To use Alibaba Cloud Service Mesh (ASM), you must create an ASM instance. This topic describes how to create an ASM instance in the ASM console.
Prerequisites
- The following services are activated:
- The permissions of the following roles are obtained: AliyunServiceMeshDefaultRole, AliyunCSClusterRole, and AliyunCSManagedKubernetesRole.
Background information
Note When you create an ASM instance, ASM may perform the following operations based on
your settings:
- Creates a security group that allows access to a virtual private cloud (VPC) over Internet Control Message Protocol (ICMP).
- Adds route entries to the VPC.
- Creates an elastic IP address (EIP).
- Creates a RAM role with attached policies that grant all permissions on Server Load Balancer (SLB), CloudMonitor, VPC, and Log Service. ASM dynamically creates SLB instances and adds route entries to the VPC based on your settings.
- Creates an SLB instance in the VPC and exposes port 6443.
- Creates an SLB instance in the VPC and exposes port 15011.
- Collects the logs of the managed components to ensure stability.
Procedure
Result
- On the Mesh Management page, you can view the basic information about the ASM instance.
To view the latest information about the ASM instance, click the
icon on the right.
- On the Mesh Management page, find the ASM instance that you want to view logs and click Log in the Actions column. In the ASM Instance Logs panel, you can view the logs of the ASM instance.
- On the Mesh Management page, find the instance whose instance type you want to update and click Specification change in the Actions column. For more information, see Update the instance type of an ASM instance.
- On the Mesh Management page, find the ASM instance that you want to view basic information and click Manage in the Actions column. On the Basic Information page, you can view the basic information of the
instance, such as the instance ID and the security group. By default, the following
Istio resources are created for a new ASM instance:
- A namespace: default.
Note By default, the system creates five namespaces for a new ASM instance, but only the namespace that is named default appears in the console. You can use the kubectl client to query and manage the other four namespaces, which are istio-system, kube-node-lease, kube-public, and kube-system.
- Two destination rules: API-Server and default. For more information about the API-Server rule, visit the official website of Istio. The default rule defines the permissive Mutual Transport Layer Security (mTLS) policy for the ASM instance.
- A namespace: default.