Unsupported Istio APIs in Managed Cloud Service Mesh

This page contains a non-exhaustive list of the API fields and their corresponding Istio API that have are unsupported in TRAFFIC_DIRECTOR control plane implementation.

Table of contents

DestinationRule

API Field
DestinationRule subsets.trafficPolicy.portLevelSettings.loadBalancer.localityLbSetting.failoverPriority
DestinationRule trafficPolicy.portLevelSettings.loadBalancer.localityLbSetting.distribute.to
DestinationRule trafficPolicy.portLevelSettings.loadBalancer.localityLbSetting.distribute.from
DestinationRule subsets.trafficPolicy.portLevelSettings.loadBalancer.localityLbSetting.distribute.to.key
DestinationRule subsets.trafficPolicy.loadBalancer.localityLbSetting.distribute.from
DestinationRule subsets.trafficPolicy.loadBalancer.localityLbSetting.distribute.to.value
DestinationRule subsets.trafficPolicy.portLevelSettings.loadBalancer.localityLbSetting.distribute.to.value
DestinationRule subsets.trafficPolicy.portLevelSettings.loadBalancer.localityLbSetting.distribute.from
DestinationRule trafficPolicy.tunnel.protocol
DestinationRule subsets.trafficPolicy.loadBalancer.localityLbSetting.distribute.to.key

Gateway

API Field
Gateway servers.tls.verifyCertificateHash
Gateway servers.tls.verifyCertificateSpki

MeshConfig

API Field
MeshConfig ca.tlsSettings.caCertificates
MeshConfig ca.tlsSettings.privateKey
MeshConfig configSources.tlsSettings.credentialName
MeshConfig extensionProviders.envoyTcpAls.logName
MeshConfig extensionProviders.envoyTcpAls.service
MeshConfig certificates.dnsNames
MeshConfig extensionProviders.lightstep.maxTagLength
MeshConfig extensionProviders.lightstep.port
MeshConfig configSources.tlsSettings.caCertificates
MeshConfig extensionProviders.stackdriver.debug
MeshConfig extensionProviders.stackdriver.maxTagLength
MeshConfig localityLbSetting.distribute.to.value
MeshConfig configSources.tlsSettings.insecureSkipVerify
MeshConfig extensionProviders.envoyHttpAls.additionalResponseHeadersToLog
MeshConfig extensionProviders.envoyHttpAls.additionalResponseTrailersToLog
MeshConfig extensionProviders.envoyOtelAls.logFormat.text
MeshConfig extensionProviders.skywalking.accessToken
MeshConfig proxyListenPort
MeshConfig ca.tlsSettings.subjectAltNames
MeshConfig ingressService
MeshConfig configSources.subscribedResources
MeshConfig extensionProviders.envoyHttpAls.filterStateObjectsToLog
MeshConfig extensionProviders.envoyHttpAls.service
MeshConfig extensionProviders.envoyTcpAls.filterStateObjectsToLog
MeshConfig extensionProviders.stackdriver.logging.labels.key
MeshConfig extensionProviders.envoyHttpAls.logName
MeshConfig extensionProviders.stackdriver.logging.labels.value
MeshConfig proxyInboundListenPort
MeshConfig ca.tlsSettings.insecureSkipVerify
MeshConfig configSources.tlsSettings.privateKey
MeshConfig extensionProviders.envoyHttpAls.port
MeshConfig extensionProviders.envoyTcpAls.port
MeshConfig extensionProviders.stackdriver.maxNumberOfAttributes
MeshConfig extensionProviders.stackdriver.maxNumberOfMessageEvents
MeshConfig ingressControllerMode
MeshConfig ca.tlsSettings.sni
MeshConfig certificates.secretName
MeshConfig extensionProviders.datadog.maxTagLength
MeshConfig extensionProviders.envoyOtelAls.logName
MeshConfig extensionProviders.lightstep.accessToken
MeshConfig extensionProviders.opencensus.maxTagLength
MeshConfig ingressClass
MeshConfig ca.tlsSettings.clientCertificate
MeshConfig caCertificates.trustDomains
MeshConfig extensionProviders.envoyOtelAls.logFormat.labels.fields
MeshConfig extensionProviders.stackdriver.maxNumberOfAnnotations
MeshConfig ingressSelector
MeshConfig caCertificates.certSigners
MeshConfig caCertificates.spiffeBundleUrl
MeshConfig configSources.tlsSettings.mode
MeshConfig configSources.tlsSettings.sni
MeshConfig configSources.tlsSettings.subjectAltNames
MeshConfig extensionProviders.lightstep.service
MeshConfig proxyHttpPort
MeshConfig ca.istiodSide
MeshConfig ca.tlsSettings.credentialName
MeshConfig extensionProviders.skywalking.port
MeshConfig extensionProviders.skywalking.service
MeshConfig extensionProviders.zipkin.enable64bitTraceId
MeshConfig localityLbSetting.distribute.to.key
MeshConfig ca.tlsSettings.mode
MeshConfig configSources.tlsSettings.clientCertificate
MeshConfig extensionProviders.zipkin.maxTagLength
MeshConfig extensionProviders.envoyHttpAls.additionalRequestHeadersToLog
MeshConfig extensionProviders.opentelemetry.maxTagLength

