This topic lists the release notes for Service Mesh (ASM).
January–February 2025
Feature | Description | Regions | Versions | Editions | References |
Support for version 1.28 | Adds support for Istio version 1.28.
| All | 1.28 | All | |
Enhanced pre-upgrade checks | Before an upgrade, Mesh diagnostics runs to detect configuration issues in the Service Mesh. These issues do not block the upgrade, but we recommend fixing them to prevent unexpected behavior afterward. | All | 1.25 and later | All | |
Mesh diagnostics enhancement | Adds a new diagnostic check for an excessive number of pods in the Data Plane. | All | 1.25 and later | All | |
Feature updates |
| All | 1.24 and later | All |
November–December 2024
Feature | Description | Regions | Versions | Editions | References |
Support for version 1.27 | Adds support for Istio version 1.27.
| All | 1.27 | All | |
Enhanced access to Istio resources via the data plane KubeAPI | You can use the Terraform Kubernetes Provider in Container Service for Kubernetes (ACK) clusters to manage Service Mesh (ASM) resources. | All | 1.26 and later | All | Access Istio resources through the KubeAPI of a data plane cluster |
Mesh diagnostics enhancement | Adds conflict detection for the | All | 1.27 and later | All |
October 2025
Feature | Description | Region | Version | Editions | References |
Support for version 1.26 |
| All | N/A | All | |
Enhanced graceful shutdown for Service Mesh (ASM) gateways | Supports a longer drain duration and improves support for HTTP and gRPC protocols. | All | 1.26 and later | Enterprise Edition and Ultimate Edition | |
Support for managing Service Mesh (ASM) through the ACK component center | Create and add Service Mesh (ASM) instances from the ACK component center. | All | N/A | All |
August–September 2025
Feature | Description | Regions | Applicable versions | Applicable editions | References |
Enhanced data plane KubeAPI access | Adds support for | All | 1.25.6.101 and later | All | Access Istio resources through the KubeAPI of a data plane cluster |
New diagnostic checks for Mesh Diagnostics | Adds the following diagnostic checks:
| All | 1.25.6.101 and later | All | |
Graceful shutdown for waypoints in Ambient mode | Lets you customize the | All | 1.25.6.101 and later | All | |
ASM Gateway defaults to NLB | Network Load Balancer (NLB) is a high-performance Layer 4 load balancing service with automatic elasticity, designed for high-concurrency scenarios involving a large number of connections. | All | 1.18 and later | Enterprise and Ultimate editions |
June–July 2024
Feature | Description | Publishing region | Version | Edition | References |
Support for Version 1.25 | Supports Istio 1.25. Ambient Sidecarless Mode is now in General Availability (GA):
| All | N/A | All | |
Mesh Diagnostics 2.0 | Adds more than 30 new diagnostic rules and supports diagnostics for Ambient Sidecarless Mode. Diagnostic results are now standardized and more specific. This feature is compatible with the upstream community. | All | 1.25 and later | All | N/A |
Support for Certificate Management | You can now deploy certificates from the Certificate Management Service console directly to a Data Plane Cluster for use by an ASM Gateway. | All | 1.25 and later | All | Use SSL certificates from Certificate Management Service in an ASM gateway |
Enhanced Circuit Breaking and Throttling | Improves semantic consistency. You can now reference resource objects, such as VirtualService and Kubernetes Service, in throttling configurations. | All | 1.25 and later | All | |
GUI Operations for the Traffic Scheduling Suite | You can now enable and configure the Traffic Scheduling Suite through the GUI, which reduces complexity and improves the user experience. | All | All | All | Use the ASM traffic scheduling suite for traffic control in distributed systems |
April–May 2025
Feature | Description | Regions | Applicable versions | Applicable editions | References |
Proportional Sidecar Resource Allocation | You can now set a ratio to allocate Resources to a Sidecar Container in proportion to the Resources of its corresponding Application Container. | All | 1.24 and later | All | |
Local development and testing with KtConnect and Service Mesh | KtConnect is a local development tool for Kubernetes. Its deployed proxy is compatible with the core traffic management capabilities of Service Mesh (ASM). This integration helps you debug local Applications more efficiently and accelerate your development and testing workflow. | All | All | All | Local development and testing with KtConnect and Service Mesh |
Custom status codes for local Rate Limiting | You can now configure custom HTTP status codes for responses when a local Rate Limit is triggered. | All | 1.24.6.64 and later | All | |
Distributed Tracing at the Namespace and Workload levels | Starting with version 1.24.6.83, you can use the Kubernetes API to configure Distributed Tracing at the Namespace and Workload levels by modifying Telemetry Resources. | All | 1.24.6.83 and later | All | |
