All Products
Search

This Product

    Alibaba Cloud Service Mesh:Manage applications in a registered Kubernetes cluster by using ASM

    Document Center

    Alibaba Cloud Service Mesh:Manage applications in a registered Kubernetes cluster by using ASM

    Last Updated:May 30, 2025

    You can connect a Kubernetes cluster that is deployed in a data center or on a third-party cloud to a registered Kubernetes cluster and manage applications in the registered Kubernetes cluster by using Service Mesh (ASM). This topic describes how to manage applications in a registered Kubernetes cluster by using ASM.

    Prerequisites

    • ASM is activated. For more information, see What is ASM? and Billing rules.

    • An external cluster is connected to a registered Kubernetes cluster. For more information, see Create a registered cluster in the ACK console.

      The network used by the registered Kubernetes cluster on the data plane can communicate with the virtual private cloud (VPC) in which your ASM instance resides. The bandwidth meets the requirements. Therefore, the configurations of the cluster in which your ASM instance resides can be synchronized to the sidecar proxies in real time.

    Procedure

    1. Create an ASM instance.

      1. Log on to the ASM console. In the left-side navigation pane, choose Service Mesh > Mesh Management.

      2. On the Mesh Management page, click Create ASM Instance, configure parameters as required, read Service Agreement, and then click Create Service Mesh.

        The following table lists the main configuration items.

        Configuration item

        Description

        Region

        Select a region that is closer to the region where the registered cluster resides.

        VPC

        Select the VPC in which the registered Kubernetes cluster resides.

        vSwitch

        Select a vSwitch from the vSwitch list. You can also click Create VSwitch to create one.

        API Server access

        Select or clear Use EIP to expose API Server. An ASM instance runs on Kubernetes runtime. You can use the API server to define a variety of mesh resources, such as virtual services, destination rules, and Istio gateways.

        • If you enable this option: An EIP is created and attached to a private CLB. Port 6443 of the API server is exposed. You can use KubeConfig to connect to and operate the cluster over the Internet to define mesh resources.

        • If you clear Use EIP to expose API Server, no EIP is created. You can use the kubeconfig file of a cluster to connect to and manage the cluster to define mesh resources only over the VPC in which the cluster resides.

        Note

        • To use a public address to expose Istio Pilot, submit a ticket.

        • It takes 2 to 3 minutes to create an ASM instance.

    2. Add the registered cluster to the ASM instance.

    3. Create an ingress gateway.

      The following table lists the main configuration items.

      Configuration item

      Description

      Cluster

      Select the registered Kubernetes cluster in which you want to deploy an ingress gateway.

      CLB Instance Type

      Different registered clusters may support different types of load balancing. Select Internet Access or Private Access as needed. If the service does not support load balancing types, you can first select Internet Access. After the ingress gateway is created, modify the corresponding YAML content to respecify the service type, such as Nodeport or ClusterIP type.

      Create a CLB Instance

      You can select only Create a CLB Instance.

      Port Mapping

      The default container port in the ASM console is the same as the service port. If you use a YAML file to create an ingress gateway, keep the container port consistent with the service port.

    4. Deploy applications to the registered cluster.

      You can deploy applications to the registered cluster by using the kubectl command line or through the console.

    5. Define Istio resources.