ProxyConfig

API Field
ProxyConfig envoyAccessLogService.tlsSettings.subjectAltNames
ProxyConfig envoyMetricsService.tlsSettings.caCertificates
ProxyConfig envoyMetricsService.tlsSettings.privateKey
ProxyConfig readinessProbe.httpGet.httpHeaders.value
ProxyConfig discoveryAddress
ProxyConfig envoyMetricsService.tcpKeepalive.time.nanos
ProxyConfig proxyMetadata.TRUST_DOMAIN
ProxyConfig envoyAccessLogService.tcpKeepalive.time.nanos
ProxyConfig envoyMetricsService.address
ProxyConfig proxyMetadata.XDS_ROOT_CA
ProxyConfig readinessProbe.tcpSocket.port
ProxyConfig statsdUdpAddress
ProxyConfig statusPort
ProxyConfig envoyAccessLogService.tcpKeepalive.interval.nanos
ProxyConfig envoyMetricsService.tlsSettings.sni
ProxyConfig readinessProbe.timeoutSeconds
ProxyConfig tracing.openCensusAgent.context
ProxyConfig tracing.tlsSettings.mode
ProxyConfig tracing.tlsSettings.subjectAltNames
ProxyConfig envoyAccessLogService.tcpKeepalive.probes
ProxyConfig envoyAccessLogService.tlsSettings.clientCertificate
ProxyConfig envoyMetricsService.tlsSettings.mode
ProxyConfig readinessProbe.httpGet.scheme
ProxyConfig tracing.tlsSettings.caCertificates
ProxyConfig envoyAccessLogService.tlsSettings.sni
ProxyConfig envoyMetricsService.tlsSettings.credentialName
ProxyConfig proxyMetadata.HTTP_PROXY
ProxyConfig readinessProbe.failureThreshold
ProxyConfig readinessProbe.httpGet.path
ProxyConfig tracing.tlsSettings.insecureSkipVerify
ProxyConfig customConfigFile
ProxyConfig envoyAccessLogService.tlsSettings.credentialName
ProxyConfig proxyMetadata.ISTIO_META_PROXY_XDS_VIA_AGENT
ProxyConfig proxyMetadata.XDS_HEADER_Cloud-Run-Enable-H2
ProxyConfig readinessProbe.exec.command
ProxyConfig readinessProbe.httpGet.httpHeaders.name
ProxyConfig readinessProbe.initialDelaySeconds
ProxyConfig tracing.lightstep.accessToken
ProxyConfig tracing.tlsSettings.privateKey
ProxyConfig configPath
ProxyConfig envoyAccessLogService.address
ProxyConfig envoyAccessLogService.tlsSettings.mode
ProxyConfig envoyAccessLogService.tlsSettings.privateKey
ProxyConfig envoyMetricsService.tcpKeepalive.interval.seconds
ProxyConfig proxyMetadata.PILOT_JWT_ENABLE_REMOTE_JWKS
ProxyConfig readinessProbe.successThreshold
ProxyConfig envoyAccessLogService.tlsSettings.caCertificates
ProxyConfig envoyMetricsService.tcpKeepalive.probes
ProxyConfig envoyMetricsService.tlsSettings.insecureSkipVerify
ProxyConfig privateKeyProvider.qat.pollDelay.nanos
ProxyConfig proxyMetadata.CA_ROOT_CA
ProxyConfig proxyMetadata.PROXY_CONFIG_XDS_AGENT
ProxyConfig readinessProbe.tcpSocket.host
ProxyConfig statNameLength
ProxyConfig tracing.tlsSettings.credentialName
ProxyConfig tracing.tlsSettings.sni
ProxyConfig envoyAccessLogService.tlsSettings.insecureSkipVerify
ProxyConfig envoyMetricsService.tlsSettings.clientCertificate
ProxyConfig envoyMetricsService.tlsSettings.subjectAltNames
ProxyConfig meshId
ProxyConfig proxyHeaders.server.value
ProxyConfig binaryPath
ProxyConfig envoyMetricsService.tcpKeepalive.interval.nanos
ProxyConfig privateKeyProvider.cryptomb.pollDelay.nanos
ProxyConfig proxyBootstrapTemplatePath
ProxyConfig tracing.lightstep.address
ProxyConfig tracing.tlsSettings.clientCertificate
ProxyConfig controlPlaneAuthPolicy
ProxyConfig envoyAccessLogService.tcpKeepalive.interval.seconds
ProxyConfig envoyMetricsService.tcpKeepalive.time.seconds
ProxyConfig readinessProbe.periodSeconds
ProxyConfig serviceCluster
ProxyConfig envoyAccessLogService.tcpKeepalive.time.seconds
ProxyConfig privateKeyProvider.qat.pollDelay.seconds
ProxyConfig proxyMetadata.HTTPS_PROXY
ProxyConfig proxyMetadata.ISTO_META_ENABLE_NATIVE_SIDECARS
ProxyConfig readinessProbe.httpGet.host
ProxyConfig privateKeyProvider.cryptomb.pollDelay.seconds
ProxyConfig proxyMetadata.XDS_AUTH_PROVIDER
ProxyConfig readinessProbe.httpGet.port