Support for trusted CIDR blocks in X-Forwarded-For headers | You can now configure trusted CIDR blocks in addition to the number of trusted proxies. This gives Gateways more flexibility to determine a request's true Source IP. | All | 1.24 and later | All | Configure the X-Forwarded-For header to allow ASM Gateways to obtain client Source IPs |
March 2025
Feature | Description | Regions | Applicable versions | Applicable editions | References |
Forced sidecar injection policy | Enable the forced ASM sidecar injection policy in ACK Policy Management to secure east-west traffic within your Cluster. | All | 1.24 and later | All | |
ASMCircuitBreaker enhancements | ASMCircuitBreaker now supports configuring Circuit Breaking rules for Gateway errors. | All | 1.24.6.54 and later | All | |
LLMRoute CRD for AI traffic routing | The | All | 1.21 and later | All | |
Manage Service Mesh resources using the Go SDK | Use the Go SDK to programmatically manage resources in Service Mesh. | All | 1.24 and later | All | |
Configure Grafana Dashboards and Alert Rules for Circuit Breaking and Throttling | Learn best practices for configuring Grafana Dashboards and Alert Rules for Circuit Breaking and Throttling. | All | All | All | Configure Grafana Dashboards and Alert Rules for Circuit Breaking and Throttling |
February 2025
Feature | Description | Regions | Versions | Editions | References |
CNI compatibility with debian_12_7_x64_20G_alibase_20241031.vhd | Service Mesh (ASM) CNI now supports Debian nodes. | All | 1.24 and later | All | None |
Configure mesh instances using the ASMMeshConfig CRD | ASMMeshConfig is a Custom Resource provided by Service Mesh (ASM) to globally configure core service mesh parameters. This CRD centrally manages mesh-level settings, such as connection timeouts, protocol detection, path normalization, and retry policies. It also supports Resource Quotas and behavioral controls for the Sidecar Injector. | All | 1.24 and later | All | |
Message queue adaptation for loose Traffic Lanes | In loose Traffic Lane scenarios, if you want message queues to preserve and carry lane tags, you must adapt your application. Service Mesh (ASM) provides a standard adaptation solution. | All | 1.21 and later | All | |
ASMEgressTrafficPolicy support for external TCP services | ASMEgressTrafficPolicy now supports external TCP services. You can use ASMEgressTrafficPolicy to easily configure egress traffic for protocols such as HTTP, HTTPS, and TCP. This update also introduces automatic Egress Gateway port allocation, reducing maintenance effort. | All | 1.24 and later | All | |
ASMExtensionProvider CRD documentation | ASMExtensionProvider is a Component that extends and configures mesh features. It supports the flexible integration and custom configuration of key features, such as Distributed Tracing and Access Logs. | All | 1.23 and later | All |
January 2025
Feature | Description | Regions | Version | Specification | References |
Support for Version 1.24 | Supports Istio 1.24. | All | N/A | All | |
Enhanced Load Balancing and Traffic Management for in-cluster LLM services | Traditional
| All | 1.24 or later | All | |
In-place Migration from Istio |
This | All | 1.24 or later | All |
December 2024
Feature | Description | Regions | Versions | Editions | References |
Istio 1.23 support | Supports Istio 1.23. | All | 1.23 or later | All | |
Use Envoy External Processing for custom request handling | Envoy External Processing is an extension that uses an external service to enhance HTTP request and response handling. This eliminates the need to write Wasm plugins or other processing scripts, offering a more flexible and scalable solution. | All | 1.23 or later | All | |
Token-based throttling for LLM requests | Throttling LLM requests differs from throttling standard HTTP requests. Because the number of tokens per LLM request varies, the count must be dynamically obtained from the response. ASM provides default LLM request throttling based on the Token Bucket Algorithm and allows you to customize the algorithm. | All | 1.23 or later | All | |
Exclude Pods with specified labels from the Service Discovery Scope | If a Pod is outside the Service Discovery Scope, the Control Plane will not discover it, and Sidecar Proxies will not send any requests to it. You can configure a Label Selector to exclude Pods with specific labels from the Service Discovery Scope. This allows you to quickly shift traffic away from a Pod for rapid failover. | All | 1.20 or later | All | Configure a service discovery scope to improve the efficiency of mesh configuration pushes |
Support for new fields in ASMGrpcJsonTranscoder | The ASMGrpcJsonTranscoder CRD is used for JSON/HTTP-to-gRPC protocol transcoding. In version 1.22 and later, ASMGrpcJsonTranscoder supports new fields for advanced scenarios such as converting gRPC errors to the response body and ignoring specific request query parameters. | All | 1.22 or later | All | |
