All Products
Search

This Product

    Container Service for Kubernetes:Manage applications in a registered Kubernetes cluster by using ASM

    Document Center

    Container Service for Kubernetes:Manage applications in a registered Kubernetes cluster by using ASM

    Last Updated:Mar 26, 2026

    Connect a Kubernetes cluster running in a data center or on a third-party cloud to Alibaba Cloud as a registered cluster, then use Service Mesh (ASM) to manage its applications end to end.

    At a high level, you will:

    1. Create an ASM instance

    2. Add the registered cluster to the ASM instance

    3. Create an ingress gateway

    4. Deploy applications

    5. Define Istio resources

    Prerequisites

    Before you begin, make sure that:

    • ASM is activated. To activate ASM, go to the ASM console. For more information, see What is ASM? and Billing rules.

    • An external cluster is connected to a registered Kubernetes cluster. For more information, see Create a registered cluster in the ACK console.

    • The data-plane network of the registered cluster can communicate with the virtual private cloud (VPC) in which your ASM instance resides, and the bandwidth meets your requirements. This connectivity allows ASM to synchronize configurations to sidecar proxies in real time. After the ASM instance is created, go to the Instances Status page in the ASM console and confirm that the synchronization state of all configurations is Configuration synchronized.

    Create an ASM instance

    1. Log on to the ASM console. In the left-side navigation pane, choose Service Mesh > Mesh Management.

    2. On the Mesh Management page, click Create ASM Instance and configure the parameters. The following table describes the key configuration items. For the full list, see Create an ASM instance. API Server access determines how you connect to the ASM control plane. An ASM instance runs on Kubernetes runtime, and you can use the API server to define a variety of mesh resources, such as virtual services, destination rules, and Istio gateways.

      • Selected: An elastic IP address (EIP) is created and associated with an internal-facing Classic Load Balancer (CLB) instance. Port 6443 of the API server is exposed, letting you use a kubeconfig file to manage the cluster and define mesh resources over the internet.

      • Cleared: No EIP is created. You can use a kubeconfig file to manage the cluster and define mesh resources only from within the VPC.

      Note

      To expose Istio Pilot through a public endpoint, submit a ticket.

      Configuration itemDescription
      RegionSelect the region where the registered Kubernetes cluster resides, or the nearest region.
      VPCSelect the VPC where the registered Kubernetes cluster resides.
      vSwitchSelect a vSwitch. If no vSwitch meets your requirements, click Create vSwitch to create one. For more information, see Create and manage a vSwitch.
      API Server accessSelect or clear Use EIP to expose API Server based on how you plan to access the cluster.

    3. Read and agree to the Service Agreement, then click Create Service Mesh. It takes 2 to 3 minutes to create the instance.

    Add the registered cluster to the ASM instance

    Add the registered Kubernetes cluster to the ASM instance so that ASM can manage workloads running in that cluster. For more information, see Add a cluster to an ASM instance.

    Create an ingress gateway

    Create an ingress gateway in the registered Kubernetes cluster to handle inbound traffic. For more information, see Create an ingress gateway.

    Configure the following key items:

    Configuration itemDescription
    ClusterSelect the registered Kubernetes cluster where you want to deploy the ingress gateway.
    CLB Instance TypeSelect Internet Access or Private Access based on your requirements. Different registered clusters may support different CLB types. If the registered cluster does not support CLB instances, select Internet Access, then edit the YAML of the ingress gateway to set the service type to NodePort or ClusterIP.
    Create a CLB InstanceSelect Create a CLB Instance. This is the only available option.
    Port MappingThe container port defaults to the same value as the service port in the ASM console. If you use a YAML file to create the gateway, keep the container port consistent with the service port.

    Deploy applications

    Deploy your applications in the registered Kubernetes cluster using either of the following methods:

    • Run commands on the kubectl client.

    • Use the ACK console.

    For more information, see Deploy an application in an ASM instance.

    Define Istio resources

    Configure virtual services, destination rules, and Istio gateways to control traffic routing across your application versions. For more information, see Use Istio resources to route traffic to different versions of a service.