This topic provides release notes for Alibaba Cloud Service Mesh (ASM).
|Zero-trust security capabilities||Zero-trust security capabilities, such as peer authentication, request authentication, Istio authorization policies, and Open Policy Agent (OPA)-based fine-grained permission control, are provided by ASM. You can use these capabilities to strengthen the security of applications.||All||
|Optimized ASM gateways||ASM gateways are optimized in the following ways:
|Optimized ASM console||The ASM console is optimized. For example, security policies and virtual services can be created by using a GUI, custom resources can be created by using YAML templates, and the page for configuring automatic sidecar injection is optimized.||All||Enable automatic sidecar injection by using multiple methods|
|Optimized ASM observability||
|Connection to one or more Consul service registries||ASM can be connected to one or more Consul service registries.||All||Connect to Consul|
|Dynamic update of OPA policies||The authorization mechanism of ASM is improved to support the dynamic update of OPA policies.||All||Dynamically update OPA policies in ASM|
|Addition of VMs to ASM instances||VMs can be added to ASM instances.||All|
|Governance of applications deployed on edge Kubernetes clusters in ASM instances||Edge Kubernetes clusters that are provided by Container Service for Kubernetes (ACK) can be added to ASM instances. This allows you to manage ASM instances in edge computing scenarios that are powered by 5G networks. After this feature update, ASM provides unified governance for services that are deployed on all types of cloud-native heterogeneous computing infrastructure.||All||None|
|Five check items added to the mesh diagnostics feature of ASM||The following five check items are added to the mesh diagnostics feature of ASM:
||All||Diagnose ASM instances|
|Canary releases based on routing rules||Scope configurations are extended custom resource definitions (CRDs). Professional
ASM instances allow you to use scope configurations to implement canary releases for
pods by using virtual services or Envoy filters. You can use a scope configuration
to configure a canary release in one of the following modes:
||All||Use a scope configuration to configure a canary release|
|GZIP-based data compression||
After you enable data compression for the ingress gateway service of an ASM instance, the server compresses the response content for HTTP requests. This reduces response time and traffic.
|All||Enable data compression for the ingress gateway service of an ASM instance|
|WebAssembly (Wasm)-based ASM instance extension||Wasm allows you to extend the data plane of an ASM instance with new features. You can enable Wasm-based ASM instance extension in the ASM console.||All||Use ORAS to simplify Wasm-based ASM instance extension|
|DNS proxy feature||
ASM uses Kubernetes services and defined service entries to configure hostname-to-IP-address mappings for all services that an application may access. When an ASM instance with the DNS proxy feature enabled receives DNS queries from applications, the specified sidecar proxy transparently intercepts the queries and resolves the DNS information in these queries.
The DNS proxy feature improves the performance and availability of ASM instances. You can enable or disable the DNS proxy feature in the ASM console or by using Alibaba Cloud CLI.
|All||Enable the DNS proxy feature for an ASM instance|
|Improved Istio Container Network Interface (CNI) plug-in||The Istio CNI plug-in is supported for ASM instances whose Istio version is 1.7 or later. This improves the compatibility of Kubernetes network plug-ins with ASM instances and the availability of ASM, and enhances security and stability.||All||None|
|Modification of kernel parameters||The kernel parameters of ingress gateway services can be modified. This improves the flexibility in optimizing the performance of ingress gateway services.||All||Modify an ingress gateway service|
|Read-only configurations||By default, the read-only mode is enabled for the configurations of the API servers and Server Load Balancer (SLB) instances that are created in ASM. This prevents accidental operations, such as modification and deletion, on API servers or SLB instances, and improves the availability of ASM.||All||None|
|Unified setting of automatic sidecar injection||The setting of automatic sidecar injection for the namespaces of the control plane can be automatically unified with that for the namespaces of the data plane. This improves the usability of namespaces. If you add a Kubernetes cluster to an ASM instance, the setting of automatic sidecar injection for the namespace of the ASM instance is automatically unified with that for the namespace of the Kubernetes cluster. You can also manually unify the setting of automatic sidecar injection in the ASM console.||All||None|
|Availability in 12 regions, Istio 1.8.3, Serverless Kubernetes (ASK) clusters, and applications in Elastic Container Instance pods that run on the ACK clusters that are deployed on elastic container instances||
|Custom ingress gateway services and better lifecycle management of ingress gateway services||
||All||Define a custom ingress gateway service|
|Connection to multiple service registries||
|Simplified Wasm-based ASM instance extension||OCI Registry as Storage (ORAS) and Wasm are supported. You can use ORAS to simplify Wasm-based ASM instance extension.||All||Use ORAS to simplify Wasm-based ASM instance extension|