LLM traffic management | Service Mesh (ASM) now supports the specialized HTTP protocols used by major Large Language Model (LLM) providers. This feature simplifies integration and enables advanced Traffic Routing and Observability for LLM traffic. | Alibaba Cloud International Website | 1.21 or later | All |
November 2024
Feature | Description | Regions | Applicable versions | Product specifications | References |
Implement user identity-based canary testing with traffic lanes and hash tagging | In a production environment, you may want to use traffic lanes to isolate stable and canary release versions and route traffic to different lanes based on user identity. Specifically, you might want to route a specific group of users to the canary release version for testing, while routing a certain percentage of requests from other users to the canary release version randomly based on weight. | All | 1.18 or later | All | Implement user identity-based canary testing with traffic lanes and hash tagging |
ASM supports namespace-level RBAC authorization | RAM users and RAM roles require RBAC authorization to operate on custom resources within ASM. You can use this authorization to control their specific Permissions. | All | All | All |
October 2024
Feature | Description | Regions | Applicable versions | Applicable editions | References |
Multi-primary control plane mode | Service Mesh (ASM) supports a multi-primary control plane mode. In this architecture, multiple ASM instances manage multiple Kubernetes clusters. This mode provides significant advantages over a single-instance setup, such as better configuration isolation and lower configuration push latency. It is ideal for implementing multi-cluster disaster recovery for peer-deployed services. | All | 1.22 and later | All | Implementing Multi-Cluster Disaster Recovery with the ASM Multi-Primary Control Plane Architecture |
Native Sidecar proxy | Starting with version 1.28, Kubernetes introduced native Sidecar containers, which resolve known issues with the container lifecycle relative to the Pod lifecycle. Service Mesh (ASM) 1.22 and later supports this feature and adaptively enables the native Sidecar mode to inject the mesh proxy into a Pod. | All | 1.22 and later | All | |
Metric Collection for the Traffic Scheduling Suite | You can collect monitoring metrics for the ASM request scheduling agent by integrating with Alibaba Cloud Managed Service for Prometheus or a self-managed Prometheus instance. This allows you to monitor how different policies in the traffic scheduling suite control and schedule traffic. | All | 1.21 and later | All | Controlling Traffic in Distributed Systems with the ASM Traffic Scheduling Suite |
Metric Extension with WASM Plugins | In addition to its built-in metrics, Service Mesh (ASM) provides a powerful extension mechanism. You can use WASM plugins to write custom logic based on request or response data. This allows you to add processed results as new dimensions to your monitoring metrics, providing deeper visibility into your application's behavior. | All | 1.18 and later | All | Extending ASM Monitoring Metric Dimensions with a WASM Plugin |
Periodic Cleanup of Monitoring Metrics | Service Mesh (ASM) generates metrics such as traffic volume, error rates, and request latency for all service traffic, allowing you to monitor service behavior. Over time, accumulating this data increases resource consumption for both the Envoy proxies and Prometheus. To address this, ASM now offers periodic metric cleanup. This feature automatically removes unused metrics cached in Envoy, reducing memory usage and lowering the network load from Prometheus scrapes. | All | 1.18 and later | All |
September 2024
Feature | Description | Regions | Versions | Editions | References |
Deploy and manage Service Mesh (ASM) on CloudBox | Create a | All | All | All | |
Manage Kubernetes clusters imported via Kubeconfig |
| All | 1.22 or later | All | |
Best Practices: End-to-end security | A standard TLS connection only requires the | All | 1.22 or later | All | |
Best Practices: Custom error pages | An | All | All | All | |
ASMSwimlane/ASMSwimlaneGroup CRD enhancements | You can now apply custom destination | All | 1.22 or later | All | |
Support for remote control plane mode | Use the | All | 1.22 or later | All | |
Develop Wasm plugins using Rust |
| All | 1.18 or later | All |
August 2024
Feature | Description | Regions | Applicable versions | Supported editions | References |
Support for Istio 1.22 | This release adds support for Istio 1.22, which includes the following key updates:
| All | 1.22 or later | All | N/A |
New ACMG mode | The Alibaba Centralized Mesh Gateway (ACMG) mode is a solution designed for large-scale network architectures. It improves network scalability, flexibility, and management efficiency. | All | 1.22 or later | All | |
Egress Traffic Security | You can use ASMEgressTrafficPolicy and an Egress Gateway to secure egress traffic from the mesh to external destinations. | All | 1.20 or later | All | |
