Manage applications in registered external Kubernetes clusters - Alibaba Cloud Service Mesh

Alibaba Cloud Service Mesh (ASM) allows you to manage applications in external Kubernetes clusters that are registered in the Container Service for Kubernetes (ACK) console.

Prerequisites

An external Kubernetes cluster that can access the Internet is registered in the ACK console. For more information, see Register an external Kubernetes cluster.
ASM is activated. To activate ASM, go to the ASM console.
A Server Load Balancer (SLB) instance is associated with Istio Pilot on the control plane. The virtual private cloud (VPC) of the data plane is connected to the VPC in which the SLB instance resides. For more information, see Cloud Enterprise Network.

Procedure

Create an ASM instance.

Log on to the ASM console. In the left-side navigation pane, choose Service Mesh > Mesh Management.
On the Mesh Management page, click Create ASM Instance.

On the Create Service Mesh page, configure the parameters, and click Create Service Mesh.

The following table describes some of the parameters. For more information, see Create an ASM instance.


Parameter	Description
Region	Select the region in which the registered external Kubernetes cluster resides or a region that is nearest to the cluster.
VPC	Select the VPC in which the registered external Kubernetes cluster resides.
vSwitch	Select a vSwitch from the vSwitch drop-down list. If no vSwitches meet your requirements, click Create vSwitch to create one. For more information, see Create and manage a vSwitch.
Use EIP to expose API Server	An ASM instance runs on Kubernetes runtime. You can use the API server to define a variety of mesh resources, such as virtual services, destination rules, and Istio gateways. If you select Use EIP to expose API Server, an elastic IP address (EIP) is created and associated with the internal-facing SLB instance. The API server exposes port 6443. Then, you can use the kubeconfig file to connect to and manage the cluster and define resources in ASM over the Internet. If you deselect Use EIP to expose API Server, no EIP is created. You can use the kubeconfig file to connect to and manage the cluster and define resources in ASM only in the VPC.

Note It takes 2 to 3 minutes to create an ASM instance.

Add an external cluster to the ASM instance.
1. On the Mesh Management page, click the ASM instance to which you want to add the external cluster. In the left-side navigation pane, choose Cluster & Workload Management > Kubernetes Clusters. Then, click Add.
2. On the Add Kubernetes Cluster page, select the external cluster that you want to add to the ASM instance, and click OK.

Create an ingress gateway.

In the left-side navigation pane, choose ASM Gateways > Ingress Gateway. On the page that appears, click Create.

On the Create page, configure the parameters, and click Create.

The following table describes some of the parameters. For more information, see Create an ingress gateway service.


Parameter	Description
Cluster	Select the cluster in which you want to deploy an ingress gateway from the Cluster drop-down list.
SLB Instance Type	Select Internet Access or Private Access. Different external clusters may support different types of SLB instances. For example, specific external clusters do not support internal-facing SLB instances. Select the SLB instance type as required. If the registered external cluster does not support SLB instances, select Internet Access as SLB Instance Type. After the ingress gateway is defined, edit the YAML file of the ingress gateway to specify the service type, such as Nodeport or ClusterIP. Important You can select only Create SLB Instance instead of Use Existing SLB Instance for external clusters.
Port Mapping	Specify the ports that services need to expose. By default, two ports that are commonly used by Istio are displayed in the console. You can keep or remove the default ports or add ports as needed.

After the ingress gateway is created, you can log on to the external cluster to view the details of the ingress gateway.

Deploy applications in the external cluster

Deploy applications in the external cluster by running commands on the kubectl client or using the external cluster console. For more information, see Deploy an application in an ASM instance.

Note To create an ASM gateway, make sure that your cluster supports LoadBalancer Services or specify the serviceType field in the YAML file of the ASM gateway. The default value of the serviceType field is LoadBalancer.

Define Istio resources

Define Istio resources in the ASM console. For more information, see Use Istio resources to route traffic to different versions of a service.