All Products
Search

This Product

    Alibaba Cloud Service Mesh:Preparations

    Document Center

    Alibaba Cloud Service Mesh:Preparations

    Last Updated:Mar 11, 2026

    Layer 7 (L7) routing supports capabilities such as URI path matching and request header matching. Complete the following steps before you configure L7 routing rules: switch the data plane to Ambient Mesh mode, deploy a Waypoint proxy, and deploy sample services for testing.

    Prerequisites

    Before you begin, ensure that you have:

    Step 1: Set the data plane mode to Ambient Mesh

    Switch the default global namespace to Ambient Mesh mode.

    1. Log on to the ASM console. In the left-side navigation pane, choose Service Mesh > Mesh Management.

    2. On the Mesh Management page, click the name of the target ASM instance. In the left-side navigation pane, choose ASM Instance > Global Namespace.

    3. On the Global Namespace page, find the default namespace and click Switch to Ambient Mesh Mode in the Dataplane Mode column.

    4. In the Submit dialog, click OK.

    Verify the data plane mode

    Run the following command to confirm that the default namespace is labeled for Ambient Mesh mode:

    kubectl get namespace default --show-labels

    The output should include istio.io/dataplane-mode=ambient.

    Step 2: Enable Waypoint for the default namespace

    In Ambient mode, Layer 7 features depend on Waypoint. This step creates a Waypoint proxy and associates it with all services in the default namespace.

    Create the Gateway resource

    ASM provisions a Waypoint proxy from a Kubernetes Gateway resource. Apply the following manifest:

    kubectl apply -f - <<EOF
apiVersion: gateway.networking.k8s.io/v1
kind: Gateway
metadata:
  name: waypoint
spec:
  gatewayClassName: istio-waypoint
  listeners:
  - name: mesh
    port: 15008
    protocol: HBONE
EOF

    Associate the Waypoint with the namespace

    Label the default namespace to route traffic through the Waypoint proxy:

    kubectl label namespace default istio.io/use-waypoint=waypoint --overwrite

    Verify the Waypoint deployment

    Run the following command to confirm that the Waypoint proxy pod is running:

    kubectl get pods -l gateway.networking.k8s.io/gateway-name=waypoint

    The output should show a pod in Running status:

    NAME                        READY   STATUS    RESTARTS   AGE
waypoint-6f5db7c4b9-xxxxx   1/1     Running   0          30s

    Step 3: Deploy sample services

    Deploy one or more of the following services to test L7 routing. Choose based on the routing scenarios you plan to configure:

    ServicePortVersionsUse case
    helloworld5000v1, v2Version-based routing and traffic splitting
    sleep80--Client pod for sending test requests
    HTTPBin8000--HTTP request and response inspection
    NGINX8000--Web server testing
    mocka8000v1, v2Traffic tagging with ASM_TRAFFIC_TAG
    For most L7 routing scenarios, deploy at least the sleep service (as a client) and one target service such as helloworld or HTTPBin.

    Deploy helloworld

    The helloworld service runs two versions (v1 and v2), each as a separate Deployment. Three Services are created: one for all versions and one for each specific version. This setup is useful for testing version-based routing.