Enhanced multi-cluster capabilities | This release enhances East-West Gateway capabilities. Cross-cluster calls through an East-West Gateway now support full Layer 7 Load Balancing, Authorization Policy, and CIDR conflict shielding. For multi-cluster scenarios without underlying network connectivity, a Service Mesh (ASM) East-West Gateway provides an experience equivalent to a fully connected network. | All | 1.22 or later | Enterprise Edition, Ultimate Edition | |
Integration with ARMS for extended metrics | Service Mesh (ASM) provides Monitoring Metrics for the Data Plane. When enabled, gateways and sidecar proxies generate operational metrics that are collected in Alibaba Cloud Managed Service for Prometheus. | All | 1.17.2.35 or later | All | |
Best practices: Integrate a custom authorization service | You can now integrate with custom authorization services that use the HTTP and gRPC protocols. | All | 1.20 or later | All | |
Monitoring Metrics and Alerting for Rate Limiting and Circuit Breaking | You can now collect Monitoring Metrics for Rate Limiting and Circuit Breaking in Alibaba Cloud Managed Service for Prometheus. This includes metrics for local and global Rate Limiting, as well as service-level, host-level, and Connection Pool Circuit Breaking. You can also configure Alerting based on these metrics to be notified of Rate Limiting or Circuit Breaking events. | All | All | All |
July 2024
Feature | Description | Regions | Versions | Editions | Documentation |
ASM Gateway support for HTTP/3 and QUIC protocols | The ASM Gateway now supports the HTTP/3 protocol. Compared to HTTP/2, HTTP/3 provides lower handshake latency, a new multiplexing mechanism, connection migration, and enhanced security. HTTP/3 is based on the UDP protocol, which allows you to enable TCP and UDP listeners on the same port without affecting existing HTTP/1.1 or HTTP/2 traffic. | All | 1.16 or later | All | |
Maximum downstream connection limit for sidecar proxies | You can now limit the maximum number of downstream connections a mesh proxy accepts. This helps prevent malicious attacks by controlling connection volume. | All | 1.21 or later | All | |
Support for path normalization policies | You can now configure a path normalization policy for HTTP requests on the mesh proxy. This ensures that HTTP request paths within the Service Mesh are standardized, reducing security risks. | All | 1.21 or later | All | |
New policies for the ASM traffic scheduling suite | The ASM traffic scheduling suite now supports four new policies:
| All | 1.21 or later | All | Use the ASM traffic scheduling suite for traffic control in distributed systems |
ASM Lab | ASM Lab lets you set up a complete environment for a specific scenario with a single click. This includes workloads and all required declarative API (CR) resources. Each scenario in ASM Lab showcases a specific feature by automatically deploying the required resources and offering varying levels of control. This one-click setup helps you quickly explore the powerful features of Service Mesh (ASM). | All | 1.21 or later | All |
June 2024
Feature | Description | Regions | Applicable versions | Applicable specifications | References |
Service mesh network packet capture | This feature lets you create a | All | 1.21 or later | All | Use network packet capture tasks to diagnose traffic in the mesh |
ASM traffic scheduling suite | Built on | All | 1.21 or later | All | Use the ASM traffic scheduling suite for traffic control in distributed systems |
EWMA load balancing | The EWMA | All | 1.21 or later | All | Use Exponentially Weighted Moving Average (EWMA) for workload latency-based load balancing |
Enhanced Knative integration | Knative on ASM is updated to version 1.12.4. This release streamlines integration with | All | 1.21 or later | All | |
Improved Terraform support |
| All | 1.21 or later | All |
May 2024
Feature | Description | Regions | Applicable versions | Applicable editions | References |
Support for Istio 1.21 | This release adds support for Istio 1.21, which is now generally available. This version includes the latest community features:
Important In version 1.21, the ability to load a bootstrap configuration for a Sidecar Proxy before startup is deprecated. For more information, see Configure a sidecar proxy. | All | 1.21 or later | All | |
|
| All | 1.21 or later | All | |
Enhanced multi-cluster capabilities | This release introduces a new multi-cluster network solution. When underlying cluster networks cannot be connected directly, you can use an ASM East-West Gateway to connect them over the public internet. The new document, Overview of multi-cluster management, describes the modes and paths for multi-cluster management in ASM. | All | 1.21 or later | All | |
|
| All | 1.21 or later | All | |
Route-level configuration for |
| All | 1.21 or later | All | Use ASMCompressor to define compression configurations for inter-application service calls |
