Unsupported Istio APIs in Managed Cloud Service Mesh
This page contains a non-exhaustive list of the API fields and their
corresponding Istio API that have are unsupported in TRAFFIC_DIRECTOR
control plane implementation.
Table of contents
- DestinationRule
- MeshConfig
- Gateway
- ProxyConfig
- ServiceEntry
- Sidecar
- Telemetry
- VirtualService
- WasmPlugin
- WorkloadEntry
- WorkloadGroup
DestinationRule
API | Field |
---|---|
DestinationRule | subsets.trafficPolicy.portLevelSettings.loadBalancer.localityLbSetting.failoverPriority |
DestinationRule | trafficPolicy.portLevelSettings.loadBalancer.localityLbSetting.distribute.to |
DestinationRule | trafficPolicy.portLevelSettings.loadBalancer.localityLbSetting.distribute.from |
DestinationRule | subsets.trafficPolicy.portLevelSettings.loadBalancer.localityLbSetting.distribute.to.key |
DestinationRule | subsets.trafficPolicy.loadBalancer.localityLbSetting.distribute.from |
DestinationRule | subsets.trafficPolicy.loadBalancer.localityLbSetting.distribute.to.value |
DestinationRule | subsets.trafficPolicy.portLevelSettings.loadBalancer.localityLbSetting.distribute.to.value |
DestinationRule | subsets.trafficPolicy.portLevelSettings.loadBalancer.localityLbSetting.distribute.from |
DestinationRule | trafficPolicy.tunnel.protocol |
DestinationRule | subsets.trafficPolicy.loadBalancer.localityLbSetting.distribute.to.key |
Gateway
API | Field |
---|---|
Gateway | servers.tls.verifyCertificateHash |
Gateway | servers.tls.verifyCertificateSpki |
MeshConfig
API | Field |
---|---|
MeshConfig | ca.tlsSettings.caCertificates |
MeshConfig | ca.tlsSettings.privateKey |
MeshConfig | configSources.tlsSettings.credentialName |
MeshConfig | extensionProviders.envoyTcpAls.logName |
MeshConfig | extensionProviders.envoyTcpAls.service |
MeshConfig | certificates.dnsNames |
MeshConfig | extensionProviders.lightstep.maxTagLength |
MeshConfig | extensionProviders.lightstep.port |
MeshConfig | configSources.tlsSettings.caCertificates |
MeshConfig | extensionProviders.stackdriver.debug |
MeshConfig | extensionProviders.stackdriver.maxTagLength |
MeshConfig | localityLbSetting.distribute.to.value |
MeshConfig | configSources.tlsSettings.insecureSkipVerify |
MeshConfig | extensionProviders.envoyHttpAls.additionalResponseHeadersToLog |
MeshConfig | extensionProviders.envoyHttpAls.additionalResponseTrailersToLog |
MeshConfig | extensionProviders.envoyOtelAls.logFormat.text |
MeshConfig | extensionProviders.skywalking.accessToken |
MeshConfig | proxyListenPort |
MeshConfig | ca.tlsSettings.subjectAltNames |
MeshConfig | ingressService |
MeshConfig | configSources.subscribedResources |
MeshConfig | extensionProviders.envoyHttpAls.filterStateObjectsToLog |
MeshConfig | extensionProviders.envoyHttpAls.service |
MeshConfig | extensionProviders.envoyTcpAls.filterStateObjectsToLog |
MeshConfig | extensionProviders.stackdriver.logging.labels.key |
MeshConfig | extensionProviders.envoyHttpAls.logName |
MeshConfig | extensionProviders.stackdriver.logging.labels.value |
MeshConfig | proxyInboundListenPort |
MeshConfig | ca.tlsSettings.insecureSkipVerify |
MeshConfig | configSources.tlsSettings.privateKey |
MeshConfig | extensionProviders.envoyHttpAls.port |
MeshConfig | extensionProviders.envoyTcpAls.port |
MeshConfig | extensionProviders.stackdriver.maxNumberOfAttributes |
MeshConfig | extensionProviders.stackdriver.maxNumberOfMessageEvents |
MeshConfig | ingressControllerMode |
MeshConfig | ca.tlsSettings.sni |
MeshConfig | certificates.secretName |
MeshConfig | extensionProviders.datadog.maxTagLength |
MeshConfig | extensionProviders.envoyOtelAls.logName |
MeshConfig | extensionProviders.lightstep.accessToken |
MeshConfig | extensionProviders.opencensus.maxTagLength |
MeshConfig | ingressClass |
MeshConfig | ca.tlsSettings.clientCertificate |
MeshConfig | caCertificates.trustDomains |
MeshConfig | extensionProviders.envoyOtelAls.logFormat.labels.fields |
MeshConfig | extensionProviders.stackdriver.maxNumberOfAnnotations |
