These release notes contain information about the data plane of VMware Tanzu® Service Mesh™ including the required Kubernetes version, the versions of the data plane components, new features, and fixes.

Important: On September 11, 2024, cloud services from VMware Tanzu transitioned away from VMware Cloud Services Console to the new Tanzu Platform cloud services console. You now access VMware Tanzu cloud services from https://console.tanzu.broadcom.com, using your existing credentials. See KB 374361 for information about the required actions to take, including updating Kubernetes collector configurations. See also Using VMware Tanzu Platform cloud services console.

How to Upgrade

You can upgrade to the most recent version of data plane from the Software Upgrades page in the Tanzu Service Mesh Console. To access the Software Upgrades page, in the navigation pane on the left, click Admin > Software Upgrades.

Warning:
The following data plane versions are being deprecated from Tanzu Service Mesh version 3.2.2 and will no longer be supported starting from an upcoming release of Tanzu Service Mesh:
  • Data plane version 5.0.5 and earlier versions for Tanzu Service Mesh Advanced

  • Data plane version 5.1.3 and earlier versions for Tanzu Service Enterprise

Tanzu Service Mesh Advanced supports all data plane versions later than 5.0.5, and Tanzu Service Enterprise supports all data plane versions later than 5.1.3.

Tanzu Service Mesh 22.2.0

Released August, 2024

This release supports Istio version 1.22.2. See the following Data Plane Components table for supported components.

Table 1. Data Plane Components

Component

Version

Istio

1.22.2

Telegraf

1.18.3

Metrics proxy

3.4.1

Cert Manager

1.11.1

This release requires the Kubernetes versions listed in the following table.

Table 2. Required Kubernetes Versions

Minimum Kubernetes version

Maximum Kubernetes version

1.27

1.30

Tanzu Service Mesh 21.4.0

Released June, 2024

This release supports Istio version 1.21.4. See the following Data Plane Components table for supported components.

Table 3. Data Plane Components

Component

Version

Istio

1.21.4

Telegraf

1.18.3

Metrics proxy

3.4.1

Cert Manager

1.11.1

This release requires the Kubernetes versions listed in the following table.

Table 4. Required Kubernetes Versions

Minimum Kubernetes version

Maximum Kubernetes version

1.26

1.29

Tanzu Service Mesh 20.6.0

Released June, 2024

This release supports Istio version 1.20.6. See the following Data Plane Components table for supported components.

Table 5. Data Plane Components

Component

Version

Istio

1.20.6

Telegraf

1.18.3

Metrics proxy

3.4.1

Cert Manager

1.11.1

This release requires the Kubernetes versions listed in the following table.

Table 6. Required Kubernetes Versions

Minimum Kubernetes version

Maximum Kubernetes version

1.25

1.29

Tanzu Service Mesh 19.10.0

Released June, 2024

This release supports Istio version 1.19.1. See the following Data Plane Components table for supported components.

Table 7. Data Plane Components

Component

Version

Istio

1.19.1

Telegraf

1.18.3

Metrics proxy

3.4.1

Cert Manager

1.11.1

This release requires the Kubernetes versions listed in the following table.

Table 8. Required Kubernetes Versions

Minimum Kubernetes version

Maximum Kubernetes version

1.25

1.28

Tanzu Service Mesh 18.5.1

Released February 5, 2024

This release continues to support Istio version 1.18.5 with an update in Pod Disruption Budget (PDB) configuration.

Release 18.5.1 retains the versions of the other data plane components from the previous release, 18.5.0. See the Data Plane Components table below.

Table 9. Data Plane Components

Component

Version

Istio

1.18.5

Telegraf

1.18.3

Metrics proxy

3.4.1

Cert Manager

1.11.1

This release continues to support same Kubernetes versions from the previous release, 18.5.0. See the Required Kubernetes Versions table below.

Table 10. Required Kubernetes Versions

Minimum Kubernetes version

Maximum Kubernetes version

1.24

1.27

Tanzu Service Mesh 18.5.0

Released November 3, 2023

This release features support of a new version of Istio—version 1.18.5. For details of the changes contained in Istio 1.18.5, see the Istio 1.18.5 release notes.