April 2024
Feature | Description | Regions | Istio version | Editions | References |
Istio 1.21 support | This release adds support for Istio 1.21 as a Canary Release, which includes the latest community features:
Important As of version 1.21, loading a bootstrap Configuration for a Sidecar Proxy before startup is deprecated. For more information, see Configure a sidecar proxy. | All | 1.21 or later | All | |
Automatic Certificate issuance for ASM gateways using the ACME Protocol | The ACME Protocol allows a certificate authority (CA) to automatically verify an applicant's Domain Name ownership before issuing a Certificate. Service Mesh (ASM) gateways can connect to various CAs through the ACME Protocol to dynamically obtain Domain Name Certificates, reducing Certificate maintenance overhead. | All | All | All | |
Data plane performance optimization with eRDMA and SMC | You can enable SMC-based performance optimization for Service Mesh Data Plane communication on eighth-generation Alibaba Cloud Elastic Compute Service (ECS) instances that support eRDMA and run Alibaba Cloud Linux (Alinux) 3. | All | 1.21 or later | All | Accelerate network performance between service mesh pods based on eRDMA |
Manage cross-VPC connectivity between Control Plane and Data Plane clusters with PrivateLink | When a Service Mesh (ASM) instance and a Data Plane Container Service for Kubernetes (ACK) cluster are in the same Region but different VPCs, you can use PrivateLink to establish connectivity between the Control Plane and Data Plane clusters. ASM provides a CRD-based method to simplify network configuration. | All | 1.21 or later | All | Manage connectivity between control plane and data plane clusters across VPCs using PrivateLink |
Accelerate inference for model services with dynamic subset routing | Dynamic subset routing in Service Mesh (ASM) routes requests directly to the correct Runtime Environment, accelerating the Inference process for model services. | All | 1.21 or later | All | Use dynamic subset routing to accelerate model service mesh inference |
Use ASMCircuitBreaker to configure circuit breaker rules for inter-service call traffic | Use the ASMCircuitBreaker CRD to configure circuit breaker rules for east-west traffic. | All | 1.19 and later | All | Use ASMCircuitBreaker to configure circuit breaker rules for inter-service call traffic |
March 2024
Feature | Description | Regions | Istio versions | Product specifications | References |
Plain text format for access logs | You can now output access logs to the Container Standard Output as plain text. This format is more space-efficient and information-dense than JSON. | All | v1.20 and later | All | |
Configure Maintenance Windows for the Managed Control Plane | You can now set a Maintenance Window for your Service Mesh to define when automatic maintenance of the Managed Control Plane occurs. | All | All | All | |
Develop Wasm Extensions for the Mesh Proxy using Go | You can now develop Wasm Extensions in Go and inject them into the Mesh Proxy's filter chain. These extensions let you implement custom logic, such as dynamically modifying HTTP headers, adjusting routing, or integrating with external authorization services. | All | v1.18 and later | All | |
Support for Managed Security Groups | New ASM Instances now use Managed Security Groups. These groups provide enhanced security for the Managed Control Plane. | All | v1.20 and later | All |
February 2024
Feature | Description | Regions | Applicable Istio versions | Applicable editions | References |
Support for Istio 1.20 | Adds support for Istio 1.20 and its latest community features. | All | v1.20 and later | All | |
Canary upgrade for ASM gateway | Service Mesh (ASM) now supports canary upgrades for the ASM gateway to ensure business continuity. You can deploy a new gateway version to verify traffic before completing the full upgrade. If an issue occurs, roll back at any time by deleting the new version's pods. After resolving the issue, you can resume the upgrade. | All | v1.20 and later | All | |
Encrypted collection of monitoring metrics | Service Mesh (ASM) now uses mutual TLS (mTLS) to encrypt monitoring metrics for in-mesh applications, providing the same security as service-to-service communication. | All | All | All | Collect monitoring metrics for in-mesh applications via mTLS |
Enhanced plugin center and Envoy filters |
| All | v1.18 and later | All | |
Declarative management for Envoy filter templates and traffic lanes |
| All | v1.20 and later | All |
January 2024
Feature | Description | Regions | Istio versions | Editions | References |
AI-powered mesh diagnostics | Integrates an AI assistant to provide intelligent analysis. After a diagnostic result is generated, a Large Language Model (LLM) explains the cause of each issue and recommends a solution. | All | All | All | |
Enhanced Mesh Topology | The Mesh Topology feature enhances observability and usability.
