This page describes features that are supported in Anthos Service Mesh
1.5.10. For the supported features in Anthos Service Mesh
1.4.10, see the
Supported features
page in the archive documentation.
Supported versions
Support for Anthos Service Mesh follows the
Anthos Version Support Policy.
Google supports the current and previous two (n-2) minor versions of
Anthos Service Mesh. The following table shows the supported versions of Anthos Service Mesh
and the earliest end-of-life (EOL) date for a version.
Release version |
Release date |
Earliest EOL date |
1.4 |
December 20, 2019 |
Unsupported (September 18, 2020) |
1.5 |
May 20, 2020 |
Unsupported (February 17, 2021) |
1.6 |
June 30, 2020 |
Unsupported (March 30, 2021) |
1.7 |
November 3, 2020 |
December 10, 2021 |
1.8 |
December 15, 2020 |
September 15, 2021 |
1.9 |
March 4, 2021 |
December 4, 2021 |
1.10 |
June 24, 2021 |
March 24, 2022 |
Anthos Service Mesh 1.6, 1.5, and 1.4 are no longer supported. You must upgrade to
Anthos Service Mesh 1.7 or later. For information on how to upgrade, see the
following guides:
For more information about our support policies, refer to
Getting support.
Anthos Service Mesh provides profiles for the platforms that it supports. In the
following tables, any feature with the
icon in a Supported column indicates that the feature is fully supported by
Google Cloud Support. Features not explicitly listed in the tables receive
best-effort support.
Supported default indicates a feature that is either enabled by default or
enabled in the configuration profile that you use when you install
Anthos Service Mesh.
Supported optional indicates a feature that you can optionally enable
when you install Anthos Service Mesh. For information on enabling a
Supported optional feature, see
Enabling optional features.
Not supported indicates that the feature is not supported in Anthos Service Mesh.
The supported features differ between Google Kubernetes Engine and Anthos clusters on VMware.
A configuration profile is provided for each platform to enable the
Supported default features when you install Anthos Service Mesh.
Install/upgrade/rollback
Not all of the tools that you use to install Anthos Service Mesh on
Anthos clusters on VMware are supported.
Feature |
GKE |
Anthos clusters on VMware |
istioctl install |
|
|
istioctl upgrade and downgrade |
|
|
Anthos CLI install |
|
|
Anthos CLI upgrade and downgrade |
|
|
helm install |
|
|
Migration from
Istio on GKE |
|
N/A |
Security
Certificate distribution/rotation mechanisms
Feature |
GKE |
Anthos clusters on VMware |
workload certificate management using Envoy SDS |
|
|
external certificate management on
ingress gateway using Envoy SDS |
|
|
certificate provisioning using secret volume mount |
|
|
Certificate authority (CA) support
Feature |
GKE |
Anthos clusters on VMware |
Anthos Service Mesh certificate authority (Mesh CA) |
|
|
Citadel CA |
|
|
Integration with custom CAs |
|
|
Authorization policy
Feature |
Supported default |
Supported optional |
Not supported |
Authorization v1beta1 policy |
|
|
|
Authentication policy
Peer authentication
Feature |
Supported default |
Supported optional |
Not supported |
PERMISSIVE mTLS mode is enabled at mesh level |
|
|
|
mTLS STRICT mode |
|
|
|
Auto-mTLS |
|
|
|
Request authentication
Feature |
Supported default |
Supported optional |
Not supported |
JWT authentication |
|
|
|
Telemetry
Metrics
Feature |
GKE |
Anthos clusters on VMware |
Cloud Monitoring (HTTP in-proxy metrics) |
|
|
Cloud Monitoring (TCP in-proxy metrics) |
|
|
Mesh telemetry (in-proxy edge data) |
|
|
Prometheus metrics export to Grafana |
|
|
Prometheus metrics export to Kiali |
|
|
Custom adapters/backends, in or out of process |
|
|
Arbitrary telemetry and logging backends |
|
|
Access logging
Feature |
GKE |
Anthos clusters on VMware |
Cloud Logging |
|
|
Direct Envoy to stdout |
Supported optional |
Supported optional |
Tracing
Feature |
GKE |
Anthos clusters on VMware |
Cloud Trace |
Supported optional |
|
Jaeger tracing |
|
|
Zipkin tracing |
|
|
Policy
Feature |
GKE |
Anthos clusters on VMware |
Policy checks |
|
|
Networking
Traffic interception/redirection mechanism
Feature |
Supported default |
Supported optional |
Not supported |
Traditional use of iptables using init containers
with CAP_NET_ADMIN |
|
|
|
Istio Container Network Interface (CNI) |
|
|
|
Whitebox sidecar |
|
|
|
Protocol support
Notes:
- Although TCP is a supported protocol for networking, TCP
metrics aren't collected or reported. Metrics are displayed only for HTTP
services in the Cloud Console.
- You might be able to make the protocol work by using TCP byte
stream support. If TCP byte stream cannot support the protocol (for example,
Kafka sends a redirect address in a protocol-specific reply and this redirect is
incompatible with Anthos Service Mesh's routing logic), then the protocol isn't
supported.
Envoy deployments
Feature |
Supported default |
Supported optional |
Not supported |
Sidecars |
|
|
|
Ingress gateway |
|
|
|
Egress directly out from sidecars |
|
|
|
Egress using egress gateways |
|
|
|
CRD support
Feature |
Supported |
Not supported |
Sidecar resource |
|
|
Service entry resource |
|
|
Percentage, fault injection, path matching, redirects, retries, rewriting,
timeout, retry, mirroring, header manipulation, and CORS routing rules |
|
|
custom Envoy filters |
|
|
Load balancer for the Istio ingress gateway
For installations on GKE, you can enable an internal
load balancer for the Istio ingress gateway. Internal load balancers aren't
supported for Anthos clusters on VMware. For information on configuring
Anthos clusters on VMware, see
Setting up your load balancer for Anthos clusters on VMware.
Feature |
Supported default |
Supported optional |
Not supported |
Public load balancer |
|
|
|
Internal load balancer |
|
|
|
Load balancing policies
Feature |
Supported |
Not supported |
round robin |
|
|
least connections |
|
|
random |
|
|
passthrough |
|
|
Consistent Hash |
|
|
locality-weighted |
|
|
User interface
Feature |
GKE |
Anthos clusters on VMware |
Anthos Service Mesh dashboards in the Cloud Console |
|
|
Cloud Monitoring |
|
|
Cloud Logging |
|
|
Grafana dashboards |
|
Installed, customer-managed |
Kiali |
|
Installed, customer-managed |
As a convenience, the configuration profile for Anthos clusters on VMware
installs an instance of Grafana and Kiali, but Cloud Support can't provide
help managing these these third-party products. See their documentation
for help setting up and managing the dashboards.
Managed components
Currently Anthos Service Mesh certificate authority (Mesh CA) and the Anthos Service Mesh pages in
the Cloud Console aren't available on Anthos clusters on VMware.
Supported environments
Anthos Service Mesh 1.5 is supported with the following GKE and
Anthos clusters on VMware versions. All other environments are unsupported.
GKE
Anthos Service Mesh 1.5 supports the following GKE versions: 1.14,
1.15, and 1.16.
Anthos clusters on VMware
Anthos clusters on VMware version 1.2.0-gke.6 and higher, which is
included in Anthos 1.2.