Release 18.5.0 retains the versions of the other data plane components from the previous release, 17.3.0. See the Data Plane Components table below.

This release also contains changes to the supported Kubernetes versions. See the Required Kubernetes Versions table below.
Table 11. Data Plane Components

Component

Version

Istio

1.18.5

Telegraf

1.18.3

Metrics proxy

3.4.1

Cert Manager

1.11.1

Notice the Kubernetes version requirement for this release.
Table 12. Required Kubernetes Versions

Minimum Kubernetes version

Maximum Kubernetes version

1.24

1.27

Tanzu Service Mesh 17.3.0

Released August 1, 2023

This release features support of a new version of Istio—version 1.17.3. For details of the changes contained in Istio 1.17.3, see the Istio 1.17.3 release notes.

Release 17.3.0 retains the versions of the other data plane components from the previous release, 16.4.0. See the Data Plane Components table below.

This release also contains changes to the supported Kubernetes versions. See the Required Kubernetes Versions table below.

Table 13. Data Plane Components

Component

Version

Istio

1.17.3

Telegraf

1.18.3

Metrics proxy

3.4.1

Cert Manager

1.11.1

Notice the Kubernetes version requirement for this release.

Table 14. Required Kubernetes Versions

Minimum Kubernetes version

Maximum Kubernetes version

1.23

1.26

Tanzu Service Mesh 16.4.0

Released June 21, 2023

This release features support of a new version of Istio—version 1.16.4. For details of the fixes contained in Istio 1.16.4, see the Istio 1.16.4 release notes.

Starting from release 16.4.0, the release notes include the version of Cert Manager. This component is used to integrate with external certificate-issuing services, such as Venafi and Vault, and simplifies the process of obtaining, renewing, and using those certificates from those external certificate issuers.

Release 16.4.0 retains the versions of Telegraph and Metrics proxy from the previous release, 12.7.2. See the Data Plane Components table below.

Table 15. Data Plane Components

Component

Version

Istio

1.16.4

Telegraf

1.18.3

Metrics proxy

3.4.1

Cert Manager

1.11.1

Tanzu Service Mesh 12.7.2

Released April 21, 2023

Release 12.7.2 brings an increase of the supported number of pods per tenant.

Release 12.7.2 retains the versions of the data plane components from the previous release, 12.7.1.

Table 16. Data Plane Components

Component

Version

Istio

1.12.7

Telegraf

1.18.3

Metrics proxy

3.4.1

Notice the Kubernetes version requirement for this release.
Table 17. Required Kubernetes Versions

Minimum Kubernetes version

Maximum Kubernetes version

1.19.0

1.22

Tanzu Service Mesh 12.7.1

Released March 3, 2023

Release 12.7.1 contains a vulnerability fix to metrics-proxy.

The Data Plane Components table lists the versions of the Tanzu Service Mesh 12.7.1 data plane components. This release retains Telegraf version 1.18.3.

Table 18. Data Plane Components

Component

Version

Istio

1.12.7

Telegraf

1.18.3

Metrics proxy

3.4.1

Notice the Kubernetes version requirement for this release.
Table 19. Required Kubernetes versions

Minimum Kubernetes version

Maximum Kubernetes version

1.19.0

1.22

Tanzu Service Mesh 5.0.8

Released July 9, 2022

Support of the External Certificate Authority feature was added with release 5.0.8. For more information about the External Certificate Authority feature, see the Tanzu Service Mesh product documentation.

The Data Plane Components table lists the versions of the Tanzu Service Mesh 5.0.8 data plane components. This release retains Telegraf version 1.18.3.

