All Products
Search

This Product

    Alibaba Cloud Service Mesh:Manage applications in a registered Kubernetes cluster by using ASM

    Document Center

    Alibaba Cloud Service Mesh:Manage applications in a registered Kubernetes cluster by using ASM

    Last Updated:Sep 15, 2023

    You can connect a Kubernetes cluster that is deployed in a data center or on a third-party cloud to a registered Kubernetes cluster and manage applications in the registered Kubernetes cluster by using Service Mesh (ASM). This topic describes how to manage applications in a registered Kubernetes cluster by using ASM.

    Prerequisites

    • ASM is activated. To activate ASM, go to the ASM console. For more information, see What is ASM? and Billing rules.

    • An external cluster is connected to a registered Kubernetes cluster. For more information, see Create a registered cluster in the ACK console.

    • The network used by the registered Kubernetes cluster on the data plane can communicate with the virtual private cloud (VPC) in which your ASM instance resides. The bandwidth meets the requirements. This way, the configurations of the cluster in which your ASM instance resides can be synchronized to the sidecar proxies in real time.

      After the AMS instance is created, you can go to the Instances Status page in the ASM console to make sure that the synchronization state of all configurations is Configuration synchronized.

    Procedure

    1. Create an ASM instance.

      1. Log on to the ASM console. In the left-side navigation pane, choose Service Mesh > Mesh Management.

      2. On the Mesh Management page, click Create ASM Instance, configure parameters as required, read and agree to Service Agreement, and then click Create Service Mesh.

        The following table lists the main configuration items. For more information about the configuration items, see Create an ASM instance.

        Configuration item

        Description

        Region

        Select the region in which the registered Kubernetes cluster resides or a region that is nearest to the registered Kubernetes cluster.

        VPC

        Select the VPC in which the registered Kubernetes cluster resides from the drop-down list.

        vSwitch

        Select a vSwitch from the drop-down list. If no vSwitches meet your requirements, click Create vSwitch to create one. For more information, see Create and manage a vSwitch.

        API Server access

        Select or clear Use EIP to expose API Server. An ASM instance runs on Kubernetes runtime. You can use the API server to define a variety of mesh resources, such as virtual services, destination rules, and Istio gateways.

        • If you select Use EIP to expose API Server, an elastic IP address (EIP) is created and associated with an internal-facing CLB instance. Port 6443 of the API server is exposed. You can use the kubeconfig file of a cluster to connect to and manage the cluster over the Internet to define mesh resources.

        • If you clear Use EIP to expose API Server, no EIP is created. You can use the kubeconfig file of a cluster to connect to and manage the cluster to define mesh resources only over the VPC in which the cluster resides.

        Note

        • To use a public endpoint to expose Istio Pilot, submit a ticket.

        • It takes 2 to 3 minutes to create an ASM instance.

    2. Add the registered Kubernetes cluster to the ASM instance. For more information, see Add a cluster to an ASM instance.

    3. Create an ingress gateway. For more information, see Create an ingress gateway.

      The following table lists the main configuration items.

      Configuration item

      Description

      Cluster

      Select the registered Kubernetes cluster in which you want to deploy an ingress gateway from the drop-down list.

      CLB Instance Type

      Different registered Kubernetes clusters may support different types of classic load balancers (CLBs). Select Internet Access or Private Access based on your business requirements. If the registered Kubernetes cluster does not support CLB instances, select Internet Access as CLB Instance Type. After the ingress gateway is created, edit the YAML file of the ingress gateway to specify the service type, such as Nodeport or ClusterIP.

      Create a CLB Instance

      You can select only Create a CLB Instance.

      Port Mapping

      The default container port in the ASM console is the same as the service port. If you use a YAML file to create an ingress gateway, we recommend that you keep the container port consistent with the service port.

    4. Deploy applications in the registered Kubernetes cluster. For more information, see Deploy an application in an ASM instance.

      Deploy applications in the registered Kubernetes cluster by either running commands on the kubectl client or using the ACK console.

    5. Define Istio resources. For more information, see Use Istio resources to route traffic to different versions of a service.