MeshConfig | ingressSelector |
MeshConfig | caCertificates.certSigners |
MeshConfig | caCertificates.spiffeBundleUrl |
MeshConfig | configSources.tlsSettings.mode |
MeshConfig | configSources.tlsSettings.sni |
MeshConfig | configSources.tlsSettings.subjectAltNames |
MeshConfig | extensionProviders.lightstep.service |
MeshConfig | proxyHttpPort |
MeshConfig | ca.istiodSide |
MeshConfig | ca.tlsSettings.credentialName |
MeshConfig | extensionProviders.skywalking.port |
MeshConfig | extensionProviders.skywalking.service |
MeshConfig | extensionProviders.zipkin.enable64bitTraceId |
MeshConfig | localityLbSetting.distribute.to.key |
MeshConfig | ca.tlsSettings.mode |
MeshConfig | configSources.tlsSettings.clientCertificate |
MeshConfig | extensionProviders.zipkin.maxTagLength |
MeshConfig | extensionProviders.envoyHttpAls.additionalRequestHeadersToLog |
MeshConfig | extensionProviders.opentelemetry.maxTagLength |
ProxyConfig
API | Field |
---|---|
ProxyConfig | envoyAccessLogService.tlsSettings.subjectAltNames |
ProxyConfig | envoyMetricsService.tlsSettings.caCertificates |
ProxyConfig | envoyMetricsService.tlsSettings.privateKey |
ProxyConfig | readinessProbe.httpGet.httpHeaders.value |
ProxyConfig | discoveryAddress |
ProxyConfig | envoyMetricsService.tcpKeepalive.time.nanos |
ProxyConfig | proxyMetadata.TRUST_DOMAIN |
ProxyConfig | envoyAccessLogService.tcpKeepalive.time.nanos |
ProxyConfig | envoyMetricsService.address |
ProxyConfig | proxyMetadata.XDS_ROOT_CA |
ProxyConfig | readinessProbe.tcpSocket.port |
ProxyConfig | statsdUdpAddress |
ProxyConfig | statusPort |
ProxyConfig | envoyAccessLogService.tcpKeepalive.interval.nanos |
ProxyConfig | envoyMetricsService.tlsSettings.sni |
ProxyConfig | readinessProbe.timeoutSeconds |
ProxyConfig | tracing.openCensusAgent.context |
ProxyConfig | tracing.tlsSettings.mode |
ProxyConfig | tracing.tlsSettings.subjectAltNames |
ProxyConfig | envoyAccessLogService.tcpKeepalive.probes |
ProxyConfig | envoyAccessLogService.tlsSettings.clientCertificate |
ProxyConfig | envoyMetricsService.tlsSettings.mode |
ProxyConfig | readinessProbe.httpGet.scheme |
ProxyConfig | tracing.tlsSettings.caCertificates |
ProxyConfig | envoyAccessLogService.tlsSettings.sni |
ProxyConfig | envoyMetricsService.tlsSettings.credentialName |
ProxyConfig | proxyMetadata.HTTP_PROXY |
ProxyConfig | readinessProbe.failureThreshold |
ProxyConfig | readinessProbe.httpGet.path |
ProxyConfig | tracing.tlsSettings.insecureSkipVerify |
ProxyConfig | customConfigFile |
ProxyConfig | envoyAccessLogService.tlsSettings.credentialName |
ProxyConfig | proxyMetadata.ISTIO_META_PROXY_XDS_VIA_AGENT |
ProxyConfig | proxyMetadata.XDS_HEADER_Cloud-Run-Enable-H2 |
ProxyConfig | readinessProbe.exec.command |
ProxyConfig | readinessProbe.httpGet.httpHeaders.name |
ProxyConfig | readinessProbe.initialDelaySeconds |
ProxyConfig | tracing.lightstep.accessToken |
ProxyConfig | tracing.tlsSettings.privateKey |
ProxyConfig | configPath |
ProxyConfig | envoyAccessLogService.address |
ProxyConfig | envoyAccessLogService.tlsSettings.mode |
ProxyConfig | envoyAccessLogService.tlsSettings.privateKey |
ProxyConfig | envoyMetricsService.tcpKeepalive.interval.seconds |
ProxyConfig | proxyMetadata.PILOT_JWT_ENABLE_REMOTE_JWKS |
ProxyConfig | readinessProbe.successThreshold |
ProxyConfig | envoyAccessLogService.tlsSettings.caCertificates |
ProxyConfig | envoyMetricsService.tcpKeepalive.probes |
ProxyConfig | envoyMetricsService.tlsSettings.insecureSkipVerify |
ProxyConfig | privateKeyProvider.qat.pollDelay.nanos |
ProxyConfig | proxyMetadata.CA_ROOT_CA |
ProxyConfig | proxyMetadata.PROXY_CONFIG_XDS_AGENT |
ProxyConfig | readinessProbe.tcpSocket.host |
ProxyConfig | statNameLength |
ProxyConfig | tracing.tlsSettings.credentialName |
ProxyConfig | tracing.tlsSettings.sni |
ProxyConfig | envoyAccessLogService.tlsSettings.insecureSkipVerify |
ProxyConfig | envoyMetricsService.tlsSettings.clientCertificate |
ProxyConfig | envoyMetricsService.tlsSettings.subjectAltNames |
ProxyConfig | meshId |