| All | All | All | |
Support for custom request and response headers | Adds support for customizing request and response headers using | All | All | All | |
Scenario-based rate limiting | Introduces best practices for applying rate limiting in the following scenarios:
| All | v1.11.5 and later | Enterprise and Ultimate editions |
December 2023
Feature | Description | Regions | Istio version | Editions | References |
Support for Istio 1.19 and 1.18 patch releases |
| All | All | All | None |
Pay-as-you-go billing for Server Load Balancer | When you create a new Service Mesh (ASM) instance, the system automatically creates a private-facing, pay-as-you-go Server Load Balancer (CLB) to access the API Server and the Istio control plane. | All | All | All | |
Support for CEL-based log filtering rules | You can now use Common Expression Language (CEL) to set log filtering rules. In high-traffic scenarios, filtering logs based on specific conditions reduces sidecar proxy overhead and allows you to focus on critical log content. | All | v1.18 and later | All | |
Simplified management for Local Throttling | This release enhances the Local Throttling feature. A new graphical interface in the Traffic Management Center simplifies the configuration process, reduces operational errors, and improves usability. | All | v1.18 and later | All |
November 2023
Feature | Description | Regions | Istio version | Editions | References |
Support for Model Service Mesh | This feature lets you manage and route model services through the mesh. It provides advanced traffic management capabilities, such as
A | All | v1.18 and later | All | |
Standalone deployment for ASM gateways in a Serverless architecture | This feature introduces a | All | v1.18 and later | All | Use an ASM Serverless gateway to improve high availability and elasticity |
Server Load Balancer (CLB) support for Managed Mesh Topology | You can now use a | All | v1.18 and later | All | |
Support for KServe 0.11 | This release adds support for integration with KServe 0.11, simplifying the management of model service workloads. You can now deploy | All | v1.18 and later | All | |
Support for OpenTelemetry Collector integration |
| All | v1.18 and later | All |
October 2023
Feature | Description | Regions | Istio versions | Product specifications | References |
Introduces | This Custom Resource Definition (CRD) provides a declarative method to configure compression for calls between application services. It offers a consistent method for adding compression filters to applications and supports both Gzip and Brotli compression algorithms. | All | v1.18 and later | All | |
Introduces | This Custom Resource Definition (CRD) enables you to configure JSON/HTTP to gRPC transcoding for calls between application services. It provides a consistent way to add transcoding filters to applications. | All | v1.18 and later | All | |
Enables custom Wasm plugins for the ASM data plane. | You can configure custom Wasm plugins for ASM mesh proxies or gateways to extend the capabilities of the data plane. Wasm plugins can be written in multiple languages, such as C++ and Go, and can be loaded from various sources, including an HTTP endpoint, an OCI image hub, or a | All | v1.18 and later | All | Use a Coraza Wasm plugin to implement WAF capabilities on an ASM gateway |
Introduces | This Custom Resource Definition (CRD) provides a declarative method to configure global rate limiting for gateways and application services. | All | v1.18 and later | All |
September 2023
Feature | Description | Regions | Istio version | Editions | References |
Dynamic Subset Load Balancing | This feature provides dynamic subset load balancing, which allows you to flexibly select a target Service Subset based on request information such as | All | v1.18 and later | Enterprise Edition, Ultimate Edition | |
Traffic Lane 2.0 with Support for Strict and Loose Modes | The loose Mode includes a fallback mechanism to a baseline Traffic Lane, which simplifies request handling in scenarios where end-to-end headers are already propagated. | All | v1.18 and later | Enterprise Edition, Ultimate Edition | |
Mesh Topology 2.0 with Managed Mode Support | Compared to enabling Mesh Topology in deployment mode on a Data Plane Kubernetes cluster, Managed Mode offers significant advantages, including unified multi-cluster observability, simplified Configuration, and higher service reliability. | All | v1.18 and later | Enterprise Edition, Ultimate Edition |
August 2023
Feature | Description | Regions | Istio versions | Editions | References |
