servicemesh-operator
The servicemesh-operator component simplifies the deployment, upgrade, and configuration management of Alibaba Cloud Service Mesh (ASM) in an ACK cluster. This lets you quickly enable powerful ASM features, such as traffic management, security, and observability.
Scope
ACK clusters must be version 1.21 or later.
Instructions
After you install the servicemesh-operator component in an ACK cluster, the system automatically deploys the following:
A controller named servicemesh-operator is deployed to the cluster. The controller runs on the cluster's control plane and is responsible for listening to and processing custom resources related to the service mesh.
The
servicemesh.istio.alibabacloud.comCustomResourceDefinition (CRD) is created.A ServiceMesh Custom Resource (CR) named `mesh` is automatically created.
The servicemesh-operator controller creates a Standard Edition ASM instance named mesh-for-${cluster-ID}. After the instance is created, the controller adds the ACK cluster to it.
You can query the ServiceMesh CR to monitor the creation progress and current status of the ASM instance in real time.
Console
On the ACK Clusters page, click the name of the target cluster. In the navigation pane on the left, choose .
On the Custom Resources page, search for ServiceMesh. In the search results, locate the ServiceMesh resource under istio.alibabacloud.com and click Edit YAML in the Actions column.
The following is a sample YAML file:
apiVersion: istio.alibabacloud.com/v1beta1 kind: ServiceMesh metadata: annotations: kubectl.kubernetes.io/last-applied-configuration: | {"apiVersion":"istio.alibabacloud.com/v1beta1","kind":"ServiceMesh","metadata":{"annotations":{},"name":"mesh"},"spec":{"clusterSpec":"Standard"}} creationTimestamp: "2025-08-08T03:38:15Z" generation: 1 name: mesh resourceVersion: "18972175" uid: 440b90f4-c894-4dc1-8b37-c025690171c9 spec: clusterSpec: Standard status: conditions: - lastTransitionTime: "2025-08-08T03:38:16Z" status: "True" type: PreChecked - lastTransitionTime: "2025-08-08T03:38:18Z" status: "True" type: ServiceMeshCreated - lastTransitionTime: "2025-08-08T03:38:19Z" status: "True" type: ServiceMeshReady - lastTransitionTime: "2025-08-08T03:38:21Z" status: "True" type: ClusterAdded phase: Succeeded serviceMeshId: cb3a33d70d3344ea58170494c1b12a6fa serviceMeshName: mesh-for-c9ce5e565cb984d709326a29ccb80d70a
kubectl
Obtain the cluster's KubeConfig file and use kubectl to connect to the cluster.
You can view the YAML file of the ServiceMesh CR.
kubectl get servicemesh mesh -n istio-system -o yamlExpected output:
apiVersion: istio.alibabacloud.com/v1beta1 kind: ServiceMesh metadata: annotations: kubectl.kubernetes.io/last-applied-configuration: | {"apiVersion":"istio.alibabacloud.com/v1beta1","kind":"ServiceMesh","metadata":{"annotations":{},"name":"mesh"},"spec":{"clusterSpec":"Standard"}} creationTimestamp: "2025-08-08T03:38:15Z" generation: 1 name: mesh resourceVersion: "18972175" uid: 440b90f4-c894-4dc1-8b37-c025690171c9 spec: clusterSpec: Standard status: conditions: - lastTransitionTime: "2025-08-08T03:38:16Z" status: "True" type: PreChecked - lastTransitionTime: "2025-08-08T03:38:18Z" status: "True" type: ServiceMeshCreated - lastTransitionTime: "2025-08-08T03:38:19Z" status: "True" type: ServiceMeshReady - lastTransitionTime: "2025-08-08T03:38:21Z" status: "True" type: ClusterAdded phase: Succeeded serviceMeshId: cb3a33d70d3344ea58170494c1b12a6fa serviceMeshName: mesh-for-c9ce5e565cb984d709326a29ccb80d70a
Quotas and limits
The current version of servicemesh-operator only supports a one-to-one mapping between an ASM instance and an ACK cluster. To update or delete an ASM instance, go to the ASM console.
ServiceMesh CRD details
The ServiceMesh resource defines the desired and actual states for declaring and managing an ASM service mesh in a Kubernetes cluster.
Spec (.spec)
Field | Type | Description | Default | Required |
| string | The ID of the service mesh. If you do not specify an ID, the system generates a random one. Specify this ID to create a new service mesh or add the current cluster to an existing mesh. This field has a higher priority than the `name` field. | N/A | No |
| string | The name of the service mesh. If you do not specify a name, the system generates one in the format | N/A | No |
| string | The edition of the created service mesh instance. It defines the features and performance level of the instance. Valid values:
| Standard | No |
Status (.status)
Field | Type | Description |
| string | The unique name of the actual service mesh created by the controller. This field is recorded before the initial creation request is sent and is immutable throughout the reconciliation process to prevent the creation of duplicate service mesh instances. |
| string | The ID of the successfully created service mesh. This value is retrieved from the cloud after the service mesh instance is created. |
| string | Describes the current lifecycle phase of the service mesh. Possible values include the following:
|
| []ServiceMeshCondition | A list of conditions and their statuses that the service mesh goes through during the reconciliation process. It provides a detailed record of the key steps from resource creation to readiness. |
| metav1.Time | Records the timestamp of the last retry when the reconciliation process encounters a retryable error. |
ServiceMeshCondition
Field | Type | Description |
| metav1.Time | The timestamp of the last time the condition's status changed. |
| string | The current status of the condition. Valid values:
|
| string | The type of condition, which represents a specific step in the reconciliation process. Examples:
|
| string | An informational message about the condition's status. It is typically used to provide additional context when an error occurs or when the resource is in a specific state. |