After you add a Container Service for Kubernetes (ACK) cluster to a Service Mesh (ASM) instance, you can use the traffic management, troubleshooting, centralized monitoring, and log management features provided by ASM to enhance system reliability and security, better manage and monitor service interactions, and improve service observability.
Prerequisites
An ASM instance is created. For more information about how to create an ASM instance, see Create an ASM instance.
An ACK cluster is created. For more information, see Create an ACK dedicated cluster, Create an ACK managed cluster, or Create a registered cluster in the ACK console.
NoteWe recommend that you create an ACK cluster in the same virtual private cloud (VPC) as the ASM instance. If the ACK cluster and the ASM instance are deployed in different VPCs, connect the VPCs by using Cloud Enterprise Network (CEN). For more information, see Implement cross-region disaster recovery and load balancing by using multiple clusters.
Add a VPC-connected cluster to an ASM instance
VPC-connected clusters refer to the following clusters:
The cluster that you want to add is in the same VPC as the control plane of the ASM instance.
The cluster that you want to add is in a different VPC from the control plane of the ASM instance. However, the VPCs are interconnected by using CEN or other methods.
Procedure
Log on to the ASM console. In the left-side navigation pane, choose .
On the Mesh Management page, click the name of the ASM instance. In the left-side navigation pane, choose . On the page that appears, click Add.
In the Add Kubernetes Cluster page, select the cluster that you want to add and click OK.
If your application runs in a single cluster or multiple clusters in the same VPC as the ASM instance, we recommend that you click Filter out Kubernetes clusters that are in the same VPC as the ASM instance to filter clusters. Then, select the ACK cluster that you want to add from the cluster list.
Make sure that the proxy container of the cluster to be added to the ASM instance can access Istio Pilot of the ASM instance. If Istio Pilot of the ASM instance does not allow Internet access, make sure that it can be accessed by the proxy container in the VPC.
In the Note message, click OK.
After you add a cluster to the ASM instance, you can find that the Status of the ASM instance changes to Updating on the page. Wait a few seconds and click Refresh in the upper-right corner. The Status of the ASM instance becomes Running. The waiting duration varies with the number of clusters that you added. On the Kubernetes Clusters page, you can view the information about the added cluster.
If you no longer need a cluster in the ASM instance, you can remove the cluster from the ASM instance. On the Kubernetes Clusters page, select the cluster that you want to remove and click Remove. In the Submit dialog box, click OK.
After you remove a cluster, Service Mesh is unavailable to this cluster. Exercise caution when you remove a cluster.
Add a cluster to an ASM instance when the cluster and the ASM instance cannot communicate with each other
You can use one of the following methods to add a cluster in such scenarios:
Use CEN to connect the corresponding VPCs
Connect the VPCs where the cluster and the ASM instance reside by referring to Use an Enterprise Edition transit router to establish and secure network communication. Then, add the cluster to the ASM instance by referring to Procedure.
Use PrivateLink to connect the corresponding VPCs
For more information, see Use PrivateLink to manage network connectivity between a control plane and a data-plane cluster across VPCs.
Connect the corresponding VPCs over Internet
Make sure that Internet access is enabled for the ACK cluster. Enable Internet access for the control plane of the ASM instance by referring to Associate an EIP with or disassociate an EIP from the control plane of an ASM instance. Then, add the cluster to the ASM instance by referring to Procedure.
References
For more information about how to add an ACK cluster to an ASM instance by calling an API operation, see AddClusterIntoServiceMesh.
For more information about how to deploy an ASM ingress gateway in a Kubernetes cluster to act as a single entry point for accessing your applications over the Internet or an internal network, see Create an ingress gateway.
For more information about how to distribute traffic to different versions of a service based on a specified ratio, such as canary release and A/B testing, see Use Istio resources to route traffic to different versions of a service.
For more information about the call relationships and traffic flows among apps, services, and application versions, see Use Mesh Topology to view the topology of an application.