Document Center

All Products

Document Center

Alibaba Cloud Service Mesh:Release notes

Last Updated:May 25, 2023

This topic provides release notes for Alibaba Cloud Service Mesh (ASM) and provides links to relevant references.

April 2023


Feature	Description	Region	Supported Istio version	Edition	References
Support for Istio 1.16.x versions	Open source Istio 1.16 series are supported.	All	1.16 and later	All	N/A
Simplified management of sidecar proxy injection	The management of injection policies and sidecar injector settings is simplified.	All	1.16 and later	All	Enable automatic sidecar proxy injection
Support for the Google Remote Procedure Call (gRPC)-JSON transcoder plug-in	You can access gRPC services by using RESTful APIs or HTTP/JSON requests. This simplifies the integration of gRPC services so that you can use gRPC services easily.	All	1.16 and later	Enterprise and Ultimate	Use an ingress gateway to enable access to a gRPC service in an ASM instance over HTTP
Logon to Mesh Topology as a RAM user	Single Sign On (SSO) is implemented for the Mesh Topology console. You can log on to ASM Mesh Topology as a RAM user.	All	1.16 and later	Enterprise and Ultimate	Log on to ASM Mesh Topology with an Alibaba Cloud account or as a RAM user

March 2023


Feature	Description	Region	Supported Istio version	Edition	References
Connection of an ingress gateway to a Web Application Firewall (WAF) instance	An ingress gateway can be connected to a WAF instance to protect services against attacks. You can customize the fields of access logs to view the headers that are added by the WAF instance to back-to-origin requests. This facilitates online O&M.	All	All	Enterprise and Ultimate	Connect an ingress gateway to a WAF instance
Configuration of Ingress resources	You can use Ingress resources in a cluster on the data plane and specify an ASM gateway as the Ingress controller to expose services in the cluster.	All	1.16 and later	Enterprise and Ultimate	Use an ASM gateway as an Ingress controller to expose services in a cluster
Management of Knative Services	ASM integrates the capabilities of the Knative Serving component that is deployed in a Container Service for Kubernetes (ACK) cluster or a serverless Kubernetes (ASK) cluster. This helps you manage serverless workloads.	All	1.16 and later	Enterprise and Ultimate	Use ASM to manage Knative Services
Logon to Mesh Topology by using OpenID Connect (OIDC)	You can connect to an identity provider (IdP) over the OIDC protocol to log on to Mesh Topology, and configure SSO to Mesh Topology in the ASM console.	All	1.15.3.120 and later	Enterprise and Ultimate	Enable Mesh Topology to observe an ASM instance in the ASM console
Overcommitment mode for sidecar proxies	You can enable the dynamic resource overcommitment feature and configure resources that can be dynamically overcommitted in a sidecar proxy.	All	1.16 and later	Enterprise and Ultimate	Configure ACK resources that can be dynamically overcommitted in a sidecar proxy
Configuration of egress traffic policies	An egress traffic policy defines how an egress gateway manages egress traffic. By using a combination of sidecar proxies and authorization policies, you can control egress traffic in a comprehensive manner.	All	1.16 and later	Enterprise and Ultimate	CRD fields in an egress traffic policy Use an egress traffic policy to manage egress traffic
Configuration of a global default HTTP request retry policy	ASM allows you to configure a global default HTTP request retry policy that can define the number of retries, retry timeout period, and retry conditions.	All	1.15 and later	All	N/A

February 2023


Feature	Description	Region	Supported Istio version	Edition	References
Support for Istio 1.15.3.105 version	Open source Istio 1.15 series and Kubernetes 1.21 to 1.25 versions are supported.	All	v1.15.3.105	All	N/A
Enhanced observability	Telemetry custom resource definitions (CRDs) are provided to define and manage logging, monitoring, and tracing analysis features. The user interface is updated to make the configuration of monitoring metrics easier and more efficient. The scope of metrics that must be displayed in the mesh topology is optimized. Mesh-wide and namespace-specific configurations are supported.	All	All	All	Customize metrics in ASM
Optimized performance of the mesh topology	The speed of loading the mesh topology is significantly increased for clusters each with more than 150 pods. Health checks for workloads are optional. If you disable this feature, the speed of loading the mesh topology is improved.	All	1.14 and later	All	Enable Mesh Topology to observe an ASM instance in the ASM console
Enhanced traffic management in the multi-cluster environment	Traffic management is enhanced in the multi-cluster environment. When you deploy a service across multiple clusters, this feature ensures that traffic is only routed to workloads in the specified cluster.	All	1.15.3.101 and later	All	Keep traffic in-cluster
More flexible sidecar proxy configuration	Parameters such as Istio-Proxy Concurrency and Monitoring Statistics are provided for you to configure global-level sidecar proxies. Previously, these parameters were available only when you configured namespace-level or workload-level sidecar proxies. The environment variables of sidecar proxies can be configured.	All	1.15.3.101 and later	All	Configure sidecar proxies
Custom ASM gateway configurations to enhance observability	Gateway configuration is allowed for a specific cluster in the multi-cluster environment. More flexibility is provided for metric customization. A dashboard is added to display key metrics of the gateway pod in real time.	All	All	Enterprise and Ultimate	Configure a unified ingress gateway for multiple clusters

January 2023


Feature	Description	Region	Supported Istio version	Edition	References
Topology query in any time range within 90 days	The topology in any time range within 90 days can be queried by using the Mesh Topology tool.	All	1.14 and later	All	Enable Mesh Topology to observe an ASM instance in the ASM console
New environment variable for the configuration of sidecar proxies on the data plane	A new environment variable is added to the configuration of sidecar proxies. You can configure the environment variable to load the bootstrap configuration before sidecar proxies are started.	All	1.15.3.63 and later	All	Configure sidecar proxies
Enhanced security capabilities of ingress gateways	OIDC-based SSO and JSON Web Token (JWT)-based authentication can be configured by using ASM ingress gateways in a few steps.	All	1.15.3.25 and later	Enterprise and Ultimate	Configure OIDC-based SSO by using an ingress gateway Configure JWT authentication by using an ingress gateway

Historical release notes

For more information about release notes before 2023, see Historical release notes (before 2023).

How helpful was this page?

$!csrfToken.hiddenField

What might be the problems?

More suggestions?