    1. Save the following manifest as helloworld-application.yaml.

      View helloworld-application.yaml

      apiVersion: v1
kind: Service
metadata:
  name: helloworld
  labels:
    app: helloworld
spec:
  ports:
  - port: 5000
    name: http
  selector:
    app: helloworld
---
apiVersion: v1
kind: ServiceAccount
metadata:
  name: helloworld
  labels:
    account: helloworld
---
apiVersion: apps/v1
kind: Deployment
metadata:
  name: helloworld-v1
  labels:
    apps: helloworld
    version: v1
spec:
  replicas: 1
  selector:
    matchLabels:
      app: helloworld
      version: v1
  template:
    metadata:
      labels:
        app: helloworld
        version: v1
    spec:
      serviceAccount: helloworld
      serviceAccountName: helloworld
      containers:
      - name: helloworld
        image: registry-cn-hangzhou.ack.aliyuncs.com/ack-demo/examples-helloworld-v1:1.0
        imagePullPolicy: IfNotPresent
        ports:
        - containerPort: 5000
---
apiVersion: apps/v1
kind: Deployment
metadata:
  name: helloworld-v2
  labels:
    apps: helloworld
    version: v2
spec:
  replicas: 1
  selector:
    matchLabels:
      app: helloworld
      version: v2
  template:
    metadata:
      labels:
        app: helloworld
        version: v2
    spec:
      serviceAccount: helloworld
      serviceAccountName: helloworld
      containers:
      - name: helloworld
        image: registry-cn-hangzhou.ack.aliyuncs.com/ack-demo/examples-helloworld-v2:1.0
        imagePullPolicy: IfNotPresent
        ports:
        - containerPort: 5000
---
apiVersion: v1
kind: Service
metadata:
  name: helloworld-v1
  labels:
    app: helloworld-v1
spec:
  ports:
  - port: 5000
    name: http
  selector:
    app: helloworld
    version: v1
---
apiVersion: v1
kind: Service
metadata:
  name: helloworld-v2
  labels:
    app: helloworld-v2
spec:
  ports:
  - port: 5000
    name: http
  selector:
    app: helloworld
    version: v2

    2. Deploy the service:

      kubectl apply -f helloworld-application.yaml

    Deploy sleep

    The sleep service provides a long-running client pod with curl installed, useful for sending test requests to other services within the mesh.

    1. Save the following manifest as sleep-application.yaml.

      View sleep-application.yaml

      apiVersion: v1
kind: ServiceAccount
metadata:
  name: sleep
---
apiVersion: v1
kind: Service
metadata:
  name: sleep
  labels:
    app: sleep
    service: sleep
spec:
  ports:
  - port: 80
    name: http
  selector:
    app: sleep
---
apiVersion: apps/v1
kind: Deployment
metadata:
  name: sleep
spec:
  replicas: 1
  selector:
    matchLabels:
      app: sleep
  template:
    metadata:
      labels:
        app: sleep
    spec:
      terminationGracePeriodSeconds: 0
      serviceAccountName: sleep
      containers:
      - name: sleep
        image: registry-cn-hangzhou.ack.aliyuncs.com/ack-demo/curl:asm-sleep
        command: ["/bin/sleep", "3650d"]
        imagePullPolicy: IfNotPresent
        volumeMounts:
        - mountPath: /etc/sleep/tls
          name: secret-volume
      volumes:
      - name: secret-volume
        secret:
          secretName: sleep-secret
          optional: true

    2. Deploy the service:

      kubectl apply -f sleep-application.yaml

    Deploy HTTPBin

    HTTPBin echoes HTTP request details back in the response, making it useful for verifying header-based routing and request manipulation.

    1. Save the following manifest as httpbin-application.yaml.

      View httpbin-application.yaml

      apiVersion: v1
kind: ServiceAccount
metadata:
  name: httpbin
---
apiVersion: v1
kind: Service
metadata:
  name: httpbin
  labels:
    app: httpbin
    service: httpbin
spec:
  ports:
  - name: http
    port: 8000
    targetPort: 80
  selector:
    app: httpbin
---
apiVersion: apps/v1
kind: Deployment
metadata:
  name: httpbin
spec:
  replicas: 1
  selector:
    matchLabels:
      app: httpbin
      version: v1
  template:
    metadata:
      labels:
        app: httpbin
        version: v1
    spec:
      serviceAccountName: httpbin
      containers:
      - image: registry-cn-hangzhou.ack.aliyuncs.com/ack-demo/httpbin:0.1.0
        imagePullPolicy: IfNotPresent
        name: httpbin
        ports:
        - containerPort: 80

