This topic provides release notes for Alibaba Cloud Service Mesh (ASM).

August 2021

Feature Description Supported region References
Zero-trust security capabilities Zero-trust security capabilities, such as peer authentication, request authentication, Istio authorization policies, and Open Policy Agent (OPA)-based fine-grained permission control, are provided by ASM. You can use these capabilities to strengthen the security of applications. All

None

Optimized ASM gateways ASM gateways are optimized in the following ways:
  • Custom host networks and Domain Name System (DNS) policies are supported.
  • Rolling updates are supported in ASM Professional Edition. The rolling update feature allows you to perform scaling without interrupting the traffic of online business.
  • High availability is supported for ASM gateways.
  • Custom access logs are supported.
All
Optimized ASM console The ASM console is optimized. For example, security policies and virtual services can be created by using a GUI, custom resources can be created by using YAML templates, and the page for configuring automatic sidecar injection is optimized. All Enable automatic sidecar injection by using multiple methods
Optimized ASM observability
  • Kiali for ASM is updated to V1.34.
  • The metrics of Prometheus Service are obtained by Kiali for ASM over the internal network. Before this feature update, the metrics are obtained over the Internet.
  • The logs of an ingress gateway service are collected only by the Logstore that is specified for the ingress gateway service. Logstores that are used to collect the logs of sidecar proxies no longer collect the logs of ingress gateway services.
  • The observability dashboards are optimized. The issue is fixed where dashboards display null values. The dashboards provide you with data such as top 10 provinces or cities with the most access traffic and top visitors by URL or IP address.
All

July 2021

Feature Description Supported region References
Connection to one or more Consul service registries ASM can be connected to one or more Consul service registries. All Connect to Consul
Dynamic update of OPA policies The authorization mechanism of ASM is improved to support the dynamic update of OPA policies. All Dynamically update OPA policies in ASM
Addition of VMs to ASM instances VMs can be added to ASM instances. All

Add an ECS instance to an ASM instance

June 2021

Feature Description Supported region References
Governance of applications deployed on edge Kubernetes clusters in ASM instances Edge Kubernetes clusters that are provided by Container Service for Kubernetes (ACK) can be added to ASM instances. This allows you to manage ASM instances in edge computing scenarios that are powered by 5G networks. After this feature update, ASM provides unified governance for services that are deployed on all types of cloud-native heterogeneous computing infrastructure. All None
Five check items added to the mesh diagnostics feature of ASM The following five check items are added to the mesh diagnostics feature of ASM:
  • Check whether the istio-injection parameter is set to the same value for the namespaces on the data plane and control plane.
  • Check whether a port under 1024 can be used in the pod of a gateway.
  • Check whether the namespace of a destination rule is valid.
  • Check whether the type of the secret of the Transport Layer Security (TLS) certificate that is referenced by a gateway is valid.
  • Check whether the secret of the TLS certificate that is referenced by a gateway exists.
All Diagnose ASM instances

May 2021

Feature Description Supported region References
Canary releases based on routing rules Scope configurations are extended custom resource definitions (CRDs). Professional ASM instances allow you to use scope configurations to implement canary releases for pods by using virtual services or Envoy filters. You can use a scope configuration to configure a canary release in one of the following modes:
  • Selector mode: To use this mode, you must add labels to one or more pods. Then, you can use a scope configuration to apply a rule to route traffic to specific pods based on the specified label information.
  • RollingUpdate mode: In this mode, you can apply a rule to route traffic to pods by batch. Istio separates pods into batches as specified and then applies a rule to route traffic to pods by batch.
You can use scope configurations to control the risks that are brought by changes in routing rules. You can also use scope configurations and Microservice Engine (MSE) to implement canary releases.
All Use a scope configuration to configure a canary release

April 2021

Feature Description Supported region References
GZIP-based data compression

After you enable data compression for the ingress gateway service of an ASM instance, the server compresses the response content for HTTP requests. This reduces response time and traffic.

