ASM Cloud Native Delivery Experience
Prerequisite
● An ASM instance has been created, and the Istio version of the ASM instance is 1.9.7.93 or later. For details, see Creating an ASM Instance.
● An ACK cluster has been created. For details, see Creating a managed Kubernetes cluster.
● Add clusters to ASM instances. For details, see Adding a Cluster to an ASM Instance.
Step 1: Enable the data plane cluster KubeAPI to access Istio resources
Log in to the ASM console.
On the left navigation bar, select Service Mesh > Mesh Management.
On the grid management page, find the instance to be configured, click the name of the instance or click Manage in the Operation column.
On the grid information page, click Function Settings in the upper right corner.
In the Feature Settings Update panel, select Enable data plane cluster KubeAPI to access Istio resources, and click OK.
Step 2: Obtain asm-cr-aggregation configuration information
View the ASM instance ID.
a. Log in to the ASM console.
b. In the left navigation bar, select Service Mesh > Mesh Management.
c. On the grid management page, find the instance to be configured, click the name of the instance or click Manage in the Action column. View the ASM instance ID on the grid information page.
View the cluster region ID.
a. Log in to the Container Service management console.
b. Click Clusters in the left navigation pane of the console. View the region of the target cluster on the cluster page. For example, if your cluster region is China North 2 (Beijing), the cluster region ID is cn-beijing.
View AccessKey ID and AccessKey Secret. For details, see Obtaining an AccessKey.
Step 3: Install asm-cr-aggregation
Connect to the cluster through cloudshell
Download and unzip it to asm-cr-aggregation locally.
curl -O -L https://alibabacloudservicemesh.oss-cn-beijing.aliyuncs.com/asm-helmcharts/asm-cr-aggregation.tgz
tar xvf asm-cr-aggregation.tgz
Enter the asm-cr-aggregation folder, find the values.yaml file, add the ASM ID, cluster region ID, AccessKey ID, and AccessKey Secret to the values.yaml file, and modify the repository to registry-vpc.cn-shenzhen.aliyuncs.com /ali-workshop/asm-craggregation-apiservice, and save the values.yaml file.
Verify that asm-cr-aggregation is successfully installed.
a. Log in to the Container Service management console.
b. In the left navigation bar of the console, click Clusters.
c. On the cluster list page, click the name of the target cluster or click Details under the Action column to the right of the target cluster.
d. Select Application > Helm in the left navigation bar of the cluster management page. You can see asm-cr-aggregation on the Helm page, indicating that asm-cr-aggregation is installed successfully.
Step 4: Grant RAM user permissions
Before using the data plane cluster Kubernetes API to access Istio resources, your account needs to have the permission to access Istio resources on the data plane cluster and the custom resource permissions of ASM:
Grant RAM users read and write permissions to access Istio resources.
Log in to the Container Service management console with an Alibaba Cloud account.
Click Authorization Management on the left navigation bar of the console.
On the sub-account tab, click Manage Permissions on the right side of the target RAM user.
Click the "+" icon on the cluster RBAC configuration page, select the cluster and namespace to be granted, set the access permission to custom, select asm-istio-admin in the text box, and click Next.
Verify that the RAM user has read and write permissions to access Istio resources.
a. Execute the following command to check the virtual service.
kubectl get VirtualService
Expected output:
NAME CREATED AT
reviews-route 2021-11-15T07:09:10Z
b. Execute the following command to edit the virtual service.
kubectl edit VirtualService reviews-route
Expected output:
virtualservice.networking.istio.io/reviews-route edited
Step 5: Install KubeVela
Log in to the Container Service management console.
In the console's left navigation, select Marketplace > App Catalog.
Search for ack-kubevela on the application catalog page, and click ack-kubevela.
Modify the two images to point to the intranet warehouse in Shenzhen:
a. registry-vpc.cn-shenzhen.aliyuncs.com/ali-workshop/vela-core
b. registry-vpc.cn-shenzhen.aliyuncs.com/ali-workshop/kube-webhook-certgen
Select the cluster in the Create panel on the ack-kubevela details page, and click Create.
Step 6: Deploy the Kebuvla configuration file
Enter the asm_kubevela folder and execute the following commands to deploy Kebuvla configuration files one by one.
kubectl apply -f rollback-wf-def.yaml
kubectl apply -f canary-rollout-wf-def.yaml
kubectl apply -f traffic-trait-def.yaml
Step 7: Deploy applications and gateways
Enter the asm_kubevela folder and execute the following command to deploy the Bookinfo application. In the application.yaml file, configure the type in the traits field for the review service to be canary-traffic, indicating that the operation and maintenance feature of progressive traffic release is configured.
