After you add a cluster to a Service Mesh (ASM) instance, you can use ASM features such as traffic management, fault handling, unified monitoring, and Log Management. These features enhance system reliability and security, help you manage and monitor service interactions, and improve service observability.
Workflow overview
Verify prerequisites (ASM instance, Container Service for Kubernetes (ACK) cluster, network connectivity, Gateway API component).
Add the cluster through the ASM console.
Verify that the ASM instance status returns to Running.
(Optional) Deploy an ingress gateway or configure traffic rules.
Prerequisites
Before you begin, make sure that you have:
An ASM instance
An ACK cluster
Network connectivity between the cluster and the ASM instance (same Virtual Private Cloud (VPC), or VPCs connected through Cloud Enterprise Network (CEN), PrivateLink, or a public endpoint)
The Gateway API component installed in the ACK cluster. For installation steps, see Manage cluster components
The cluster and the ASM instance must be in the same VPC. To add a cluster from a different VPC, first establish connectivity using one of the methods described in Connect clusters across VPCs.
Add a cluster with VPC network connectivity to an ASM instance
This procedure covers clusters that already have VPC-level connectivity to the ASM instance, including:
Clusters in the same VPC as the ASM instance
Clusters in a different VPC that is already connected through CEN or another method
Procedure
Log on to the ASM console.
In the left-side navigation pane, choose Service Mesh > Mesh Management.
On the Mesh Management page, click the name of the target ASM instance.
In the left-side navigation pane, choose Cluster & Workload Management > Kubernetes Clusters.
Click Add.
On the Add Kubernetes Cluster page, select the cluster and click OK.
To filter clusters in the same VPC, click Filter Clusters In The Same VPC As The Mesh before selecting.
Make sure the proxy containers in the cluster can reach the Istio Pilot address exposed by the ASM instance. If the ASM instance does not have a public IP address for Istio Pilot, the address must be reachable over the VPC.
In the Important dialog box, click OK to confirm.
Verify the result
After you add the cluster, the ASM instance enters the Updating state. To confirm that the operation succeeded:
Go to Mesh Instance > Basic Information.
Wait a few moments, then click Refresh in the upper-right corner.
Verify that Status changes from Updating to Running. The time required depends on the number of clusters being added. If the status does not change to Running after several minutes, check the network connectivity between the cluster and the ASM control plane.
Go to the Kubernetes Clusters page and verify that the new cluster appears in the list.
Remove a cluster
To remove a cluster that is no longer needed:
On the Kubernetes Clusters page, select the cluster.
Click Remove, then click OK in the Confirm dialog box.
After removal, the cluster is no longer managed by this service mesh. Traffic rules and policies that ASM enforced on workloads in that cluster no longer apply. Proceed with caution.
Connect clusters across VPCs
If the cluster and the ASM instance are in different VPCs without existing connectivity, establish a connection using one of the following methods before adding the cluster.
| Method | How it works |
|---|---|
| CEN | Connects VPCs through an Enterprise Edition transit router |
| PrivateLink | Creates a private endpoint connection between the control plane and data plane VPCs |
| Public endpoint | Routes traffic over the public internet by enabling public network access for both the Kubernetes cluster and the ASM control plane |
After you establish connectivity, follow the steps in Add a cluster with VPC network connectivity to an ASM instance to add the cluster to the ASM instance.
What to do next
Create an ingress gateway to provide a unified public or internal entry point for the cluster.
Manage east-west traffic using waypoint and virtual services to distribute traffic between different versions of a service.
Visualize service dependencies and traffic flows with ASM mesh topology.
Add a cluster programmatically through the AddClusterIntoServiceMesh API.