sidecars
Ingress gateway
Egress directly out from sidecars
Egress using egress gateways

CRD support

Feature Supported Not supported
Sidecar resource
Service entry resource
Percentage, fault injection, path matching, redirects, retries, rewriting, timeout, retry, mirroring, header manipulation, and CORS routing rules
custom Envoy filters

Load balancer for the Istio ingress gateway

For installations on GKE, you can enable an internal load balancer for the Istio ingress gateway. Internal load balancers aren't supported for Anthos clusters on VMware. For information on configuring Anthos clusters on VMware, see Setting up your load balancer for Anthos clusters on VMware.

Feature Supported default Supported optional Not supported
Public load balancer
Internal load balancer

Load balancing policies

Feature Supported Not supported
round robin
least connections
random
passthrough
Consistent Hash
locality-weighted

User interface

Feature GKE Anthos clusters on VMware
Anthos Service Mesh dashboards in the Cloud Console
Cloud Monitoring
Cloud Logging
Grafana dashboards Installed, customer-managed
Kiali Installed, customer-managed

As a convenience, the configuration profile for Anthos clusters on VMware installs an instance of Grafana and Kiali, but Cloud Support can't provide help managing these these third-party products. See their documentation for help setting up and managing the dashboards.

Managed components

Currently Anthos Service Mesh certificate authority (Mesh CA) and the Anthos Service Mesh pages in the Cloud Console aren't available on Anthos clusters on VMware.

Supported environments

Anthos Service Mesh 1.5 is supported with the following GKE and Anthos clusters on VMware versions. All other environments are unsupported.

GKE

Anthos Service Mesh 1.5 supports the following GKE versions: 1.14, 1.15, and 1.16.

Anthos clusters on VMware

Anthos clusters on VMware version 1.2.0-gke.6 and higher, which is included in Anthos 1.2.