Support for a new Data Plane mode | This release introduces a new Data Plane mode compatible with the community's Istio Ambient Mesh. This mode enables incremental adoption of Service Mesh technology, allowing you to use features as needed, including new Layer 4 (L4) and Layer 7 (L7) routing and authorization capabilities. | All | v1.18 and later | Enterprise Edition, Ultimate Edition | |
Support for Istio 1.18 | Service Mesh (ASM) now supports Istio 1.18, which includes the latest community features. | All | v1.18 and later | All | None |
Default CNI mode for ASM instance creation | The CNI Plugin mode is now enabled by default when you create a Service Mesh (ASM) instance. This ensures compatibility with the CNI DaemonSet in environments such as Container Service for Kubernetes (ACK) on Elastic Container Instance (ECI) and ACK Serverless. | All | v1.18 and later | All | |
Support for Knative 1.8 | Service Mesh (ASM) v1.18 now uses Knative 1.8 by default when deploying serverless workloads with Knative. | All | v1.18 and later | All | |
Network Load Balancer (NLB) support for Ingress Gateways | You can now create an Ingress Gateway with a Network Load Balancer (NLB), leveraging its high performance and auto-scaling capabilities to improve traffic stability. | All | v1.18 and later | All |
July 2023
Feature | Description | Regions | Istio version | Edition | References |
Control plane canary upgrade | Provides a safer and more stable canary upgrade for new control plane versions by using a revision- and label-based mode. | All | v1.16 and later | Enterprise Edition, Ultimate Edition | |
Simplified label sync management for global namespaces | This feature lets you associate a global namespace with a specific Kubernetes Cluster and selectively sync different namespace labels to different clusters. The ASM console now provides the namespace label | All | v1.16 and later | All | |
Audit alerts for mesh resource operations | After you enable the mesh audit feature, you can configure alerts in Simple Log Service (SLS) for changes to mesh resources to notify an alert contact whenever important resources are modified. | All | v1.15 and later | All | |
Adaptive configuration push for egress gateways | When adaptive configuration push is enabled, the cluster deploys an egress gateway named istio-axds-egressgateway and lets you modify its configuration. | All | v1.15 and later | All | Use adaptive configuration push to improve control plane push efficiency |
External OPA execution engine integration | Compared to the sidecar pattern, an external Open Policy Agent (OPA) execution engine consumes fewer resources, allows applications to be integrated without a restart, and provides more flexibility in deciding which requests execute OPA policies. | All | v1.15 and later | All | Use ASM security policies to connect to an external OPA execution engine |
Gateway log dashboards | A new gateway-level log page allows you to view the raw logs and log dashboards for a specific gateway. | All | v1.17 and later | All |
June 2023
Feature | Description | Regions | Applicable Istio versions | Applicable editions | References |
New observability management center 2.0 | Provides integrated configuration for logs, monitoring metrics, and Tracing Analysis. | All | v1.17.2.35 and later | All | |
Support for dynamically merging Istio and application monitoring metrics | Allows application services with Prometheus monitoring endpoints to export their business metrics through the mesh proxy by merging them with Istio metrics. | All | v1.17 and later | All | |
Service Discovery scope configuration supports a denylist mode for namespaces | The service discovery scope now supports both allowlist and denylist modes. In denylist mode, the Service Mesh (ASM) control plane discovers and processes applications in all namespaces except those on the denylist. This improves the efficiency of pushing configurations from the control plane to data plane sidecar proxies. | All | v1.17 and later | Enterprise Edition, Ultimate Edition | Configure the service discovery scope to improve mesh configuration push efficiency |
Traffic management now supports a Fallback Mechanism | When a service call fails, a fallback mechanism provides an alternative execution path. Service Mesh (ASM) supports defining a | All | v1.17 and later | Enterprise Edition, Ultimate Edition | |
Mesh topology now supports login with Resource Access Management (RAM) users and custom access methods | Login with an Alibaba Cloud RAM user is now the default method for accessing the mesh topology UI console. You can also customize access by configuring the domain name, port, root path, and protocol. | All | v1.17 and later | All | |
