Use ASM to manage applications in ACK edge clusters - Alibaba Cloud Service Mesh

Service Mesh (ASM) allows you to manage applications in Alibaba Cloud Container Service for Kubernetes (ACK) edge clusters that are added to ASM instances.

Prerequisites

An ACK edge cluster is created. For more information about how to create and expand an ACK edge cluster, see Create an ACK edge cluster and Expand an edge cluster
ASM is activated. To activate ASM, go to the ASM console.
A ticket is submitted to apply for the permission to add the ACK edge cluster to the ASM instance. For more information, see Submit a ticket.

Procedure

Create an ASM instance.

Log on to the ASM console. In the left-side navigation pane, choose Service Mesh > Mesh Management.
On the Mesh Management page, click Create ASM Instance.

On the Create Service Mesh page, configure the parameters, read and agree to Service Agreement, and then click Create Service Mesh.

The following table describes some of the parameters. Fore more information, see the parameter description table in the Create an ASM instance topic.

Parameter	Description
Region	The region in which you want to create the ASM instance. We recommend that you select a region that is close to the region where the ACK edge cluster resides.
Istio Version	The Istio version of the ASM instance, which must be 1.14 or later.
VPC	Select the virtual private cloud (VPC) in which the ACK edge cluster resides from the drop-down list. A Server Load Balancer (SLB) instance is associated with Istio Pilot on the control plane. The VPC of the data plane must be connected to the VPC in which the SLB instance resides. For more information, see Cloud Enterprise Network.
vSwitch	Select a vSwitch from the drop-down list. You can also click Create vSwitch to create a vSwitch. For more information, see Create and manage a vSwitch.
API Server access	An ASM instance runs on Kubernetes runtime. You can use the API server to define a variety of mesh resources, such as virtual services, destination rules, and Istio gateways. You can select an SLB instance specification for the API server from the drop-down list, and select or clear Use EIP to expose API Server. An internal-facing SLB instance will be created by using the specification you select. If you select Use EIP to expose API Server, an elastic IP address (EIP) is created and associated with the internal-facing SLB instance. Port 6443 of the API server is exposed. You can use the kubeconfig file of a cluster to connect to and manage the cluster over the Internet to define mesh resources. If you clear Use EIP to expose API Server, no EIP is created. You can use the kubeconfig file of a cluster to connect to and manage the cluster to define mesh resources only over the VPC in which the cluster resides.

Note

It takes 2 to 3 minutes to create an ASM instance.

Add the ACK edge cluster to the ASM instance.
1. On the Mesh Management page, find the ASM instance that you want to configure. Click the name of the ASM instance or click Manage in the Actions column.
2. On the details page of the ASM instance, choose Cluster & Workload Management > Kubernetes Clusters in the left-side navigation pane. On the page that appears, click Add.
3. On the Add Kubernetes Cluster page, select Filter out Kubernetes clusters that are in the same VPC as the ASM instance, select the ACK edge cluster that you want to add, and then click OK.
  Note
  After you add a cluster to an ASM instance, the status of the ASM instance changes to Updating. Wait a few seconds and click the icon in the upper-right corner. If the cluster is added to the ASM instance, the status of the ASM instance becomes Running. The wait time varies based on the network condition. You can view information about the added cluster on the Kubernetes Clusters page.

Create an ingress gateway.

On the details page of the ASM instance, choose ASM Gateways > Ingress Gateway in the left-side navigation pane.

On the Ingress Gateway page, click Create, configure the parameters, and then click Create.

The following table describes some of the parameters. For more information, see the parameter description table in the Create an ingress gateway service topic.

Parameter	Description
Cluster	Select the ACK edge cluster in which you want to deploy an ingress gateway from the drop-down list.
SLB Instance Type	Select Internet Access or Private Access. Select Create SLB Instance or Use Existing SLB Instance.
Port Mapping	Specify the ports that services need to expose. The port you specify in this section is corresponding to the port field in the service YAML file. When you define port mappings in YAML files of the services, we recommend that you set the targetPort field to the same value as the port field in each mapping. ASM provides two default ports that are commonly used by Istio. You can keep or delete the default ports and add new ports as needed.

After the ingress gateway is created, you can log on to the ACK edge cluster to view details.

Deploy applications in the ACK edge cluster.
1. Enable automatic sidecar injection. For more information, see Enable automatic sidecar proxy injection.
2. Deploy applications in the ACK edge cluster by running commands on the kubectl client or using the ACK console. For more information, see Deploy an application in an ASM instance.
Optional:Define Istio resources. For more information, see Use Istio resources to route traffic to different versions of a service.