Container Service provides various serverless containers based on virtual nodes and Elastic Container Instance (ECI). For example, Serverless Kubernetes (ASK) clusters enable seamless integration of Kubernetes and ECI. This topic describes how to use Alibaba Cloud Service Mesh (ASM) to manage applications in ECI pods that run in ASK clusters.

Prerequisites

  • An ASK cluster is created. For more information, see Create an ASK cluster.
    Note To use the service discovery feature, you must set the service discovery mode to PrivateZone or CoreDNS when you create an ASK cluster.
  • The ASK cluster is added to your ASM instance. For more information, see Add a cluster to an ASM instance.

Enable automatic sidecar injection

After you enable automatic sidecar injection for a namespace in the ASM console, an Envoy proxy is automatically injected as a sidecar into each pod that is created in the namespace. These Envoy proxies comprise the data plane of the ASM instance.

  1. Log on to the ASM console.
  2. In the left-side navigation pane, choose Service Mesh > Mesh Management.
  3. On the Mesh Management page, find the ASM instance that you want to configure. Click the name of the ASM instance or click Manage in the Actions column of the ASM instance.
  4. On the details page of the ASM instance, click Namespaces in the left-side navigation pane.
  5. On the Namespaces page, find the namespace for which you want to enable automatic sidecar injection and click Enable Automatic Sidecar Injection in the Automatic Sidecar Injection column.
  6. In the Submit message, click OK.

Create an application that runs in an ECI pod

All pods that run in ASK clusters are ECI pods. You do not need to label these pods.
Note After an application is created and run in an ECI pod, ASM can manage the application on the data plane by using sidecars.
  1. Run the following command to create an NGINX application:
    kubectl run nginx -n default --image nginx
  2. Run the following command to view the information about the pods that run on virtual nodes:
    kubectl get pod -n default -o wide|grep virtual-kubelet

FAQ

Why am I unable to enable service discovery for an ASK cluster?

If the logs of containers where sidecars are injected indicate that the istiod.istio-system service is resolved to an invalid IP address, the PrivateZone service of Alibaba Cloud DNS (DNS) is not activated. You can submit a ticket to enable the PrivateZone service or you can install CoreDNS.