[{
"type": "thumb-down",
"id": "hardToUnderstand",
"label":"Hard to understand"
},{
"type": "thumb-down",
"id": "incorrectInformationOrSampleCode",
"label":"Incorrect information or sample code"
},{
"type": "thumb-down",
"id": "missingTheInformationSamplesINeed",
"label":"Missing the information/samples I need"
},{
"type": "thumb-down",
"id": "otherDown",
"label":"Other"
}]
[{
"type": "thumb-up",
"id": "easyToUnderstand",
"label":"Easy to understand"
},{
"type": "thumb-up",
"id": "solvedMyProblem",
"label":"Solved my problem"
},{
"type": "thumb-up",
"id": "otherUp",
"label":"Other"
}]
Supported features
This page describes features that are supported in Anthos Service Mesh 1.4.9.
Supported versions
Support for Anthos Service Mesh follows the
Anthos Version Support Policy.
Google supports the current and previous two (n-2) minor versions of
Anthos Service Mesh. The following table shows the supported versions of Anthos Service Mesh
and the earliest end-of-life (EOL) date for a version.
In the following tables, any feature with a check mark in a
Supported column indicates that the feature is fully supported by
Google Cloud Support. Features not explicitly listed in the tables receive
best-effort support.
Supported default indicates a feature that is enabled by default when you
install Anthos Service Mesh.
Supported optional indicates a feature that you can optionally enable
when you install Anthos Service Mesh. For information on enabling a
Supported optional feature, see
Enabling optional features.
Not supported indicates that the feature is not supported in Anthos Service Mesh.
Anthos clusters on VMware: certificate provisioning using secret volume mount
Certificate authority (CA) support
Feature
Supported default
Supported optional
Not supported
GKE: Anthos Service Mesh certificate authority (Mesh CA)
Anthos clusters on VMware: Citadel CA
Integration with custom CAs
Authorization policy
Feature
Supported default
Supported optional
Not supported
Authorization v1beta1 policy
RBAC v1alpha1 policy
Authentication policy
Scope
Feature
Supported
Not supported
mesh-level policy
namespace-level policy
service-level policy
Transport security
Feature
Supported default
Supported optional
Not supported
PERMISSIVE mTLS mode is enabled at mesh level
mTLS STRICT mode
Auto-mTLS
Request authentication (JWT)
Feature
Supported default
Supported optional
Not supported
Policy with JWT must have origin_is_optional set to true
and principal_binding set to USE_ORIGIN
Telemetry
Currently, Cloud Monitoring, Cloud Logging, Cloud Trace, and
Anthos Service Mesh in the Google Cloud Console aren't available on
Anthos clusters on VMware.
Metrics
Feature
Supported default
Supported optional
Not supported
HTTP in-proxy metrics to Cloud Monitoring and Anthos Service Mesh in the
Cloud Console
Prometheus as an alternative to Cloud Monitoring
Telemetry V2 using WebAssembly Sandbox
Custom adapters/backends, in or out of process
Arbitrary Telemetry and Logging backends
Telemetry V1 for any metrics
Telemetry Lite for any metrics
Access logging
Feature
Supported default
Supported optional
Not supported
Cloud Logging
Direct Envoy to stdout
Tracing
Feature
Supported default
Supported optional
Not supported
Cloud Trace
Jaeger tracing
Zipkin tracing
Policy
Feature
Supported
Not supported
Policy checks
Networking
Traffic interception/redirection mechanism
Feature
Supported default
Supported optional
Not supported
Traditional use of iptables using init containers
with CAP_NET_ADMIN
Istio Container Network Interface (CNI)
Whitebox sidecar
Protocol support
Feature
Supported
Not supported
IPv4
HTTP/1.1
HTTP/2
TCP byte streams
Although TCP is a supported protocol, TCP metrics aren't collected or
reported. Metrics are displayed only for HTTP services on the Anthos Service Mesh
pages in the Cloud Console.
L7 support for protocols like WebSocket, MongoDB, Redis, Kafka (although
you may be able to make them work by using TCP byte stream support).
If TCP byte stream cannot support the protocol (for example, Kafka sends a
redirect address in a protocol-specific reply and this redirect is
incompatible with Istio's routing logic), then we do not support the protocol.
Envoy deployments
Feature
Supported default
Supported optional
Not supported
Sidecars
Ingress gateway
Egress directly out from sidecars
Egress using egress gateways
CRD support
Feature
Supported
Not supported
Sidecar resource
Service entry resource
Percentage, fault injection, path matching, redirects, retries, rewriting,
timeout, retry, mirroring, header manipulation, and CORS routing rules
For installations on GKE, you can enable an internal
load balancer for the Istio ingress gateway. Internal load balancers aren't
supported for Anthos clusters on VMware. For information on configuring
Anthos clusters on VMware, see
Setting up your load balancer for Anthos clusters on VMware.
Feature
Supported default
Supported optional
Not supported
Public load balancer
Internal load balancer
Load balancing policies
Feature
Supported
Not supported
round robin
least connections
random
passthrough
Consistent Hash
locality-weighted
User interface
Currently, Anthos Service Mesh in the Cloud Console isn't available on
Anthos clusters on VMware.
Feature
Supported default
Supported optional
Not supported
Anthos Service Mesh observability features in the Google Cloud Console with
Telemetry V2
Cloud Monitoring and Cloud Logging
Grafana dashboards
Optionally installed, customer-managed
Kiali
As a convenience, the configuration profile for Anthos clusters on VMware
installs an instance of Grafana, but Cloud Support can't provide
help managing this third-party product. See Grafana documentation
for help setting up and managing the dashboards.
Managed components
Currently Anthos Service Mesh certificate authority (Mesh CA) and the Anthos Service Mesh pages in
the Cloud Console aren't available on Anthos clusters on VMware.
Supported environments
Anthos Service Mesh 1.4 is supported with the following
GKE and Anthos clusters on VMware versions. All other
environments are unsupported.
GKE
Anthos Service Mesh 1.4 supports the following GKE versions: 1.14 and
1.15.
Anthos clusters on VMware
Anthos clusters on VMware version 1.2.0-gke.6 and higher, which is
included in Anthos 1.2.
[{
"type": "thumb-down",
"id": "hardToUnderstand",
"label":"Hard to understand"
},{
"type": "thumb-down",
"id": "incorrectInformationOrSampleCode",
"label":"Incorrect information or sample code"
},{
"type": "thumb-down",
"id": "missingTheInformationSamplesINeed",
"label":"Missing the information/samples I need"
},{
"type": "thumb-down",
"id": "otherDown",
"label":"Other"
}]
[{
"type": "thumb-up",
"id": "easyToUnderstand",
"label":"Easy to understand"
},{
"type": "thumb-up",
"id": "solvedMyProblem",
"label":"Solved my problem"
},{
"type": "thumb-up",
"id": "otherUp",
"label":"Other"
}]