ServiceEntry

API Field
ServiceEntry endpoints.network
ServiceEntry endpoints.serviceAccount
ServiceEntry endpoints.weight

Sidecar

API Field
Sidecar inboundConnectionPool.tcp.maxConnections
Sidecar ingress.connectionPool.http.maxRetries
Sidecar ingress.tls.cipherSuites
Sidecar inboundConnectionPool.http.http2MaxRequests
Sidecar ingress.connectionPool.tcp.maxConnectionDuration
Sidecar ingress.tls.credentialName
Sidecar outboundTrafficPolicy.egressProxy.host
Sidecar inboundConnectionPool.tcp.tcpKeepalive.interval
Sidecar inboundConnectionPool.tcp.tcpKeepalive.time
Sidecar ingress.connectionPool.http.h2UpgradePolicy
Sidecar ingress.connectionPool.tcp.maxConnections
Sidecar ingress.tls.subjectAltNames
Sidecar ingress.tls.verifyCertificateHash
Sidecar outboundTrafficPolicy.egressProxy.subset
Sidecar ingress.connectionPool.tcp.tcpKeepalive.probes
Sidecar ingress.tls.maxProtocolVersion
Sidecar ingress.tls.privateKey
Sidecar egress.port.targetPort
Sidecar ingress.connectionPool.http.http1MaxPendingRequests
Sidecar ingress.connectionPool.http.useClientProtocol
Sidecar ingress.tls.serverCertificate
Sidecar inboundConnectionPool.http.maxRetries
Sidecar inboundConnectionPool.tcp.maxConnectionDuration
Sidecar ingress.connectionPool.tcp.tcpKeepalive.interval
Sidecar inboundConnectionPool.http.http1MaxPendingRequests
Sidecar ingress.tls.mode
Sidecar outboundTrafficPolicy.egressProxy.port.number
Sidecar inboundConnectionPool.tcp.connectTimeout
Sidecar ingress.connectionPool.http.idleTimeout
Sidecar ingress.connectionPool.http.maxRequestsPerConnection
Sidecar inboundConnectionPool.http.idleTimeout
Sidecar ingress.connectionPool.tcp.tcpKeepalive.time
Sidecar ingress.tls.minProtocolVersion
Sidecar inboundConnectionPool.http.h2UpgradePolicy
Sidecar inboundConnectionPool.http.useClientProtocol
Sidecar ingress.connectionPool.http.http2MaxRequests
Sidecar ingress.tls.httpsRedirect
Sidecar ingress.tls.verifyCertificateSpki
Sidecar inboundConnectionPool.http.maxRequestsPerConnection
Sidecar inboundConnectionPool.tcp.tcpKeepalive.probes
Sidecar ingress.port.targetPort
Sidecar ingress.connectionPool.tcp.connectTimeout
Sidecar ingress.tls.caCertificates

Telemetry

API Field
Telemetry metrics.reportingInterval
Telemetry metrics.overrides.match.customMetric
Telemetry accessLogging.match

VirtualService

API Field
VirtualService http.mirrors.percentage.value
VirtualService http.match.statPrefix
VirtualService http.corsPolicy.maxAge.nanos
VirtualService http.fault.abort.http2Error
VirtualService http.fault.delay.exponentialDelay

WasmPlugin

API Field
WasmPlugin ALL_UNSUPPORTED

WorkloadEntry

API Field
WorkloadEntry ALL_UNSUPPORTED

WorkloadGroup

API Field
WorkloadGroup ALL_UNSUPPORTED