All Products
Search
Document Center

Alibaba Cloud Service Mesh:Manage applications deployed in pods that run on elastic container instances in ACK Serverless clusters

Last Updated:Sep 28, 2023

Alibaba Cloud Container Service for Kubernetes (ACK) provides various serverless containers based on virtual nodes and elastic container instances. For example, ACK Serverless clusters enable seamless integration of Kubernetes and Elastic Container Instance (ECI). This topic describes how to use Service Mesh (ASM) to manage applications deployed in pods that run on elastic container instances in ACK Serverless clusters.

Prerequisites

  • An ACK Serverless cluster is created. For more information, see ACK Serverless quick start.

    Note

    To use the service discovery feature, you must set the service discovery mode to PrivateZone or CoreDNS when you create an ACK Serverless cluster.

  • The ACK Serverless cluster is added to your ASM instance. For more information, see Add a cluster to an ASM instance.

Enable automatic sidecar proxy injection

After you enable automatic sidecar proxy injection for a namespace in the ASM console, an Envoy proxy is automatically injected as a sidecar into each pod that is created in the namespace. These Envoy proxies comprise the data plane of the ASM instance. In this example, automatic sidecar proxy injection is enabled for the default namespace. For more information, see Manage global namespaces.

Create an application that runs in an Elastic Container Instance-based pod

All pods in ACK Serverless clusters are deployed on elastic container instances. You do not need to use labels to specify that the application is deployed in an Elastic Container Instance-based pod.

Note

After an application is deployed in a pod that runs on an elastic container instance, ASM can manage the application in the data plane by using sidecars.

  1. Run the following command to deploy the NGINX application:

    kubectl run nginx -n default --image nginx
  2. Run the following command to view the pods on the virtual node:

    kubectl get pod -n default -o wide|grep virtual-kubelet

FAQ

Why am I unable to enable service discovery for an ACK Serverless cluster?

If the logs of containers where sidecars are injected indicate that the istiod.istio-system service is resolved to an invalid IP address, the Alibaba Cloud DNS PrivateZone service is not activated. You can activate the Alibaba Cloud DNS PrivateZone service or install CoreDNS on the Add-ons page in the ACK console. For more information about how to manage system components on the Add-ons page, see Manage components.