Table 20. Data Plane Components

Component

Version

Istio

1.12.2

Telegraf

1.18.3

Metrics proxy

3.4.0

Notice the Kubernetes version requirement for this release.
Table 21. Required Kubernetes versions

Minimum Kubernetes version

Maximum Kubernetes version

1.19.0

1.22

Tanzu Service Mesh 5.0.7

Released July 5, 2022

Release 5.0.7 includes support for external services as well as wildcards; external services (for example, third-party database services) located outside the VMware Tanzu Service Mesh are made accessible by services inside the Mesh's global namespace. External services can run on virtual machines, external Kubernetes clusters, Tanzu Application Service (TAS) environments, lambda functions or even on bare metal, and can be accessed over TCP, TLS, HTTP, or HTTPS. When connecting to the external service using an HTTPS or TLS protocol, a TLS certificate can be added if desired. Users can define multiple external endpoints for a single external service, and they can load balance them (round-robin scheme by default); they can also edit existing external services to add additional endpoints.

Each external server has a subdomain through which we can access the external service. Tanzu Service Mesh offers the ability to match subdomains of external service hostnames using wildcards; it is possible for services inside Tanzu Service Mesh global namespace to connect to external servers whose hostnames are in wildcard format (for example, *.google.com, *.wikipedia.com). With wildcard capabilities, you can select exactly which servers to connect to from a list of wildcard servers.

Users can view details about external services, including their configuration and performance metrics, which are useful for monitoring their performance. External service configuration can also be edited. Future releases will include support for traffic management and access control policies for external services.

Release 5.0.7 retains Istio 1.12.2. Istio 1.12.2 contains security updates and Telemetry customization. For the details contained in Istio 1.12.2, see the Istio 1.12 release notes and Istio 1.12.2 release notes.

Tanzu Service Mesh 5.0.7 components are outlined in the Data Plane Components table. This release retains the metrics proxy version 3.2.0 and Telegraf version 1.18.3.

Known issues include wildcards with external services that require a live www server in the list of external servers, and the service port and gateway port should not be the same for multiple endpoint configurations.

Table 22. Data Plane Components

Component

Version

Istio

1.12.2

Telegraf

1.18.3

Metrics proxy

3.2.0

Notice the Kubernetes version requirement for this release.
Table 23. Required Kubernetes versions

Minimum Kubernetes version

Maximum Kubernetes version

1.19.0

1.22

Tanzu Service Mesh 5.0.4 (Upgraded to 5.0.6)

Released March 29, 2022

Release 5.0.6 includes use of the public ECR registry as well as support for custom registries; custom registries are any registry under the user's control, such as private or local enterprise registries. In the event the custom registry requires authentication, users are required to create a secret in all namespaces requiring authentication to the custom registry in order to pull images; this includes vmware-tsm-system, istio-system, kube-system, and any new namespaces that will require pulling sidecar images. If credentials are required for a custom docker registry, the SECRET authentication type must be used.

When onboarding a new cluster with a custom registry definition, the Tanzu Service Mesh images (Istio and TSM agents) will be downloaded from that registry. At the current time, changes to the registry definition on already onboarded clusters aren't supported. Deleting a registry definition that has been used for onboarding clusters will result in a failed restart for certain pods; this is because the registry definition is no longer valid, and Tanzu Service Mesh does not support updating that definition at the moment. In case of deleting the registry definition, the affected clusters that were onboarded with it must be re-onboarded. A warning about this implication will show up when one tries to delete the definition. Future releases will include support for updating a registry definition.

Release 5.0.6 brings in Istio 1.12.2. Istio 1.12.2 contains security updates and Telemetry customization. Istio Telemetry is retained, but will be deprecated in future releases. For the details contained in Istio 1.12.2, see the Istio 1.12 release notes and Istio 1.12.2 release notes.

Tanzu Service Mesh 5.0.6 components are outlined in the Data Plane Components table. Metrics proxy has been updated to 3.2.0, and Istio has been updated to 1.12.2 with this release. The version has been patched with fixes for the Envoy OAuth filter.

A known issue is that Kubernetes CoreDNS ConfigMap customization would be lost after the upgrade of the TSM data plane. Read this article to find out more.

Important:

Kindly upgrade Tanzu Service Mesh data plane version 5.0.4 to 5.0.6. The upgraded version (5.0.6) contains fixes for Envoy OAuth vulnerability which became public on June 9, 2022. For more information, see CVE-2022-29226 Detail.

Table 24. Data Plane Components

Component

Version

Istio

1.12.2

Telegraf

1.18.3

Metrics proxy

3.2.0