This topic describes the workaround for using Tanzu Service Mesh with Cloud Native Runtimes for Tanzu. You cannot install Cloud Native Runtimes on a cluster that has Tanzu Service Mesh attached. If you want to install Cloud Native Runtimes on a cluster where Tanzu Service Mesh is attached, follow the procedure below.
This workaround describes how Tanzu Service Mesh can be configured to ignore the Cloud Native Runtimes namespaces. This allows Contour to provide ingress routing for the Knative workloads, while Tanzu Service Mesh continues to satisfy other connectivity concerns.
Note: Cloud Native Runtimes workloads are unable to use Tanzu Service Mesh features like Global Namespace, Mutual Transport Layer Security authentication (mTLS), retries, and timeouts.
For information about Tanzu Service Mesh, see Tanzu Service Mesh Documentation.
This procedure assumes you have a cluster attached to Tanzu Service Mesh, and that you have not yet installed Cloud Native Runtimes.
Note: If you installed Cloud Native Runtimes on a cluster that has Tanzu Service Mesh attached before doing the procedure below, pods fail to start. To fix this problem, follow the procedure below and then delete all pods in the excluded namespaces.
Configure Tanzu Service Mesh to ignore namespaces related to Cloud Native Runtimes:
After configuring Tanzu Service Mesh, install Cloud Native Runtimes and verify your installation:
Note: You must create all Knative workloads in the namespace or namespaces where you plan to run these Knative workloads. If you do not, your pods fail to start.