All Enable data compression for the ingress gateway service of an ASM instance
WebAssembly (Wasm)-based ASM instance extension Wasm allows you to extend the data plane of an ASM instance with new features. You can enable Wasm-based ASM instance extension in the ASM console. All Use ORAS to simplify Wasm-based ASM instance extension

March 2021

Feature Description Supported region References
DNS proxy feature

ASM uses Kubernetes services and defined service entries to configure hostname-to-IP-address mappings for all services that an application may access. When an ASM instance with the DNS proxy feature enabled receives DNS queries from applications, the specified sidecar proxy transparently intercepts the queries and resolves the DNS information in these queries.

The DNS proxy feature improves the performance and availability of ASM instances. You can enable or disable the DNS proxy feature in the ASM console or by using Alibaba Cloud CLI.

All Enable the DNS proxy feature for an ASM instance
Improved Istio Container Network Interface (CNI) plug-in The Istio CNI plug-in is supported for ASM instances whose Istio version is 1.7 or later. This improves the compatibility of Kubernetes network plug-ins with ASM instances and the availability of ASM, and enhances security and stability. All None
Modification of kernel parameters The kernel parameters of ingress gateway services can be modified. This improves the flexibility in optimizing the performance of ingress gateway services. All Modify an ingress gateway service
Read-only configurations By default, the read-only mode is enabled for the configurations of the API servers and Server Load Balancer (SLB) instances that are created in ASM. This prevents accidental operations, such as modification and deletion, on API servers or SLB instances, and improves the availability of ASM. All None
Unified setting of automatic sidecar injection The setting of automatic sidecar injection for the namespaces of the control plane can be automatically unified with that for the namespaces of the data plane. This improves the usability of namespaces. If you add a Kubernetes cluster to an ASM instance, the setting of automatic sidecar injection for the namespace of the ASM instance is automatically unified with that for the namespace of the Kubernetes cluster. You can also manually unify the setting of automatic sidecar injection in the ASM console. All None

February 2021

Feature Description Supported region References
Availability in 12 regions, Istio 1.8.3, Serverless Kubernetes (ASK) clusters, and applications in Elastic Container Instance pods that run on the ACK clusters that are deployed on elastic container instances
  • ASM is updated to support Istio 1.8.3.
  • ASK clusters and applications in Elastic Container Instance pods that run on the ACK clusters that are deployed on elastic container instances are supported.
  • The service-linked role for ASM is supported. This improves the usability and integration capability of ASM.
  • ASM is available in 12 regions.
All
Custom ingress gateway services and better lifecycle management of ingress gateway services
  • A custom ingress gateway service can be created by using a CRD.
  • TLS pass-through and Secret Discovery Service (SDS) are supported to improve the security of Istio gateways.
All Define a custom ingress gateway service
Connection to multiple service registries
  • The connection to the Nacos service registry is supported. This allows you to migrate microservices in the Nacos service registry to ASM.
  • The connection to the Consul service registry is supported. This allows you to migrate microservices in the Consul service registry to ASM.
All

Connect to Consul

Simplified Wasm-based ASM instance extension OCI Registry as Storage (ORAS) and Wasm are supported. You can use ORAS to simplify Wasm-based ASM instance extension. All Use ORAS to simplify Wasm-based ASM instance extension

January 2021

Feature Description Supported region References
Availability in the China (Chengdu) region and the US (Virginia) region ASM is available in the China (Chengdu) region on the China site (aliyun.com) and the US (Virginia) region on the international site (alibabacloud.com). All None
Access log collection, Prometheus monitoring, and Kiali for ASM In this version, ASM allows you to enable access log collection, Prometheus monitoring, and Kiali for ASM with a few simple steps. This improves the observability of ASM. All
HTTP/1.0 HTTP/1.0 is supported. By default, Envoy requires that upstream services use HTTP/1.1 or HTTP/2.0. In this version, ASM allows you to enable HTTP/1.0 with a few simple steps. The support for HTTP/1.0 ensures compatibility with legacy systems that use HTTP/1.0. All None
Improved definition of ingress gateway services and optimized configuration and version updates
  • The definition of ingress gateway services is improved. The nodeSelector configuration is supported. The definition of SLB configurations for ingress gateway services by using annotations is standardized.
  • The configuration update of ASM instances and the version update are optimized to reduce waiting duration and improve user experience.
  • The verification feature of Envoy filters is enhanced.
All None

