All Products
Search

This Product

    Alibaba Cloud Service Mesh:Migrate traffic from a self-managed Istio ingress gateway to an ASM ingress gateway

    Document Center

    Alibaba Cloud Service Mesh:Migrate traffic from a self-managed Istio ingress gateway to an ASM ingress gateway

    Last Updated:Aug 14, 2023

    This topic describes how to migrate traffic from a self-managed Istio ingress gateway to an ASM ingress gateway.

    Traffic flow of the migration solution

    Migration solution

    Step 1: Create an ingress gateway for the ASM instance.

    For more information, see Deploy an ingress gateway service.

    When you create an ASM ingress gateway, take note of the following points:

    • The name of the ASM ingress gateway must be different from the existing Istio ingress gateway. You can add the -asm suffix to the name of the ASM ingress gateway to distinguish the ASM ingress gateway from the existing Istio ingress gateway. For example, you can name the ASM ingress gateway ingressgateway-asm.

    • In Step 5 of the Deploy an ingress gateway service topic, set the Cluster parameter to the Kubernetes cluster where the source Istio ingress gateway resides.

    • Change the Domain Name System (DNS) record of the domain name to the IP address of the ASM ingress gateway. If you cannot change the DNS record of the domain name, you can gradually migrate the traffic by adjusting the weights of source and target ingress gateways. In this case, the ASM ingress gateway must reuse the Server Load Balancer (SLB) instance that is associated with the source Istio ingress gateway. In the preceding figure, the ASM ingress gateway reuses the SLB instance that is associated with the source Istio ingress gateway.

      Note

      SLB instances that are created by using the LoadBalancer service type cannot be reused.

    Expand to view notes on the reuse of the SLB instance.

    When you use the YAML file of the Istio gateway to create an ASM ingress gateway, take note of the following points if you need to reuse an existing SLB instance:

    • Edit the settings related to the SLB instance for the serviceAnnotations parameter in the YAML file.

    • service.beta.kubernetes.io/alibaba-cloud-loadbalancer-id: specifies the SLB instance that you want to reuse. The SLB instance is associated with the source Istio ingress gateway.

    • service.beta.kubernetes.io/alibaba-cloud-loadbalancer-force-override-listeners: specifies whether to overwrite the existing listeners of the SLB instance. Set the value to false.

    • service.beta.kubernetes.io/alibaba-cloud-loadbalancer-vgroup-port: specifies the vServer groups of the SLB instance that you want to reuse. Separate multiple ports and vServer groups with commas (,). Example: "${YOUR_VGROUP_ID_1}:80, ${YOUR_VGROUP_ID_2}:443".

    • service.beta.kubernetes.io/alibaba-cloud-loadbalancer-weight: specifies the weight of the ASM ingress gateway. You can set the weight to 0 when the routing rule has not configured for the ASM ingress gateway or exceptions occur. When you set the weight to 0, the SLB instance does not forward traffic to the ASM ingress gateway. Before you specify this parameter, make sure that the scheduling algorithm for the SLB instance is weighted round-robin (WRR).

    Sample configurations of service annotations:

     serviceAnnotations:
    service.beta.kubernetes.io/alibaba-cloud-loadbalancer-id: "lb-xxxxx"  //Replace lb-xxxxx with the ID of the SLB instance that you created in the SLB console. 
    service.beta.kubernetes.io/alibaba-cloud-loadbalancer-force-override-listeners: 'false'  //Set the value to false because existing SLB listeners are overwritten by default on the Istio gateway. 
    service.beta.kubernetes.io/alibaba-cloud-loadbalancer-vgroup-port: "${YOUR_VGROUP_ID}:80"   //Replace ${YOUR_VGROUP_ID} with the ID of the vServer group of the SLB instance. 
    service.beta.kubernetes.io/alibaba-cloud-loadbalancer-weight: "60"   //If you set the weight to 0, the ASM ingress gateway no longer receives traffic.

    Step 2: Migrate configurations.

    • Change the value of selector.istio to the name of your ASM ingress gateway in the YAML file to migrate ingress gateway configurations. Sample YAML file:

      spec:
  selector:
    istio: ingressgateway-asm

    • Migrate other configurations such as VirtualService and DestinationRule configurations.

    Step 3: Migrate traffic.

    Modify the service annotations to adjust the weights of source and target ingress gateways. You can first set the weight of the ASM ingress gateway to a small value, such as 10, and check whether the traffic flow meets expectations. Then, gradually increase the weight until all the traffic is routed to the ASM ingress gateway.

    Methods of adjusting the weight:

    • To adjust the weight of the source Istio ingress gateway, edit the service.beta.kubernetes.io/alibaba-cloud-loadbalancer-weight annotation for the corresponding service.

    • To adjust the weight of the ASM ingress gateway, edit the service.beta.kubernetes.io/alibaba-cloud-loadbalancer-weight service annotation for the ASM ingress gateway.