All Products
Search

This Product

    Alibaba Cloud Service Mesh:Limits

    Document Center

    Alibaba Cloud Service Mesh:Limits

    Last Updated:Nov 03, 2023

    This topic describes the limits on the use of Ambient Mesh.

    Fewer features

    Compared with the sidecar mode, Ambient Mesh supports fewer features. Therefore, we recommend that you do not use Ambient Mesh in production environments.

    Limits on authorization policies

    The waypoint proxies do not support the ipBlocks field. If you configure rules related to this field, the rules do not take effect.

    Limits on traffic management

    The trafficPolicy and workloadSelector fields of destination rules cannot take effect. You can only configure subsets for services by using destination rules.

    Limits on observability

    In Ambient Mesh, metric monitoring and Mesh Topology are not supported.

    Supported ACK clusters and configurations

    • Types of Container Service for Kubernetes (ACK) clusters: ACK Serverless clusters, Edge clusters, and registered clusters are not supported.

    • Network plug-ins: The Terway plug-in is supported when the IPVLAN mode is disabled for your cluster. kube-proxy supports the iptables and IP Virtual Server (IPVS) modes when the Terway plug-in is used. The open source plug-in Flannel is not supported. Currently, Service Mesh (ASM) in Ambient Mesh mode does not support ACK clusters to use the IPVLAN mode or the NetworkPolicy feature of the Terway plug-in.

    • Operating systems: Alibaba Cloud Linux 2 and Alibaba Cloud Linux 3 are supported.

    Scenarios in which the sidecar mode is preferable

    • Source services require specific client-side configurations: The sidecar mode is preferable in this scenario because the waypoint proxies only for destination services provide shared configurations for all source services and cannot provide specific client-side configurations. In sidecar mode, you can use the sourceLabels field in a virtual service to configure capabilities specific to a source, such as the configuration of fault injection, retry, or timeout. 使用限制1.png

    • Destination services require policies specific to the destination workloads: The sidecar mode is preferable in this scenario because a waypoint proxy is deployed per service account or namespace. If you need more fine-grained configurations specific to a destination service, the sidecar mode can help you. 使用限制2.png

    Compatibility with the existing sidecar mode

    In Istio, both the Ambient Mesh and sidecar modes are supported and can interoperate with each other. However, the Ambient Mesh mode does not provide all the capabilities of the sidecar mode. We recommend that you do not use the Ambient Mesh mode in production environments.

    Upgrade

    Ambient Mesh is in the alpha testing phase. Ambient Mesh API may have breaking changes and compatibility with earlier versions of ASM instances is not guaranteed. Upgrading Ambient Mesh may interrupt traffic. We recommend that you do not use Ambient Mesh in production environments.