November 2020

Feature Description Supported region References
Istio 1.7.5 Istio 1.7.5 is supported and is available for the international site (alibabacloud.com). All None
Istio CNI plug-in The Istio CNI plug-in is supported for ASM instances whose Istio version is 1.7 or later. The Istio CNI plug-in replaces the istio-init container without requiring you to enable elevated privileges. This improves security. All None
Kiali for ASM Kiali for ASM is supported. This tool provides a web-based GUI that allows you to observe the status of ASM instances. All None
Hot update of data planes (Beta) The hot update of data planes is supported for ASM instances. You can update the data plane of an ASM instance without interrupting services or affecting applications. All Upgrade the data plane of an ASM instance without service interruption (Beta)

October 2020

Feature Description Supported region References
Multiple methods of enabling automatic sidecar injection The following methods are supported for enabling automatic sidecar injection:
Note The Istio version of ASM instances must be 1.6.8.19 or later.
  • Enable automatic sidecar injection for all namespaces.
  • Use pod annotations to enable automatic sidecar injection.
  • Enable or disable automatic sidecar injection by setting the alwaysInjectSelector or neverInjectSelector parameter in specific scenarios.
All Enable automatic sidecar injection by using multiple methods
Kubernetes 1.18 Kubernetes 1.18 is supported on the data planes of ASM instances. This feature is applicable to all supported versions of ACK clusters.
Note The Istio version of ASM instances must be 1.6.8.19 or later.
All None

September 2020

Feature Description Supported region References
Istio 1.6.8 Istio 1.6.8 is supported. In addition to Dedicated Kubernetes clusters, Managed Kubernetes clusters, registered external clusters, elastic container instances, and Elastic Compute Service (ECS) instances, ASM supports ASK clusters and ACK clusters that are deployed on elastic container instances. All None
Enhanced Telemetry V2 Mixerless Telemetry V2 Mixerless is enhanced to collect telemetry data without the need to use Mixer. ASM automatically adjusts the traffic to the workloads based on the collected telemetry data. All Implement auto scaling for workloads by using ASM metrics
Mesh diagnostics Mesh diagnostics is supported. You can diagnose ASM instances based on the following items: the versions of data planes, service ports, applications in ASM instances, labels of applications and versions, destination addresses, and virtual service conflicts. This helps you use and manage your ASM instances. All Diagnose ASM instances

August 2020

Feature Description Supported region References
Cluster domain You can specify a cluster domain when you create an ASM instance. The default cluster domain is cluster.local. After you specify a cluster domain for an ASM instance, you can add clusters that belong to the cluster domain to the ASM instance. All None
Non-containerized applications on VMs Non-containerized applications on VMs can be added to ASM instances. This way, you can throttle traffic for non-containerized and containerized applications at the same time. All Use ASM to manage non-containerized applications
Serverless Kubernetes clusters on elastic container instances Serverless Kubernetes clusters that are deployed on elastic container instances are supported. You can use ASM to throttle traffic for the workloads of elastic container instances in a centralized manner. All None

July 2020

Feature Description Supported region References
Commercial version The commercial version of ASM is released. ASM is a fully managed platform for service meshes. ASM is compatible with the open source Istio service mesh of the Istio community. You can use ASM to manage services in a simplified manner. For example, you can use ASM to route and split inter-service traffic, secure inter-service communication based on authentication, and observe the behavior of services in meshes. ASM helps reduce your development and O&M costs. ASM builds the managed and unified service mesh capabilities in core scenarios, such as hybrid cloud, multi-cloud, multi-cluster, and non-containerized application migration. ASM provides you with the following benefits:
  • Centralized management mode
  • Centralized traffic throttling
  • Managed core components of control planes

    ASM is a free service. When you use ASM, you need to pay only for associated services, such as ACK, SLB, and Log Service.

China (Beijing), China (Hangzhou), China (Zhangjiakou), China (Shanghai), China (Shenzhen), Indonesia (Jakarta), and Germany (Frankfurt) None
Tracing Tracing Analysis and custom tracing systems are supported. You can export tracing data from ASM to Tracing Analysis and custom tracing systems that are compatible with Zipkin for analysis. All Export tracing data from ASM to a user-created system
Registered external clusters Registered external clusters are supported. You can use ASM to manage applications in external Kubernetes clusters that are registered in the ACK console. All Use ASM to manage applications in registered external Kubernetes clusters