EOF
Deploy gateway rules and virtual services in the ASM console.
a. Log in to the ASM console.
b. In the left navigation bar, select Service Mesh > Mesh Management.
c. On the grid management page, find the instance to be configured, click the name of the instance or click Manage in the Action column.
d. Deploy the gateway rules.
ⅰ. In the left navigation bar of the grid details page, select Traffic Management > Gateway Rules, and click Create with YAML on the right page.
ⅱ. Set the namespace to default on the creation page, copy the following content into the text box, and click Create.
Enter the entry gateway address/productpage on port 80 in the browser address bar to access the Bookinfo application. Refresh the page multiple times, you can see red stars with a 10% probability, and black stars with a 90% probability.
Execute the following command to continue the workflow and upgrade all reviews services to v3.
Enter the entry gateway address/productpage on port 80 in the browser address bar to access the Bookinfo application. Refreshing the page several times, only red stars are displayed on the page. Indicates that all reviews services have been upgraded to version v3.
(Optional) Step 9: Roll back the application
If you find that a new version of your app is published that is not as expected, you can terminate the publish workflow and roll back the app to the previous version.
Execute the following command to roll back the application.
EOF
Set the type to canary-rollback in the rollback.yaml file, and the following operations will be performed automatically:
a. Update the targetRevisionName of the Rollout object to the old version, automatically roll back all released instances of the new version back to the old version, and keep the old version instances that have not been upgraded.
b. Update the route field of the VirtualService object to direct all traffic to the old version.
c. Update the subset field of the DestinationRule object to accommodate only the old version.
Enter the entry gateway address/productpage on port 80 in the browser address bar to access the Bookinfo application. Refreshing the page several times, only black stars appear on the page. Indicates that the reviews service is rolled back to version v2.
● An ASM instance has been created, and the Istio version of the ASM instance is 1.9.7.93 or later. For details, see Creating an ASM Instance.
● An ACK cluster has been created. For details, see Creating a managed Kubernetes cluster.
● Add clusters to ASM instances. For details, see Adding a Cluster to an ASM Instance.
Step 1: Enable the data plane cluster KubeAPI to access Istio resources
Log in to the ASM console.
On the left navigation bar, select Service Mesh > Mesh Management.
On the grid management page, find the instance to be configured, click the name of the instance or click Manage in the Operation column.
On the grid information page, click Function Settings in the upper right corner.
In the Feature Settings Update panel, select Enable data plane cluster KubeAPI to access Istio resources, and click OK.
Step 2: Obtain asm-cr-aggregation configuration information
View the ASM instance ID.
a. Log in to the ASM console.
b. In the left navigation bar, select Service Mesh > Mesh Management.
c. On the grid management page, find the instance to be configured, click the name of the instance or click Manage in the Action column. View the ASM instance ID on the grid information page.
View the cluster region ID.
a. Log in to the Container Service management console.
b. Click Clusters in the left navigation pane of the console. View the region of the target cluster on the cluster page. For example, if your cluster region is China North 2 (Beijing), the cluster region ID is cn-beijing.
View AccessKey ID and AccessKey Secret. For details, see Obtaining an AccessKey.
Step 3: Install asm-cr-aggregation
Connect to the cluster through cloudshell
Download and unzip it to asm-cr-aggregation locally.
curl -O -L https://alibabacloudservicemesh.oss-cn-beijing.aliyuncs.com/asm-helmcharts/asm-cr-aggregation.tgz
tar xvf asm-cr-aggregation.tgz
Enter the asm-cr-aggregation folder, find the values.yaml file, add the ASM ID, cluster region ID, AccessKey ID, and AccessKey Secret to the values.yaml file, and modify the repository to registry-vpc.cn-shenzhen.aliyuncs.com /ali-workshop/asm-craggregation-apiservice, and save the values.yaml file.
Verify that asm-cr-aggregation is successfully installed.
a. Log in to the Container Service management console.
b. In the left navigation bar of the console, click Clusters.
c. On the cluster list page, click the name of the target cluster or click Details under the Action column to the right of the target cluster.
d. Select Application > Helm in the left navigation bar of the cluster management page. You can see asm-cr-aggregation on the Helm page, indicating that asm-cr-aggregation is installed successfully.
