Alibaba Cloud Service Mesh:Create an ASM instance

Prerequisites

Before you begin, make sure that you have:

• Service Mesh (ASM) activated

• Auto Scaling (ESS) activated

• Resource Access Management (RAM) activated

• The following RAM roles granted: AliyunServiceMeshDefaultRole, AliyunCSClusterRole, and AliyunCSManagedKubernetesRole. See Grant permissions to RAM users and RAM roles

Create an ASM instance in the console

1. Log on to the ASM console.

2. In the left-side navigation pane, choose Service Mesh > Mesh Management.

3. On the Mesh Management page, click Create Mesh.

4. Configure the basic settings.

   Parameter	Description
   Mesh Name	Name for the ASM instance.
   Instance Type	Enterprise Edition or Ultimate Edition. For a feature comparison, see What is ASM?.
   Region	Region where the ASM instance is deployed.
   Istio Version	One of the two latest major Istio versions, such as 1.22.\* or 1.23.\*. See Version mechanism. To request an earlier version, submit a ticket.

5. Configure the networking settings.

   Parameter	Description
   Kubernetes Cluster	Adding a Kubernetes cluster auto-populates the VPC, VSwitch, and Cluster Domain fields. See Create an ACK managed cluster.
   VPC	VPC for the ASM instance. To create one, see Create and manage a VPC.
   VSwitch	vSwitch for the ASM instance. To create one, see Create and manage a vSwitch.
   Istio Control Plane Access	CLB instance used to access the Istio control plane.
   API Server Access	CLB instance used to access the API Server. Select Expose the API Server using an EIP to control internet access: Expose: An EIP is created and attached to the internal-facing CLB instance. Connect from the internet through a kubeconfig file. Do not expose: No EIP is created. Connect only from within the VPC through a kubeconfig file.
   Cluster Domain	Cluster domain for the ASM instance. Default: cluster.local. All Kubernetes clusters added to the mesh must share the same cluster domain. Note Custom cluster domains require ASM version 1.6.4.5 or later.
   Data Plane Mode	Select Enable the ambient mesh mode to use the ambient mesh architecture. Ambient mesh supports both sidecar and sidecarless data plane modes, independently or together. See Ambient mode.

6. (Optional) Configure observability, audit, and resource settings. These settings control monitoring, logging, and auditing. All are optional.

   Observability

   Option	Description
   Enable Tracing Analysis	Integrates with Alibaba Cloud Tracing Analysis for distributed trace restoration, request statistics, and topology analysis. Activate Tracing Analysis before enabling. See Use Tracing Analysis for integrated tracing.
   Enable Prometheus Monitoring	Collects mesh metrics through Prometheus. See Integrate with Prometheus Service or Integrate a self-managed Prometheus system.
   Enable ASM Mesh Topology to improve mesh observability	Displays a visual topology of services and configurations. Requires ASM version 1.7.5.25 or later. See Enable mesh topology.
   Collect access logs to Simple Log Service	Sends ingress gateway access logs to Simple Log Service. See Generate and collect access logs of an ASM gateway and Collect access logs of data plane clusters.
   Enable control plane log collection	Collects control plane logs, including configuration push events from the ASM control plane to data plane sidecars. Supports log-based alerting. See Enable control plane log collection (old version) or Enable control plane log collection (new version).

   Mesh audit

   Option	Description
   Enable mesh audit	Records and traces daily operations by different users for security auditing. See Use KubeAPI operation audit.

   Resource configuration

   Option	Description
   Enable historical versions for Istio resources	Records up to five recent versions when the spec field of an Istio resource changes. See Roll back an Istio resource to a historical version.
   Enable access to Istio resources from data plane clusters using KubeAPI	Allows creating, retrieving, updating, and deleting Istio resources through the Kubernetes API (KubeAPI) of data plane clusters. See Access Istio resources using the KubeAPI of a data plane cluster.

7. Activate billing (first-time only). If this is your first commercial ASM instance:

   1. In the Dependency Check row, the Status column shows Not Passed.

   2. In the Description column for Dependency Check, click Activate Now.

   3. Select the Service Mesh (Pay-As-You-Go) Terms Of Service check box and click Activate Now.

   4. Return to the Create Service Mesh page and click Recheck for ASM Service Activation Check. The Status column now shows Passed.

8. Read the Terms Of Service and click Create Service Mesh.

Verify the instance

After creation completes, the new instance appears in the instance list on the Mesh Management page.

1. On the Mesh Management page, click Manage for the instance.

2. On the Basic Information page, verify the instance details (region, edition, Istio version, and VPC).

ASM creates five namespaces by default: istio-system, kube-node-lease, kube-public, kube-system, and default. The console displays only istio-system and default. Use kubectl to query and manage the remaining namespaces.

Resources created during provisioning

ASM automatically provisions the following resources based on your configuration:

Manage the instance

The following operations are available from the Actions column on the Mesh Management page:

Operation	Steps
View instance details	Click Manage. On the Basic Information page, review the instance configuration.
Modify instance settings	Click Manage. In the upper-right corner of the Basic Information page, click Feature Settings. In the Feature Settings Update panel, modify the settings and click OK.
Change the instance type	Click Change Instance Type. See Change the instance type of an ASM instance.
View logs	Click Logs. See Log analysis.
Delete the instance	Click the more icon () > Delete. In the Delete Mesh dialog box, read the deletion notes, select the resources to retain, and click OK.