All Products
Search

This Product

    Alibaba Cloud Service Mesh:Log on to ASM Mesh Topology with an Alibaba Cloud account or as a RAM user

    Document Center

    Alibaba Cloud Service Mesh:Log on to ASM Mesh Topology with an Alibaba Cloud account or as a RAM user

    Last Updated:Nov 24, 2023

    Service Mesh (ASM) of V1.16.4.5 or later allows you to log on to Mesh Topology with an Alibaba Cloud account or as a Resource Access Management (RAM) user. This topic describes how to log on to Mesh Topology with an Alibaba Cloud account or as a RAM user.

    Prerequisites

    Step 1: Create and configure an OAuth application in the RAM console

    1. Create an Open Authorization (OAuth) application in the RAM console . For more information, see Create an application.

      Parameter

      Description

      Application Type

      Select WebApp.

      Callback URL

      If you log on to Mesh Topology by using the Classic Load Balancer (CLB) instance associated with your ASM instance, enter the IP address of the CLB instance. If you log on to Mesh Topology by using an ingress gateway, enter the IP address of the ingress gateway. The following configurations are examples:

      • If you use a CLB instance to log on to Mesh Topology and the IP address of the CLB instance is xxx.xxx.xxx.xxx, set the Callback URL parameter to http://xxx.xxx.xxx.xxx:20001 without forward slashes (/) following 20001. For example, 20001/xxx, 20001/, 20001/xxx/, and 20001/xxx/yyy are not allowed.

      • If you use an ingress gateway to log on to Mesh Topology and the IP address of the ingress gateway is yyy.yyy.yyy.yyy, set the Callback URL parameter to http://yyy.yyy.yyy.yyy:20001 without forward slashes (/) following 20001. For example, 20001/xxx, 20001/, 20001/xxx/, and 20001/xxx/yyy are not allowed.

    2. On the Enterprise Applications tab, save the ID of the OAuth application shown in the Application ID column.73E0C315-B8D6-450c-A749-66BF5604622D..png

    3. Create an application secret for the OAuth application in the RAM console and save the application secret. For more information, see Create an application secret.

      Note

      The application secret is visible only when you create it and cannot be queried. Therefore, you must save the secret when you create it.

    Step 2: Configure Mesh Topology in the ASM console to connect to the OAuth application

    ASM Mesh Topology allows you to use the OpenID Connect (OIDC) protocol to connect to an OAuth application.

    1. Log on to the ASM console. In the left-side navigation pane, choose Service Mesh > Mesh Management.

    2. On the Mesh Management page, click the name of the ASM instance. In the left-side navigation pane, choose Observability Management Center > Mesh Topology.

    3. In the Authentication section of the Mesh Topology page, select Login with OIDC, configure parameters as required, and then click Save configuration of Mesh Topology.

      Parameter

      Description

      Client ID

      The application ID that is saved in Step 1.

      Client Secret

      The application secret that is saved in Step 1.

      OIDC Issuer URL

      Enter https://oauth.aliyun.com.

      OAuth Scope

      Select only Basic Information.

    Step 3: Log on to ASM Mesh Topology with an Alibaba Cloud account or as a RAM user

    Method 1: Use a CLB instance to log on to ASM Mesh Topology

    1. Log on to the ASM console. In the left-side navigation pane, choose Service Mesh > Mesh Management.

    2. On the Mesh Management page, click the name of the ASM instance. In the left-side navigation pane, choose Observability Management Center > Mesh Topology.

    3. In the Access section of the Mesh Topology page, click Click here to access ASM Mesh Topology next to Access ASM Mesh Topology.

    4. On the logon page of ASM Mesh Topology, click Log In With OpenID to go to the ASM Mesh Topology console.

      Note

      If you have not logged on to the Alibaba Cloud Management Console with an Alibaba Cloud account or as a RAM user, you are redirected to the Alibaba Cloud RAM User Logon page after you click Log In With OpenID. You can log on to the Alibaba Cloud Management Console with an Alibaba Cloud account or as a RAM user. Then, click Next to go to the ASM Mesh Topology console.

    Method 2: Use an ingress gateway to log on to ASM Mesh Topology

    1. Log on to the ASM console. In the left-side navigation pane, choose Service Mesh > Mesh Management.

    2. On the Mesh Management page, click the name of the ASM instance. In the left-side navigation pane, choose ASM Instance > Base Information.

    3. In the Config Info section of the Base Information page, click Access from Ingress Gateway next to Enable ASM Mesh Topology.

    4. On the logon page of ASM Mesh Topology, click Log In With OpenID to go to the ASM Mesh Topology console.

      Note

      If you have not logged on to the Alibaba Cloud Management Console with an Alibaba Cloud account or as a RAM user, you are redirected to the Alibaba Cloud RAM User Logon page after you click Log In With OpenID. You can log on to the Alibaba Cloud Management Console with an Alibaba Cloud account or as a RAM user. Then, click Next to go to the ASM Mesh Topology console.