All Products
Search

This Product

    Container Service for Kubernetes:Use an ASM gateway in Knative

    Document Center

    Container Service for Kubernetes:Use an ASM gateway in Knative

    Last Updated:Mar 26, 2026

    Alibaba Cloud Service Mesh (ASM) integrates with Knative as an Istio-compatible ingress gateway, giving you traffic routing and splitting, mutual TLS (mTLS)-based inter-service authentication, and built-in observability — all with control plane components managed by Container Service for Kubernetes (ACK).

    When to use ASM as the Knative gateway: ASM is the right choice if you are running, or planning to run, Istio as your service mesh framework and want unified traffic management across Knative and non-Knative workloads. If you only need basic HTTP routing for Knative services and have no existing Istio investment, the default Knative gateway (Kourier) has lower resource overhead.

    Prerequisites

    Before you begin, ensure that you have:

    • An ASM instance of version 1.21.6.84 or later. See Create an ASM instance.

    • The ACK managed cluster or ACK Serverless cluster added to the ASM instance in the Kubernetes Cluster area.

    • Allow data plane cluster KubeAPI to access Istio CR enabled on the ASM instance.

    Step 1: Select ASM as the Knative gateway

    1. Log on to the ACK console. In the left-side navigation pane, click Clusters.

    2. On the Clusters page, find the cluster you want to manage and click its name. In the left-side navigation pane, choose Applications > Knative.

    3. On the Knative page, click the Components tab. Click Deploy Knative, select ASM in the Gateway section, and then click Deploy.

    After deployment completes, ASM is active as the ingress gateway for your Knative services.

    Step 2: Deploy and access a Knative service through the ASM gateway

    This step deploys a sample Knative service and verifies that it is reachable through the ASM gateway.

    1. Log on to the ACK console. In the left-side navigation pane, click Clusters.

    2. On the Clusters page, find the cluster you want to manage and click its name. In the left-side navigation pane, choose Applications > Knative.

    3. On the Knative page, click the Services tab. Set Namespace to default and click Create from Template. Paste the following YAML into the template and click Create.

      Important

      Replace {REGION-ID} with the region ID of your cluster (for example, cn-beijing).

      apiVersion: serving.knative.dev/v1
kind: Service
metadata:
  name: helloworld-go
spec:
  template:
    spec:
      containers:
      - image: registry.{REGION-ID}.aliyuncs.com/knative-sample/helloworld-go:73fbdd56
        env:
        - name: TARGET
          value: "Knative"

    4. On the Services tab, find the helloworld-go service and note the gateway IP address shown in the Gateway column.

    5. Run the following command to verify access to the helloworld-go service. Replace 39.XX.XX.XX with the actual gateway IP address.

      curl -H "host: helloworld-go.default.example.com" http://39.XX.XX.XX

      The -H "host: ..." flag is required because the ASM gateway routes requests based on the Host header. Without DNS configured for your test environment, this header tells the gateway which Knative service to route to. Expected output:

      Hello Knative!

    (Optional) Step 3: View service monitoring data

    Knative provides out-of-the-box monitoring. On the Knative page, click the Monitoring Dashboards tab to view metrics for the helloworld-go service.

    For instructions on enabling the Knative dashboard, see View the Knative dashboard through Alibaba Cloud Prometheus monitoring.

    What's next

    • Configure traffic splitting between Knative service revisions using ASM traffic management policies.

    • Enable mTLS policies in ASM to secure inter-service communication for your Knative workloads.

    • Explore advanced observability by integrating ASM with Alibaba Cloud Prometheus monitoring.