Este conteúdo não está disponível no idioma selecionado.

Chapter 3. Service Mesh feature support tables


3.1.3 feature support tables provide guidance on feature availability in OpenShift Service Mesh 3.

3.1. Definitions

For Red Hat OpenShift Service Mesh 3, features that are Generally Available (GA) are fully supported and are suitable for production use.

Technology Preview (TP) features are not supported with Red Hat production service level agreements (SLAs) and might not be functionally complete. Red Hat does not recommend using them in production. These features provide early access to upcoming product features, enabling customers to test functionality and provide feedback during the development process. See the Technology Preview scope of support on the Red Hat Customer Portal for more information about Technology Preview features.

Developer Preview (DP) features are not supported by Red Hat in any way and are not functionally complete or production-ready. Do not use Developer Preview features for production or business-critical workloads. Developer Preview features provide early access to upcoming product features in advance of their possible inclusion in a Red Hat product offering, enabling customers to test functionality and provide feedback during the development process. These features might not have any documentation, are subject to change or removal at any time, and testing is limited. Red Hat might provide ways to submit feedback on Developer Preview features without an associated SLA.

Not available (NA) features might not be available with Red Hat OpenShift Service Mesh 3.

3.2. Sail Operator APIs

Expand
FeatureStatus

Istio

GA

IstioRevision

GA

IstioCNI

GA

IstioRevisionTag

GA

ZTunnel

TP

3.3. Istio deployment and lifecycle

Expand
FeatureStatus

Installation with the Red Hat OpenShift Service Mesh Operator

GA

Istio sidecar mode data plane

GA

InPlace and RevisionBased control plane upgrades with the Red Hat OpenShift Service Mesh Operator

GA

The Istio multicluster mesh deployment models

GA

The Istio external control plane deployment models

GA

Multiple control planes on a single OpenShift Container Platform cluster

GA

IstioCNI plugin

GA

Istio configuration scoping: Sidecar API, exportTo and discovery selectors

GA

IPv6 support

GA

Dual stack IPv4/IPv6

GA [4]

Virtual machine (non-OpenShift) workload integration

NA

Istioctl for select commands

GA [1]

Helm or Istioctl installation

NA [2]

ProxyConfig

GA [3]

  1. For more information, see "Support for Istioctl".
  2. Installation is only supported by using the OpenShift Service Mesh 3 Operator, which uses the Istio Helm chart values for managing configuration.
  3. The ProxyConfig API is supported with the exception of the image field, which is not supported.
  4. Dual-Stack IPv4/IPv6 is supported on x86 environments only. On non-x86 environments, this feature remains a Technology Preview.

3.4. Istio traffic management

Expand
FeatureStatus

Protocols: HTTP1.1/HTTP2/HTTPS/gRPC/TCP/TLS

GA

Traffic control: label/content based routing, traffic shifting

GA

VirtualService, DestinationRule and ServiceEntry

GA

Resilience features: timeouts, retries, connection pools, outlier detection

GA

Gateway: ingress, egress for all supported protocols

GA

Gateway injection

GA

TLS termination and SNI support in gateways

GA

Locality load balancing

GA

DNS proxying

GA

Kubernetes Multi-Cluster Service (MCS) discovery

DP

3.5. Kubernetes Gateway API

Expand
FeatureStatus

Kubernetes Gateway APIs for ingress (Gateway parentRef)

GA

Kubernetes Gateway APIs for mesh (Service parentRef)

GA

Kubernetes Gateway API custom resource definitions (CRDs)

GA [1]

Kubernetes Gateway API manual deployment

NA

Gateway network topology configuration

DP

Gateway inference extensions

TP

  1. The use of Kubernetes Gateway API requires custom resource definitions (CRDs). The CRDs are present by default and generally available on Red Hat OpenShift Service Mesh 4.19 and later releases. Red Hat OpenShift Service Mesh 4.18 and earlier releases do not include or provide support for these CRDs.

3.6. Security features

3.6.1. Encryption and certificate management

Expand
FeatureStatus

Service-to-service mutual TLS encryption

GA

Identity and certificate management for workloads

GA

Peer authentication

GA

Certificate management for ingress gateway

GA

Pluggable key/certificate support for Istio certificate authority (CA)

GA

Cert-Manager integration with the cert-manager Operator for Red Hat OpenShift

GA

Kubernetes ClusterTrustBundles

DP

3.6.2. Authorization and policy enforcement

Expand
FeatureStatus

AuthorizationPolicy

GA

External authorization

GA

End user (JWT) authentication

GA

JWT claim based routing

GA

Authorization dry run

TP

Copy JWT claims to HTTP Headers

DP

RequestAuthentication

GA

3.7. Observability features

OpenShift Service Mesh 3 provides end-to-end support for observability, including logs, metrics, and distributed tracing with Red Hat OpenShift Observability and the Kiali Operator provided by Red Hat.

+Integrations with other community projects (including community Prometheus) and third-party solutions can be configurable through Istio or Observability operators, but those solutions are not supported by Red Hat.

Expand
FeatureStatus

Integration with Red Hat OpenShift Observability - user workload monitoring

GA

Red Hat OpenShift distributed tracing platform (Tempo)

GA

Red Hat OpenShift distributed tracing data collection Operator

GA

Trace sampling configuration

GA

Istio Telemetry API for configuring logs, metrics, and traces

GA

Istio preconfigured Grafana dashboards

DP [1]

Request classification

NA

  1. While Grafana is not included as part of OpenShift Service Mesh, you can use the preconfigured dashboards for Grafana maintained by the Istio community with OpenShift Service Mesh under a Developer Preview scope.

3.8. Consoles and dashboards

Expand
FeatureStatus

Kiali Operator provided by Red Hat

GA

Kiali Server

GA

OpenShift Service Mesh Console (OSSMC) plugin

GA

3.9. Extensibility features

Expand
FeatureStatus

WebAssembly extension

GA [1]

EnvoyFilter API

DP [2]

  1. The WasmPlugin API for extending Istio using Web Assembly extensions is supported, but support is not provided for any Web Assembly extension modules unless explicitly documented.
  2. The EnvoyFilter API is available for use with Red Hat OpenShift Service Mesh, but is not supported, except where explicitly documented. Due to tight coupling with the underlying Envoy APIs, backward compatibility cannot be maintained. Note that EnvoyFilter patches are very sensitive to the format of the Envoy configuration that is generated by Istio. If the configuration generated by Istio changes, it has the potential to break the application of the EnvoyFilter configuration. Any configuration provided through this API should be carefully monitored across Istio proxy version upgrades to ensure that deprecated fields are removed and replaced appropriately. If a support case is raised where an EnvoyFilter configuration is used, Red Hat might request that the issue be reproduced with the EnvoyFilter configuration removed.

3.10. Istio Ambient mode (sidecarless) data plane

Expand
FeatureStatus

Istio ambient mode - all features

TP

Voltar ao topo
Red Hat logoGithubredditYoutubeTwitter

Aprender

Experimente, compre e venda

Comunidades

Sobre a documentação da Red Hat

Ajudamos os usuários da Red Hat a inovar e atingir seus objetivos com nossos produtos e serviços com conteúdo em que podem confiar. Explore nossas atualizações recentes.

Tornando o open source mais inclusivo

A Red Hat está comprometida em substituir a linguagem problemática em nosso código, documentação e propriedades da web. Para mais detalhes veja o Blog da Red Hat.

Sobre a Red Hat

Fornecemos soluções robustas que facilitam o trabalho das empresas em plataformas e ambientes, desde o data center principal até a borda da rede.

Theme

© 2025 Red Hat