ASM certificate management can now send anomaly alerts to Simple Log Service (SLS) | You can now configure alerts for certificate management in control plane alerting. This feature supports two Alert Types: Expired and Expiring Soon. | All | v1.17 and later | All |
May 2023
Feature | Description | Regions | Istio versions | Applicable editions | References |
Support for Istio 1.17 | This release adds support for Istio 1.17, which includes the latest community features. | All | v1.17 and later | All | None |
Integration with KServe for MLOps management | Alibaba Cloud Service Mesh (ASM) now integrates with KServe to simplify managing model service workloads. | All | v1.17 and later | Enterprise Edition, Ultimate Edition | Integrate ASM with KServe for cloud-native AI model inference services |
Support for Serverless Gateway | The ASM | All | v1.16 and later | Enterprise Edition, Ultimate Edition | Use ASM Serverless Gateways to support elastic business scenarios |
Global certificate management | ASM now supports global certificate management:
| All | v1.17 and later | All | |
Enhanced | The | All | v1.15 and later | Enterprise Edition, Ultimate Edition | |
Exclude specific Namespaces in | You can now select Namespaces to exclude from | All | v1.17 and later | All |
April 2023
Feature | Description | Release region | Istio version | Edition | References |
Support for Istio 1.16 | Adds compatibility with the Istio 1.16 community release series. | All | v1.16 and later | All | None |
Enhanced sidecar injection management | Simplifies configuration management for injection policies and sidecar injectors. | All | v1.16 and later | All | |
Support for the gRPC-JSON transcoder plugin | Lets you access gRPC services using RESTful APIs or other HTTP/JSON tools, simplifying integration. | All | v1.16 and later | Enterprise Edition, Ultimate Edition | Use ASMGrpcJsonTranscoder to request gRPC services in a mesh using HTTP/JSON |
Support for RAM login to Mesh Topology | Allows you to log on with your Alibaba Cloud Resource Access Management (RAM) identity, enabling Single Sign-On (SSO) for the Mesh Topology UI. | All | v1.16 and later | Enterprise Edition, Ultimate Edition |
March 2023
Feature | Description | Region | Istio versions | Editions | References |
Integration with Web Application Firewall (WAF) |
| All | All |
| |
Support for | You can now use | All | v1.16 and later |
| Use an ASM Gateway as an Ingress controller to expose in-cluster services |
Support for managing | Integrates the | All | v1.16 and later |
| |
| Integrates the | All | v1.15.3.120 and later |
| |
| When dynamic resource Overcommitment is enabled, you can set the resource type for | All | v1.16 and later |
| |
New egress traffic policy: | The | All | v1.16 and later |
| |
Support for a global default retry policy for HTTP requests | You can now configure a global default retry policy for HTTP requests, which includes the number of retries, retry timeout, and retry conditions. | All | v1.15 and later | All | None |
February 2023
Feature | Description | Regions | Istio version | Editions | References |
Release of Istio version 1.15.3.105 | Compatible with the community Istio 1.15 series. Supports Kubernetes versions 1.21 to 1.25. | All | v1.15.3.105 | All | None |
Enhanced mesh observability |
| All | All | All | |
Improved Mesh Topology performance |
| All | v1.14 and later | All | |
Enhanced multi-cluster traffic management | Supports configuring In-cluster Traffic Locality in multi-cluster environments. When this feature is enabled for a service, traffic is directed only to Workloads within the same cluster. | All | v1.15.3.101 and later | All | |
Enhanced Sidecar Proxy Configuration |
| All | v1.15.3.101 and later | All | |
Enhanced ASM gateway customization and observability |
| All | All | Enterprise Edition, Ultimate Edition |
January 2023
Feature | Description | Region | Applicable Istio versions | Applicable editions | References |
Custom time ranges in grid topology | Grid Topology now lets you query the topology graph for any time range within the last 90 days, making it easier to view historical topologies. | All | v1.14 and later | All | |
Enhanced configuration parameters for data plane sidecar proxies | A new option allows you to configure Sidecar Proxy environment variables to load a bootstrap configuration before the proxy starts. | All | v1.15.3.63 and later | All | |
Enhanced gateway security capabilities | The Gateway now offers a single configuration for both OpenID Connect (OIDC) Single Sign-On (SSO) and JWT Authentication. | All | v1.15.3.25 and later | Enterprise Edition, Ultimate Edition |
Historical release notes
For Service Mesh (ASM) release notes prior to 2023, see Historical release notes (before 2023).