Alibaba Cloud Service Mesh:Manage applications in ACK edge clusters - Alibaba Cloud Service Mesh

When you run containerized applications on Container Service for Kubernetes (ACK) edge clusters, you need centralized control over traffic routing and cross-cluster observability. Service Mesh (ASM) extends Istio-based traffic management to edge environments, giving you canary releases, traffic splitting, and end-to-end visibility.

Prerequisites

Before you begin, ensure that you have:

An ACK edge cluster. For more information, see Create an ACK Edge cluster in the console
An activated ASM service. To activate ASM, go to the ASM console
A submitted ticket to apply for permission to add the ACK edge cluster to the ASM instance

Setup workflow

The end-to-end setup involves the following steps:

Create an ASM instance
Add the ACK edge cluster to the ASM instance
Create an ingress gateway
Deploy applications with sidecar injection
(Optional) Define Istio resources for traffic routing

Step 1: Create an ASM instance

Log on to the ASM console. In the left-side navigation pane, choose Service Mesh > Mesh Management.
On the Mesh Management page, click Create ASM Instance.

On the Create Service Mesh page, configure the parameters described in the following table, read and agree to Service Agreement, and then click Create Service Mesh. For a full list of parameters, see Create an ASM instance.

Parameter	Description
Region	Select a region close to where the ACK edge cluster resides.
Istio Version	Select 1.14 or later.
VPC	Select the virtual private cloud (VPC) in which the ACK edge cluster resides. A Classic Load Balancer (CLB) instance is associated with Istio Pilot on the control plane. The data plane VPC must be connected to the VPC that hosts the CLB instance. For more information, see Cloud Enterprise Network.
vSwitch	Select a vSwitch. To create one, click Create vSwitch. For more information, see Create and manage a vSwitch.
API Server access	Select a CLB instance specification for the API server. The ASM instance runs on Kubernetes, and the API server defines mesh resources such as virtual services, destination rules, and Istio gateways. An internal-facing CLB instance is created with the specification you select. Select or clear Use EIP to expose API Server: - Selected: An Elastic IP Address (EIP) is created and associated with the internal-facing CLB instance. Port 6443 is exposed for Internet access via the kubeconfig file. - Cleared: No EIP is created. Access is restricted to the VPC in which the cluster resides.

Note

It takes 2 to 3 minutes to create an ASM instance.

Step 2: Add the ACK edge cluster to the ASM instance

On the Mesh Management page, find the target ASM instance. Click the instance name or click Manage in the Actions column.
In the left-side navigation pane, choose Cluster & Workload Management > Kubernetes Clusters. On the page that appears, click Add.
On the Add Kubernetes Cluster page, select Filter out Kubernetes clusters that are in the same VPC as the ASM instance, select the ACK edge cluster, and then click OK.

Note

After you add the cluster, the ASM instance status changes to Updating. Wait a few seconds and click the refresh icon in the upper-right corner. When the cluster is successfully added, the status changes to Running. The wait time varies based on the network condition of the ACK edge cluster. View the added cluster on the Kubernetes Clusters page.

Step 3: Create an ingress gateway

An ingress gateway serves as the single entry point for Internet or internal network traffic to applications running in the edge cluster.

On the ASM instance details page, choose ASM Gateways > Ingress Gateway in the left-side navigation pane.

On the Ingress Gateway page, click Create, configure the parameters described in the following table, and then click Create. For a full list of parameters, see Create an ingress gateway.

Parameter	Description
Cluster	Select the ACK edge cluster in which to deploy the ingress gateway.
CLB Instance Type	Select Internet Access or Private Access. Then select Create a CLB Instance or Use Existing CLB Instance.
Port Mapping	Specify the ports to expose. The port value corresponds to the `port` field in the service YAML file. We recommend that you set the `targetPort` field to the same value as the `port` field in each mapping. ASM provides two default ports commonly used by Istio. Keep or delete the defaults and add new ports as needed.

After the ingress gateway is created, log on to the ACK edge cluster to verify the deployment.

Step 4: Deploy applications

Enable automatic sidecar proxy injection. For more information, see Manage global namespaces and Configure sidecar proxy injection policies.
Deploy applications in the ACK edge cluster by using kubectl or the ACK console. For more information, see Deploy an application in an ACK cluster that is added to an ASM instance.

Step 5 (optional): Define Istio resources

After applications are deployed, define Istio resources to control traffic routing between service versions. For more information, see Use Istio resources to route traffic to different versions of a service.

What's next

Traffic routing: Route traffic to different service versions by ratio for canary releases and A/B testing. For more information, see Use Istio resources to route traffic to different versions of a service.
Ingress gateway: Deploy an ASM ingress gateway as the entry point for Internet or internal network access to applications. For more information, see Create an ingress gateway.
Mesh topology: View call relationships and traffic flows among applications, services, and service versions. For more information, see Enable Mesh Topology to improve observability.