All Products
Search
Document Center

Alibaba Cloud Service Mesh:Update an ASM instance

Last Updated:Sep 15, 2023

Service Mesh (ASM) allows you to perform an in-place update or implement a canary release to update an ASM instance in the console. This topic describes how to update an ASM instance and provides the related usage notes.

Procedure

  1. Log on to the ASM console.

  2. In the left-side navigation pane, choose Service Mesh > Mesh Management.

  3. On the Mesh Management page, find the ASM instance that you want to configure. Click the name of the ASM instance or click Manage in the Actions column.

  4. On the details page of the ASM instance, choose ASM Instance > Upgrade Management in the left-side navigation pane.

    • If the canary release feature is disabled, click Version Upgrade on the Upgrade Management page to update the ASM instance.

      If the Version Upgrade button is dimmed, the ASM instance is of the latest version. No update is required.

    • If the canary release feature is enabled, you can update the ASM instance on the In-place Upgrades tab or the Canary Upgrade tab on the Upgrade Management page.

Usage notes of canary release

ASM releases new versions every quarter to keep pace with the versions of open source Istio and regularly releases patches to remove bugs and address security vulnerabilities. To reduce the frequency and risks of version updates, ASM provides the canary release feature that allows you to update your ASM instance across minor versions. A canary release allows you to verify a new version before the update. After you verify that the features of the new version work as expected, you can switch to the new version. This is different from an in-place update and serves as a more secure update option for your business.

Item

Description

Instance editions and versions

Your ASM instance must be of Enterprise Edition or Ultimate Edition and its version is V1.16.4 or later.

Scenarios

  • When you update an ASM instance, you can skip the subsequent minor version. For example, you can directly update an ASM instance from V1.12.4 to V1.14.5.

  • You can update your ASM instance from one minor version to another to use updated or new features. For example, you can update an ASM instance from V1.12.4 to V1.13.4 or V1.14.5. You can skip at most one minor version.

    Note

    If ASM releases a revision version, we recommend that you perform an in-place update of your ASM instance.

Version formats

The version of an ASM instance is in the following format: <major>.<minor>.<patch>.<asm-patch>[-<sequence>-aliyun]. Example: v1.13.4.37-g164bbdd7-aliyun (Enterprise Edition). The following list describes the fields in the format:

  • major: the major version.

  • minor: the minor version.

  • patch: the revision version of the open source Istio.

  • <major>.<minor>.<patch>: the version of the open source Istio. Example: 1.13.4.

  • asm-patch: the revision version released by ASM based on the open source version. For example, in the version number of 1.13.4.37, 37 indicates the revision version released by ASM.

  • sequence: the git commit command used for the code of the version.

Inject a sidecar proxy and verify the canary release version

After you enable the canary release feature for your ASM instance, two versions of the ASM instance exist on the control plane at the same time. For example, if you update an ASM instance from V1.12.4.58 to V1.13.4.x by implementing a canary release, both V1.12.4 and V1.13.4.x are available for the ASM instance on the control plane at the same time.

For a business service deployed in a Container Service for Kubernetes (ACK) or Serverless Kubernetes (ASK) cluster, you can add a sidecar proxy injection label to the namespace to which the business service belongs. By default, the istio-injection=enabled label is used to enable sidecar proxy injection. The system injects the sidecar proxy into the namespace based on the version of the ASM instance.

The following information describes the version of the sidecar proxy to be injected into a namespace based on the label that you add to the namespace if two versions of an ASM instance exist at the same time.

Current version

  • If you add the istio-injection=enabled label to the namespace, the sidecar proxy to be injected is of the version that corresponds to the current version of the ASM instance. The sidecar proxy is connected to the Istio control plane of the ASM instance.

  • If you add the istio.io/rev=$revision label to the namespace, you must set the revision variable to specify the version of the sidecar proxy to be injected. The format of the revision variable is x-y-z. Example: 1-12-4.

  • If you add the istio.io/rev=stable label to the namespace, the sidecar proxy to be injected is of the version that corresponds to the current version of the ASM instance.

Important

You cannot add both the istio-injection and istio.io/rev labels to a namespace at the same time.

当前版本

Canary release version

If you want to inject a sidecar proxy that corresponds to the canary release version into the namespace of a business service, you can add the istio.io/rev=$revision or istio.io/rev=canary label to the namespace. The revision variable indicates the version of the sidecar proxy, and the format of the revision variable is x-y-z. Example: 1-13-4. We recommend that you use the istio.io/rev=$revision label.

The following example shows how to inject a sidecar proxy that corresponds to the canary release version:

  1. Create a namespace in the relevant ACK cluster, such as a namespace named canary. The namespace is used to verify the canary release version.

  2. Add the kubectl label ns canary istio.io/rev=1-13-4 label to the canary namespace.

  3. Deploy a business service that is used to verify the canary release version in the canary namespace. In this example, the sidecar proxy of V1.13.4 is injected into the Deployment of the business service, and the Deployment is connected to the Istio control plane of V1.13.4.

金丝雀版本

FAQ

When I switch a canary release version to an official version, the sidecar proxy injected into the previously deployed business service is of the previous version. How do I update the version of the sidecar proxy?

On the Upgrade Management page, click the Canary Upgrade tab, and then click the Data plane tab. In the Workload to be upgraded section, find the workload that you want to update and click Rolling Upgrade in the Actions column to enable rolling updates for the business service.