    2. Deploy the service:

      kubectl apply -f httpbin-application.yaml

    Deploy NGINX

    1. Save the following manifest as nginx.yaml.

      View nginx.yaml

      apiVersion: v1
kind: ServiceAccount
metadata:
  name: nginx
---
apiVersion: v1
kind: Service
metadata:
  labels:
    app: nginx
  name: nginx
spec:
  ports:
    - name: http
      port: 8000
      protocol: TCP
      targetPort: 80
  selector:
    app: nginx
  type: ClusterIP
---
apiVersion: apps/v1
kind: Deployment
metadata:
  labels:
    app: nginx
  name: nginx
spec:
  replicas: 1
  selector:
    matchLabels:
      app: nginx
  template:
    metadata:
      labels:
        app: nginx
    spec:
      serviceAccountName: nginx
      containers:
        - image: 'registry-cn-hangzhou.ack.aliyuncs.com/ack-demo/nginx:1.28.0'
          imagePullPolicy: IfNotPresent
          name: nginx
          ports:
            - containerPort: 80
              protocol: TCP
          resources:
            limits:
              cpu: 500m
          terminationMessagePath: /dev/termination-log
          terminationMessagePolicy: File

    2. Deploy the service:

      kubectl apply -f nginx.yaml

    Deploy mocka

    The mocka service runs two versions (v1 and v2) with ASM_TRAFFIC_TAG labels for traffic tagging. Three Services are created: one for all versions and one for each specific version.

    1. Save the following manifest as mocka-application.yaml.

      View mocka-application.yaml

      apiVersion: v1
kind: ServiceAccount
metadata:
  name: mocka
  namespace: default
---
apiVersion: v1
kind: Service
metadata:
  name: mocka
  labels:
    app: mocka
    service: mocka
spec:
  ports:
  - port: 8000
    name: http
  selector:
    app: mocka
---
apiVersion: apps/v1
kind: Deployment
metadata:
  name: mocka-v1
  labels:
    app: mocka
    version: v1
spec:
  replicas: 1
  selector:
    matchLabels:
      app: mocka
      version: v1
      ASM_TRAFFIC_TAG: v1
  template:
    metadata:
      labels:
        app: mocka
        version: v1
        ASM_TRAFFIC_TAG: v1
    spec:
      serviceAccountName: mocka
      containers:
      - name: default
        image: registry-cn-hangzhou.ack.aliyuncs.com/ack-demo/asm-gobin:1.0.0
        imagePullPolicy: IfNotPresent
        env:
        - name: version
          value: v1
        - name: app
          value: mocka
        ports:
        - containerPort: 8000
---
apiVersion: apps/v1
kind: Deployment
metadata:
  name: mocka-v2
  labels:
    app: mocka
    version: v2
spec:
  replicas: 1
  selector:
    matchLabels:
      app: mocka
      version: v2
      ASM_TRAFFIC_TAG: v2
  template:
    metadata:
      labels:
        app: mocka
        version: v2
        ASM_TRAFFIC_TAG: v2
    spec:
      serviceAccountName: mocka
      containers:
      - name: default
        image: registry-cn-hangzhou.ack.aliyuncs.com/ack-demo/asm-gobin:1.0.0
        imagePullPolicy: IfNotPresent
        env:
        - name: version
          value: v2
        - name: app
          value: mocka
        ports:
        - containerPort: 8000
---
apiVersion: v1
kind: Service
metadata:
  name: mocka-v1
  labels:
    app: mocka
    service: mocka
    version: v1
spec:
  ports:
  - port: 8000
    name: http
  selector:
    app: mocka
    version: v1
---
apiVersion: v1
kind: Service
metadata:
  name: mocka-v2
  labels:
    app: mocka
    service: mocka
    version: v2
spec:
  ports:
  - port: 8000
    name: http
  selector:
    app: mocka
    version: v2

    2. Deploy the service:

      kubectl apply -f mocka-application.yaml

    Verify service deployments

    After deploying your chosen services, verify that all pods are running:

    kubectl get pods

    The output should show all deployed pods in Running status. For example, if you deployed helloworld and sleep:

    NAME                              READY   STATUS    RESTARTS   AGE
helloworld-v1-b6c45f55-xxxxx     1/1     Running   0          60s
helloworld-v2-79d5467d6f-xxxxx   1/1     Running   0          60s
sleep-9454cc476-xxxxx            1/1     Running   0          45s