Cloud Service Mesh supports a variety of infrastructures (GKE/Kubernetes, Compute Engine) and environments (on-premises, other clouds). This page describes the APIs and options for using Cloud Service Mesh across all of these options.
On Google Cloud
There are two choices of APIs on Google Cloud based on which infrastructure you plan to use.
If your workloads are exclusively on GKE, use the Istio APIs.
- Use the fleet API to install Cloud Service Mesh on clusters in the fleet.
- Choose the CA you want to use, MeshCA or CAS. The clusters in the fleet will all use the same CA, establishing trust across the workloads running on the clusters.
- The Service Mesh UI is enabled automatically.
Managed control plane for GKE
The control plane provisioned for these clusters depends on whether you are adding clusters to an existing fleet or are provisioning a new fleet.
New fleets use the global, managed control plane. This control plane scales across the entire Google Cloud network and provides enhanced reliability and stability.
If you are adding clusters to an existing fleet, new clusters will use the same managed control plane implementation as existing clusters.
Unmanaged Cloud Service Mesh
There is also an option to use an unmanaged, in-cluster control plane. Google strongly recommends using managed Cloud Service Mesh to let Google update and maintain the mesh infrastructure. This option should only be used if the managed Cloud Service Mesh does not support your use case. It requires users to perform regular releases and patches to keep the system updated.
VMs, GKE and or Proxyless gRPC
If your workloads are a combination of VMs and GKE, or use proxyless gRPC, you should use the Service Routing APIs. These APIs let you define a mesh and configure the routing between services in that mesh.
Off Google Cloud
Cloud Service Mesh supports GKE and attached clusters in a variety of environments. In this case, Cloud Service Mesh is part of GKE Enterprise on Google Cloud. Cloud Service Mesh is supported the following environments:
- GKE on VMware
- GKE on Bare Metal
- GKE on AWS
- GKE on Azure
- EKS Kubernetes clusters on AWS
- AKS Kubernetes clusters on EKS
In these environments Cloud Service Mesh is installed in-cluster using
asmcli. The Istio APIs are installed in the cluster enabling the user to
configure the service mesh for Kubernetes workloads.
1.20.x
Only the following environments are supported for in-cluster Anthos Service Mesh 1.20.x. All other environments are unsupported.
| Platform | Version |
|---|---|
| GKE on Google Cloud |
We recommend that you enroll GKE clusters on
Google Cloud in a
release
channel. When enrolling, use the Regular release channel because other
channels might be based on a GKE version that isn't
supported. Anthos Service Mesh 1.20 supports the following
GKE versions: 1.27-1.29.
For more information about the GKE versions included in each release channel see the following: The GKE cluster must be Standard. GKE Autopilot cluster is not supported by the in-cluster control plane. In order to use the GKE Autopilot, you must choose managed Anthos Service Mesh. |
| GKE on VMware 1.15, 1.16, 1.28 | Kubernetes version 1.26-1.28 |
| Google Distributed Cloud Virtual for Bare Metal 1.15, 1.16, 1.28 | Kubernetes version 1.26-1.28 |
| GKE on AWS | Kubernetes version 1.26-1.28 |
| GKE on Azure | Kubernetes version 1.26-1.28 |
| Anthos attached clusters | Amazon EKS on Kubernetes 1.26-1.28 and Microsoft AKS on Kubernetes 1.26-1.28 |
1.19.x
Only the following environments are supported for in-cluster Anthos Service Mesh 1.19.x. All other environments are unsupported.
| Platform | Version |
|---|---|
| GKE on Google Cloud |
We recommend that you enroll GKE clusters on
Google Cloud in a
release
channel. When enrolling, use the Regular release channel because other
channels might be based on a GKE version that isn't
supported. Anthos Service Mesh 1.19 supports the following
GKE versions: 1.26-1.29.
For more information about the GKE versions included in each release channel see the following: The GKE cluster must be Standard. GKE Autopilot cluster is not supported by the in-cluster control plane. In order to use the GKE Autopilot, you must choose managed Anthos Service Mesh. |
| GKE on VMware 1.15, 1.16, 1.28 | Kubernetes version 1.26-1.28 |
| Google Distributed Cloud Virtual for Bare Metal 1.15, 1.16, 1.28 | Kubernetes version 1.26-1.28 |
| GKE on AWS | Kubernetes version 1.26-1.28 |
| GKE on Azure | Kubernetes version 1.26-1.28 |
| Anthos attached clusters | Amazon EKS on Kubernetes 1.26-1.28 and Microsoft AKS on Kubernetes 1.26-1.28 |
1.18.x
Only the following environments are supported for in-cluster Anthos Service Mesh 1.18.x. All other environments are unsupported.
| Platform | Version |
|---|---|
| GKE on Google Cloud |
We recommend that you enroll GKE clusters on
Google Cloud in a
release
channel. When enrolling, use the Regular release channel because other
channels might be based on a GKE version that isn't
supported. Anthos Service Mesh 1.18 supports the following
GKE versions: 1.26-1.27.
For more information about the GKE versions included in each release channel see the following: The GKE cluster must be Standard. GKE Autopilot cluster is not supported by the in-cluster control plane. In order to use the GKE Autopilot, you must choose managed Anthos Service Mesh. |
| GKE on VMware 1.15-1.16 | Kubernetes version 1.26-1.27 |
| Google Distributed Cloud Virtual for Bare Metal 1.15-1.16 | Kubernetes version 1.26-1.27 |
| GKE on AWS | Kubernetes version 1.26-1.27 |
| GKE on Azure | Kubernetes version 1.26-1.27 |
| Anthos attached clusters | Amazon EKS on Kubernetes 1.26-1.27 and Microsoft AKS on Kubernetes 1.26-1.27 |
For a list of environments that are supported for managed Cloud Service Mesh, see managed Cloud Service Mesh Environments.