|Availability in the China (Chengdu) region and the US (Virginia) region||ASM is available in the China (Chengdu) region on the China site (aliyun.com) and the US (Virginia) region on the international site (alibabacloud.com).||All||None|
|Access log collection, Prometheus monitoring, and Kiali for ASM||In this version, ASM allows you to enable access log collection, Prometheus monitoring, and Kiali for ASM with a few simple steps. This improves the observability of ASM.||All|
|HTTP/1.0||HTTP/1.0 is supported. By default, Envoy requires that upstream services use HTTP/1.1 or HTTP/2.0. In this version, ASM allows you to enable HTTP/1.0 with a few simple steps. The support for HTTP/1.0 ensures compatibility with legacy systems that use HTTP/1.0.||All||None|
|Improved definition of ingress gateway services and optimized configuration and version updates||
|Istio 1.7.5||Istio 1.7.5 is supported and is available for the international site (alibabacloud.com).||All||None|
|Istio CNI plug-in||The Istio CNI plug-in is supported for ASM instances whose Istio version is 1.7 or later. The Istio CNI plug-in replaces the istio-init container without requiring you to enable elevated privileges. This improves security.||All||None|
|Kiali for ASM||Kiali for ASM is supported. This tool provides a web-based GUI that allows you to observe the status of ASM instances.||All||None|
|Hot update of data planes (Beta)||The hot update of data planes is supported for ASM instances. You can update the data plane of an ASM instance without interrupting services or affecting applications.||All||Upgrade the data plane of an ASM instance without service interruption (Beta)|
|Multiple methods of enabling automatic sidecar injection||The following methods are supported for enabling automatic sidecar injection:
Note The Istio version of ASM instances must be 22.214.171.124 or later.
|All||Enable automatic sidecar injection by using multiple methods|
|Kubernetes 1.18||Kubernetes 1.18 is supported on the data planes of ASM instances. This feature is
applicable to all supported versions of ACK clusters.
Note The Istio version of ASM instances must be 126.96.36.199 or later.
|Istio 1.6.8||Istio 1.6.8 is supported. In addition to Dedicated Kubernetes clusters, Managed Kubernetes clusters, registered external clusters, elastic container instances, and Elastic Compute Service (ECS) instances, ASM supports ASK clusters and ACK clusters that are deployed on elastic container instances.||All||None|
|Enhanced Telemetry V2 Mixerless||Telemetry V2 Mixerless is enhanced to collect telemetry data without the need to use Mixer. ASM automatically adjusts the traffic to the workloads based on the collected telemetry data.||All||Implement auto scaling for workloads by using ASM metrics|
|Mesh diagnostics||Mesh diagnostics is supported. You can diagnose ASM instances based on the following items: the versions of data planes, service ports, applications in ASM instances, labels of applications and versions, destination addresses, and virtual service conflicts. This helps you use and manage your ASM instances.||All||Diagnose ASM instances|
|Cluster domain||You can specify a cluster domain when you create an ASM instance. The default cluster domain is cluster.local. After you specify a cluster domain for an ASM instance, you can add clusters that belong to the cluster domain to the ASM instance.||All||None|
|Non-containerized applications on VMs||Non-containerized applications on VMs can be added to ASM instances. This way, you can throttle traffic for non-containerized and containerized applications at the same time.||All||Use ASM to manage non-containerized applications|
|Serverless Kubernetes clusters on elastic container instances||Serverless Kubernetes clusters that are deployed on elastic container instances are supported. You can use ASM to throttle traffic for the workloads of elastic container instances in a centralized manner.||All||None|
|Commercial version||The commercial version of ASM is released. ASM is a fully managed platform for service
meshes. ASM is compatible with the open source Istio service mesh of the Istio community.
You can use ASM to manage services in a simplified manner. For example, you can use
ASM to route and split inter-service traffic, secure inter-service communication based
on authentication, and observe the behavior of services in meshes. ASM helps reduce
your development and O&M costs. ASM builds the managed and unified service mesh capabilities
in core scenarios, such as hybrid cloud, multi-cloud, multi-cluster, and non-containerized
application migration. ASM provides you with the following benefits:
||China (Beijing), China (Hangzhou), China (Zhangjiakou), China (Shanghai), China (Shenzhen), Indonesia (Jakarta), and Germany (Frankfurt)||None|
|Tracing||Tracing Analysis and custom tracing systems are supported. You can export tracing data from ASM to Tracing Analysis and custom tracing systems that are compatible with Zipkin for analysis.||All||Export tracing data from ASM to a user-created system|
|Registered external clusters||Registered external clusters are supported. You can use ASM to manage applications in external Kubernetes clusters that are registered in the ACK console.||All||Use ASM to manage applications in registered external Kubernetes clusters|