This topic introduces terms related to Alibaba Cloud Service Mesh (ASM).

ASM instance
An instance that you create in ASM to function as the Istio control plane. ASM instances allow you to focus on application development and deployment without the need to maintain the Istio control plane. ASM instances are easy to use and provide high availability at low cost.
control plane
The plane that manages and configures proxies to route traffic. An Istio service mesh is logically split into a data plane and a control plane.
data plane
The plane that is composed of a set of intelligent Envoy proxies that are deployed as sidecars. These proxies mediate and control all network communication between microservices, and collect and report telemetry on all mesh traffic.
A unit used in Kubernetes to divide cluster resources between users. By default, Kubernetes clusters start with three initial namespaces: default, kube-system, and kube-public. Administrators can create custom namespaces as required.
The namespaces that you create in an ASM instance, whether in the ASM console or by using the kubectl client, belong only to the ASM instance. They are independent of the Kubernetes clusters in the data plane managed by the ASM instance. Therefore, the namespaces in the ASM instance may be different from those of the Kubernetes clusters in the data plane managed by the ASM instance. When you create or delete namespaces for the ASM instance, the namespaces of the Kubernetes clusters in the data plane managed by the ASM instance are not affected.
virtual service
A custom resource of Istio that defines a set of routing rules for specific services in a service mesh. Each routing rule defines matching criteria for traffic of a specific protocol. The traffic that matches a routing rule is sent to a destination service, or a subset or version of the destination service defined in the service registry.
destination rule
A custom resource of Istio that defines policies that apply to traffic intended for a service after routing has occurred. These rules specify configuration for load balancing, connection pool size from the sidecar, and outlier detection settings to detect and evict unhealthy hosts from the load balancing pool.
Istio gateway
A custom resource of Istio that describes a load balancer running at the edge of the mesh for receiving incoming or outgoing HTTP/TCP connections. The specification describes a set of ports that need to be exposed, the type of protocol to use, and the server name indication (SNI) configuration for the load balancer.
service entry
A custom resource of Istio that is used to add a service to the abstract model or service registry of Istio. Registered services are maintained in Istio. After you add an entry for an external service, the Envoy proxies can send traffic to the service as if the service was in the mesh.
ingress gateway service
A service that is used to manage access from applications in a Kubernetes cluster to applications outside the cluster. Ingress gateway services use Kubernetes resources instead of Istio resources. Ingress gateway services are supported by pods. When you create an ingress gateway service for a cluster in ASM, a Kubernetes service and a Kubernetes deployment are deployed in the cluster.