Step 4: Grant RAM user permissions
Before using the data plane cluster Kubernetes API to access Istio resources, your account needs to have the permission to access Istio resources on the data plane cluster and the custom resource permissions of ASM:
Grant RAM users read and write permissions to access Istio resources.
Log in to the Container Service management console with an Alibaba Cloud account.
Click Authorization Management on the left navigation bar of the console.
On the sub-account tab, click Manage Permissions on the right side of the target RAM user.
Click the "+" icon on the cluster RBAC configuration page, select the cluster and namespace to be granted, set the access permission to custom, select asm-istio-admin in the text box, and click Next.
Verify that the RAM user has read and write permissions to access Istio resources.
a. Execute the following command to check the virtual service.
kubectl get VirtualService
Expected output:
NAME CREATED AT
reviews-route 2021-11-15T07:09:10Z
b. Execute the following command to edit the virtual service.
kubectl edit VirtualService reviews-route
Expected output:
virtualservice.networking.istio.io/reviews-route edited
Step 5: Install KubeVela
Log in to the Container Service management console.
In the console's left navigation, select Marketplace > App Catalog.
Search for ack-kubevela on the application catalog page, and click ack-kubevela.
Modify the two images to point to the intranet warehouse in Shenzhen:
a. registry-vpc.cn-shenzhen.aliyuncs.com/ali-workshop/vela-core
b. registry-vpc.cn-shenzhen.aliyuncs.com/ali-workshop/kube-webhook-certgen
Select the cluster in the Create panel on the ack-kubevela details page, and click Create.
Step 6: Deploy the Kebuvla configuration file
Enter the asm_kubevela folder and execute the following commands to deploy Kebuvla configuration files one by one.
kubectl apply -f rollback-wf-def.yaml
kubectl apply -f canary-rollout-wf-def.yaml
kubectl apply -f traffic-trait-def.yaml
Step 7: Deploy applications and gateways
Enter the asm_kubevela folder and execute the following command to deploy the Bookinfo application. In the application.yaml file, configure the type in the traits field for the review service to be canary-traffic, indicating that the operation and maintenance feature of progressive traffic release is configured.
EOF
Deploy gateway rules and virtual services in the ASM console.
a. Log in to the ASM console.
b. In the left navigation bar, select Service Mesh > Mesh Management.
c. On the grid management page, find the instance to be configured, click the name of the instance or click Manage in the Action column.
d. Deploy the gateway rules.
ⅰ. In the left navigation bar of the grid details page, select Traffic Management > Gateway Rules, and click Create with YAML on the right page.
ⅱ. Set the namespace to default on the creation page, copy the following content into the text box, and click Create.
Enter the entry gateway address/productpage on port 80 in the browser address bar to access the Bookinfo application. Refresh the page multiple times, you can see red stars with a 10% probability, and black stars with a 90% probability.
Execute the following command to continue the workflow and upgrade all reviews services to v3.
Enter the entry gateway address/productpage on port 80 in the browser address bar to access the Bookinfo application. Refreshing the page several times, only red stars are displayed on the page. Indicates that all reviews services have been upgraded to version v3.
(Optional) Step 9: Roll back the application
If you find that a new version of your app is published that is not as expected, you can terminate the publish workflow and roll back the app to the previous version.
Execute the following command to roll back the application.
EOF
Set the type to canary-rollback in the rollback.yaml file, and the following operations will be performed automatically:
a. Update the targetRevisionName of the Rollout object to the old version, automatically roll back all released instances of the new version back to the old version, and keep the old version instances that have not been upgraded.
b. Update the route field of the VirtualService object to direct all traffic to the old version.
c. Update the subset field of the DestinationRule object to accommodate only the old version.
Enter the entry gateway address/productpage on port 80 in the browser address bar to access the Bookinfo application. Refreshing the page several times, only black stars appear on the page. Indicates that the reviews service is rolled back to version v2.
Related Articles
-
A detailed explanation of Hadoop core architecture HDFS
Knowledge Base Team
-
What Does IOT Mean
Knowledge Base Team
-
6 Optional Technologies for Data Storage
Knowledge Base Team
-
What Is Blockchain Technology
Knowledge Base Team
Explore More Special Offers
-
Short Message Service(SMS) & Mail Service
50,000 email package starts as low as USD 1.99, 120 short messages start at only USD 1.00
