Stay organized with collections
Save and categorize content based on your preferences.
This page describes features that are supported in Anthos Service Mesh
1.10.6 with an in-cluster control plane. To see the supported
features for Anthos Service Mesh 1.10.6 with a Google-managed control
plane instead, see
Google-managed control plane.
Supported versions
Support for Anthos Service Mesh follows the
Anthos Version Support Policy.
Google supports the current and previous two (n-2) minor versions of
Anthos Service Mesh. The following table shows the supported versions of Anthos Service Mesh
and the earliest end-of-life (EOL) date for a version.
If you are on an unsupported version of Anthos Service Mesh, then you must upgrade to
Anthos Service Mesh v1.12 or later. For information on how to upgrade, see
Upgrade Anthos Service Mesh.
The following table shows the unsupported versions of Anthos Service Mesh and their
end-of-life (EOL) date.
For more information about our support policies, refer to
Getting support.
Platform differences
The supported features differ between the
supported platforms and whether the
GKE on Google Cloud clusters are in the same project or in
different projects. In the following tables, any feature with the
icon indicates that the feature is enabled by
default. Supported optional indicates that the feature is supported
for the platform and can be enabled, as described in
Enabling optional features.
The default and optional features are fully supported by Google Cloud
Support. Features not explicitly listed in the tables receive best-effort
support. Any feature with the icon indicates
either the feature isn't available or it isn't supported.
The Other Anthos clusters columns refer to clusters that are not
GKE clusters on Google Cloud, for example
Anthos clusters on VMware, bare metal, etc.
Install/upgrade/downgrades
Installations, upgrades, and downgrades of Anthos Service Mesh must be done using
istioctl install. The other methods of
installing Istio
are unsupported.
Using the install_asm script
The install_asm script calls istioctl install. For more information about
the install_asm script, see
GKE single project.
The integration between Anthos Service Mesh and metrics export to
Prometheus is supported.
The topology graph in the Google Cloud console no longer uses the
Mesh telemetry service as its data source. Although the data source for
the topology graph has changed, the UI remains the same.
Access logging
Feature
GKE clusters on Google Cloud
Anthos clusters on-premises
Other Anthos clusters
Cloud Logging
Direct Envoy to stdout
Supported optional
Supported optional
Supported optional
Tracing
Feature
GKE clusters on Google Cloud
Anthos clusters on-premises
Other Anthos clusters
Cloud Trace
Supported optional
Supported optional
Jaeger tracing (allows use of customer-managed Jaeger)
Compatible
Compatible
Compatible
Zipkin tracing (allows use of customer-managed Zipkin)
Compatible
Compatible
Compatible
The integration between Anthos Service Mesh and Jaeger or Zipkin
is supported. See Distributed Tracing for details.
Networking
Traffic interception/redirection mechanism
Feature
GKE clusters on Google Cloud
Other Anthos clusters
Traditional use of iptables using init containers
with CAP_NET_ADMIN
Although TCP is a supported protocol for networking, TCP
metrics aren't collected or reported. Metrics are displayed only for HTTP
services in the console.
Services that are configured with Layer 7 capabilities for
the following protocols are not supported: WebSocket, MongoDB, Redis, Kafka,
Cassandra, RabbitMQ, Cloud SQL. You might be able to make the protocol work by
using TCP byte stream support. If TCP byte stream cannot support the protocol
(for example, Kafka sends a redirect address in a protocol-specific reply and
this redirect is incompatible with Anthos Service Mesh's routing logic), then the
protocol isn't supported.
Envoy deployments
Feature
GKE clusters on Google Cloud
Other Anthos clusters
Sidecars
Ingress gateway
Egress directly out from sidecars
Egress using egress gateways
Supported optional
Supported optional
CRD support
Feature
GKE clusters on Google Cloud
Other Anthos clusters
Sidecar resource
Service entry resource
Percentage, fault injection, path matching, redirects, retries, rewriting,
timeout, retry, mirroring, header manipulation, and CORS routing rules
For multi-primary deployments of GKE clusters in different
projects, all the clusters must be in a
shared Virtual Private Cloud (VPC).
Network
Feature
GKE clusters on Google Cloud
Anthos clusters on-premises
Other Anthos clusters
Single network
Multi-network
Deployment model
Feature
GKE clusters on Google Cloud
Anthos clusters on-premises
Other Anthos clusters
Multi-primary
Primary-remote
Notes on terminology
A primary cluster is a cluster with a control plane. A single mesh can have
more than one primary cluster for high availability or to reduce latency.
In the Istio 1.7 documentation, a multi-primary deployment is referred to
as a replicated control plane.
A remote cluster is a cluster that connects to a control plane residing
outside of the cluster. A remote cluster can connect to a control plane
running in a primary cluster or to an external control plane.
Anthos Service Mesh uses a simplified definition of network based on general
connectivity. Workload instances are on the same network if they are able to
communicate directly, without a gateway.
User interface
Feature
GKE clusters on Google Cloud same project
GKE clusters on Google Cloud different projects
Anthos clusters on-premises
Other Anthos clusters
Anthos Service Mesh dashboards in the console
Cloud Monitoring
Cloud Logging
Cloud Trace
Supported platforms
Only the following environments are supported with Anthos Service Mesh
1.10.6. All other environments are unsupported.
Platform
Version
GKE on Google Cloud
We recommend that you enroll GKE clusters on Google Cloud in a
release
channel. When enrolling, use the Regular release channel because other
channels might be based on a GKE version that isn't
supported. Anthos Service Mesh 1.10.6 supports the following
GKE version: 1.18 or later.
For more information about the GKE versions included in
each release channel see the following:
The GKE cluster must be Standard, because Autopilot clusters
have
Webhooks limitations
that don't allow the MutatingWebhookConfiguration for the
istio-sidecar-injector.
Anthos clusters on VMware 1.8
Kubernetes version 1.20
Anthos on bare metal 1.8
Kubernetes version 1.20
Anthos clusters on AWS 1.8
Kubernetes version 1.20
Anthos attached clusters
Anthos Service Mesh 1.10.6-asm.2 hasn't been qualified on
Anthos
attached clusters (Amazon EKS and Microsoft AKS) and is
unsupported. These platforms were qualified and are fully supported
on Anthos Service Mesh 1.7 with Kubernetes 1.17. If you have Anthos Service Mesh 1.7
installed on these platforms, don't upgrade to Anthos Service Mesh
1.10.6-asm.2. See
Installing
Anthos Service Mesh 1.7 on Anthos attached clusters for details.