Anthos Service Mesh and Traffic Director are now Cloud Service Mesh. For more information, see the Cloud Service Mesh overview.

Managed control plane modernization

Starting on July 22, 2024, Google will gradually update existing clusters to use the managed control plane with TD implementation. You will be notified before we update your meshes.

You can review the capabilities of the Istiod and Traffic Director control planes on the page that describes Supported features using Istio APIs (managed control plane).

Scheduling and Notification

You should receive notification that a cluster is scheduled to be updated at least two weeks before the update. Notifications are available in your cluster-level feature state conditions.

Use the following Google Cloud CLI command to check the notification:

gcloud container hub mesh describe --project=PROJECT_ID

You see results similar to the following:

membershipStates:
  projects/656460026795/locations/us-central1/memberships/cluster:
    servicemesh:
      conditions:
      - code: MODERNIZATION_SCHEDULED
        details: This cluster has been scheduled for modernization on or after (date ~ at least 2 weeks).
        documentationLink: 
        severity: INFO

Any legacy managed control plane clusters that were onboarded using the meshconfig.googleapis.com API will be automatically registered to the fleet in the cluster's project with the gkehub.googleapis.com Membership API. If you have any automation that deregisters a cluster, you must remove it before modernization or the modernization will have issues. For the managed product to work successfully, it must be registered to a fleet with the mesh feature enabled.

Contact support if you need to customize your modernization or if you have questions about whether you are using unsupported features.

Active modernization

During the modernization, in a safe and controlled way, the following changes take place:

To enable health checking, the snk daemonset is created in the kube-system namespace of the cluster and a per-cluster a firewall rule is created.
To enable network endpoint group (NEG) ingestion, the annotation cloud.google.com/neg is added to all Kubernetes services.
New Google Cloud resources such as Mesh, Routes, backend services, and health checks are created in the cluster.
Pods managed by Kubernetes deployments are restarted to reconnect to the Traffic Director control plane.

Some of the new resources are quota-limited. You can view quotas and request more if necessary.

You can track the progress of a fleet's modernization with the following Google Cloud CLI command, and looking in each member's conditions:

gcloud container hub mesh describe --project=PROJECT_ID

When a cluster is being modernized you will see:

conditions:
- code: MODERNIZATION_IN_PROGRESS
  details: The modernization for this cluster is in progress.
  documentationLink: 
  severity: INFO

When the modernization is complete you will see:

conditions:
- code: MODERNIZATION_COMPLETED
  details: The modernization for this cluster was completed.
  documentationLink: 
  severity: INFO

If the modernization is cancelled you will see:

conditions:
- code: MODERNIZATION_ABORTED
  details: The modernization for this cluster was aborted.
  documentationLink: 
  severity: INFO