Alibaba Cloud Service Mesh (ASM) manages applications across any Kubernetes cluster, regardless of where the cluster runs. Import a kubeconfig file into your ASM instance to add an external cluster and extend mesh capabilities -- such as traffic management and observability -- across cluster boundaries.
Prerequisites
Before you begin, make sure that you have:
An ASM instance running version 1.22 or later. To create one, see Create an ASM instance
Public network access enabled for the ASM control plane. To enable it, see Attach or detach an EIP for the ASM control plane
A Kubernetes cluster with public network access capability
A kubeconfig file that meets the following conditions:
Requirement Description Public endpoint The kubeconfig contains a public network access address, not an internal or VPC-only endpoint Administrator permissions The kubeconfig grants cluster administrator permissions for the target Kubernetes cluster
Add the cluster
Log on to the ASM console.
In the left-side navigation pane, choose Service Mesh > Mesh Management.
On the Mesh Management page, click the name of the target ASM instance.
In the left-side navigation pane, choose Cluster & Workload Management > Kubernetes Clusters.
Click Add.
On the Add Kubernetes Cluster page, click the Add Kubernetes Cluster by Using Kubeconfig tab.
Configure the following parameters:
Parameter Description Name A name for the cluster Cluster Kubeconfig The kubeconfig content with administrator permissions Click OK.
In the confirmation dialog box, click OK.
Verify the result
After you add the cluster, the ASM instance enters the Updating state. The update typically takes a few seconds, depending on the number of clusters in the mesh.
In the left-side navigation pane, click Basic Information.
Confirm that the Status of the ASM instance changes to Running. Click Refresh in the upper-right corner if the status has not updated.
In the left-side navigation pane, choose Cluster & Workload Management > Kubernetes Clusters and confirm that the imported cluster appears in the list.
Limitations for imported clusters
When you add a cluster by importing kubeconfig, certain ASM console features are unavailable. The following table lists these limitations and their workarounds.
Features with CRD workarounds
| Feature | Limitation | Workaround |
|---|---|---|
| LoadBalancer ingress gateways | Cannot create LoadBalancer type ingress gateways through the ASM console | Use the ASM Gateway Custom Resource Definition (CRD). The target Kubernetes cluster must support LoadBalancer type Services. See ASM Gateway CRD Description |
| Traffic lanes | Cannot configure traffic lanes through the ASM console | Use the ASM SwimLaneGroup and ASM SwimLane CRDs. See ASM SwimLaneGroup and ASM SwimLane CRD Description |
| Workload-level plug-in binding | Cannot bind plug-ins to specific workloads in the plug-in center | Use the EnvoyFilterTemplate CRD. See EnvoyFilterTemplate and EnvoyFilterTemplateBinding CRD Description |
Observability limitations
| Feature | Limitation | Workaround |
|---|---|---|
| Log collection | Gateway and mesh proxy logs cannot be collected to Simple Log Service (SLS) | Collect the standard output of the istio-proxy container with your own log collection solution |
| Metrics collection | Monitoring metrics cannot be collected to Managed Service for Prometheus | Use a self-managed Prometheus instance. See Integrate self-built Prometheus for mesh monitoring |
Unavailable console features
The following ASM console features are not supported for clusters imported by kubeconfig:
Service discovery selectors
ASM CNI Plug-in
Kubernetes Service Management
Sync Sidecar Auto-Injection from Kubernetes Cluster
Sync Automatic Sidecar Injection to Kubernetes Cluster and Enable/Disable Automatic Sidecar Proxy Injection work normally for imported clusters.