All Products
Search

This Product

    Alibaba Cloud Service Mesh:Limits

    Document Center

    Alibaba Cloud Service Mesh:Limits

    Last Updated:Nov 28, 2024

    This topic describes the limits on the use of Ambient Mesh.

    Fewer features

    Compared with the sidecar mode, Ambient Mesh supports fewer features. Therefore, we recommend that you do not use Ambient Mesh in production environments.

    Limits on authorization policies

    The waypoint proxies do not support the ipBlocks field. If you configure rules related to this field, the rules do not take effect.

    Features such as Layer 4 authorization policies and peer authentication of Service Mesh (ASM) instances of V1.22 are being tested by using canary releases. If you need to use these features, submit a ticket.

    Limits on traffic management

    The trafficPolicy and workloadSelector fields of destination rules cannot take effect. You can only configure subsets for services by using destination rules.

    Limits on observability

    In Ambient Mesh, metric monitoring and Mesh Topology are not supported.

    Supported Kubernetes clusters and configurations

    • Network plug-ins: In ASM instances of V1.21 and later, the Ambient Mesh mode can run in ACK clusters in which the Terway and Flannel network plug-ins are installed and supports the iptables and IP Virtual Server (IPVS) kube-proxy modes. In addition, the Ambient Mesh mode supports the IPVLAN mode and the NetworkPolicy feature of the Terway plug-in.

    • Operating systems: Alibaba Cloud Linux 2 and Alibaba Cloud Linux 3 are supported.

    • If you want to use the Ambient Mesh mode in Container Compute Service (ACS) clusters, ACK serverless clusters, ACK edge clusters, and registered clusters, submit a ticket to obtain technical support.

    Scenarios in which the sidecar mode is preferable

    • Source services require specific client-side configurations: A waypoint proxy in Ambient Mesh mode is a server-side proxy. All clients accessing a destination service will send requests to this waypoint proxy, and special settings cannot be configured for a specific client. In sidecar mode, you can use the sourceLabels field in a virtual service to configure capabilities specific to a given client, such as fault injection, retries, and timeouts. 使用限制1.png

    • Destination services require policies specific to the destination workloads: ASM instances of V1.22 and later allow you to flexibly enable waypoint proxies for specified services or workloads. If you need more fine-grained configurations specific to a destination service, the sidecar mode can help you. 使用限制2.png

    Compatibility with the existing sidecar mode

    In Istio, both the Ambient Mesh and sidecar modes are supported and can interoperate with each other. However, the Ambient Mesh mode does not provide all the capabilities of the sidecar mode. We recommend that you do not use the Ambient Mesh mode in production environments.

    Upgrade

    Ambient Mesh is in the alpha testing phase. Ambient Mesh API may have breaking changes and compatibility with earlier versions of ASM instances is not guaranteed. Upgrading Ambient Mesh may interrupt traffic. We recommend that you do not use Ambient Mesh in production environments.