ProxyConfig | proxyHeaders.server.value |
ProxyConfig | binaryPath |
ProxyConfig | envoyMetricsService.tcpKeepalive.interval.nanos |
ProxyConfig | privateKeyProvider.cryptomb.pollDelay.nanos |
ProxyConfig | proxyBootstrapTemplatePath |
ProxyConfig | tracing.lightstep.address |
ProxyConfig | tracing.tlsSettings.clientCertificate |
ProxyConfig | controlPlaneAuthPolicy |
ProxyConfig | envoyAccessLogService.tcpKeepalive.interval.seconds |
ProxyConfig | envoyMetricsService.tcpKeepalive.time.seconds |
ProxyConfig | readinessProbe.periodSeconds |
ProxyConfig | serviceCluster |
ProxyConfig | envoyAccessLogService.tcpKeepalive.time.seconds |
ProxyConfig | privateKeyProvider.qat.pollDelay.seconds |
ProxyConfig | proxyMetadata.HTTPS_PROXY |
ProxyConfig | proxyMetadata.ISTO_META_ENABLE_NATIVE_SIDECARS |
ProxyConfig | readinessProbe.httpGet.host |
ProxyConfig | privateKeyProvider.cryptomb.pollDelay.seconds |
ProxyConfig | proxyMetadata.XDS_AUTH_PROVIDER |
ProxyConfig | readinessProbe.httpGet.port |
ServiceEntry
API | Field |
---|---|
ServiceEntry | endpoints.network |
ServiceEntry | endpoints.serviceAccount |
ServiceEntry | endpoints.weight |
Sidecar
API | Field |
---|---|
Sidecar | inboundConnectionPool.tcp.maxConnections |
Sidecar | ingress.connectionPool.http.maxRetries |
Sidecar | ingress.tls.cipherSuites |
Sidecar | inboundConnectionPool.http.http2MaxRequests |
Sidecar | ingress.connectionPool.tcp.maxConnectionDuration |
Sidecar | ingress.tls.credentialName |
Sidecar | outboundTrafficPolicy.egressProxy.host |
Sidecar | inboundConnectionPool.tcp.tcpKeepalive.interval |
Sidecar | inboundConnectionPool.tcp.tcpKeepalive.time |
Sidecar | ingress.connectionPool.http.h2UpgradePolicy |
Sidecar | ingress.connectionPool.tcp.maxConnections |
Sidecar | ingress.tls.subjectAltNames |
Sidecar | ingress.tls.verifyCertificateHash |
Sidecar | outboundTrafficPolicy.egressProxy.subset |
Sidecar | ingress.connectionPool.tcp.tcpKeepalive.probes |
Sidecar | ingress.tls.maxProtocolVersion |
Sidecar | ingress.tls.privateKey |
Sidecar | egress.port.targetPort |
Sidecar | ingress.connectionPool.http.http1MaxPendingRequests |
Sidecar | ingress.connectionPool.http.useClientProtocol |
Sidecar | ingress.tls.serverCertificate |
Sidecar | inboundConnectionPool.http.maxRetries |
Sidecar | inboundConnectionPool.tcp.maxConnectionDuration |
Sidecar | ingress.connectionPool.tcp.tcpKeepalive.interval |
Sidecar | inboundConnectionPool.http.http1MaxPendingRequests |
Sidecar | ingress.tls.mode |
Sidecar | outboundTrafficPolicy.egressProxy.port.number |
Sidecar | inboundConnectionPool.tcp.connectTimeout |
Sidecar | ingress.connectionPool.http.idleTimeout |
Sidecar | ingress.connectionPool.http.maxRequestsPerConnection |
Sidecar | inboundConnectionPool.http.idleTimeout |
Sidecar | ingress.connectionPool.tcp.tcpKeepalive.time |
Sidecar | ingress.tls.minProtocolVersion |
Sidecar | inboundConnectionPool.http.h2UpgradePolicy |
Sidecar | inboundConnectionPool.http.useClientProtocol |
Sidecar | ingress.connectionPool.http.http2MaxRequests |
Sidecar | ingress.tls.httpsRedirect |
Sidecar | ingress.tls.verifyCertificateSpki |
Sidecar | inboundConnectionPool.http.maxRequestsPerConnection |
Sidecar | inboundConnectionPool.tcp.tcpKeepalive.probes |
Sidecar | ingress.port.targetPort |
Sidecar | ingress.connectionPool.tcp.connectTimeout |
Sidecar | ingress.tls.caCertificates |
Telemetry
API | Field |
---|---|
Telemetry | metrics.reportingInterval |
Telemetry | metrics.overrides.match.customMetric |
Telemetry | accessLogging.match |
VirtualService
API | Field |
---|---|
VirtualService | http.mirrors.percentage.value |
VirtualService | http.match.statPrefix |
VirtualService | http.corsPolicy.maxAge.nanos |
VirtualService | http.fault.abort.http2Error |
VirtualService | http.fault.delay.exponentialDelay |
WasmPlugin
API | Field |
---|---|
WasmPlugin | ALL_UNSUPPORTED |
WorkloadEntry
API | Field |
---|---|
WorkloadEntry | ALL_UNSUPPORTED |
WorkloadGroup
API | Field |
---|---|
WorkloadGroup | ALL_UNSUPPORTED |