Service Mesh (ASM) allows you to perform an in-place update or implement a canary release to update an ASM instance in the console. This topic describes how to update an ASM instance and provides the related usage notes.
Log on to the ASM console.
In the left-side navigation pane, choose .
On the Mesh Management page, find the ASM instance that you want to configure. Click the name of the ASM instance or click Manage in the Actions column.
On the details page of the ASM instance, choose in the left-side navigation pane.
If the canary release feature is disabled, click Version Upgrade on the Upgrade Management page to update the ASM instance.
If the Version Upgrade button is dimmed, the ASM instance is of the latest version. No update is required.
If the canary release feature is enabled, you can update the ASM instance on the In-place Upgrades tab or the Canary Upgrade tab on the Upgrade Management page.
Usage notes of canary release
ASM releases new versions every quarter to keep pace with the versions of open source Istio and regularly releases patches to remove bugs and address security vulnerabilities. To reduce the frequency and risks of version updates, ASM provides the canary release feature that allows you to update your ASM instance across minor versions. A canary release allows you to verify a new version before the update. After you verify that the features of the new version work as expected, you can switch to the new version. This is different from an in-place update and serves as a more secure update option for your business.
Instance editions and versions
Your ASM instance must be of Enterprise Edition or Ultimate Edition and its version is V1.16.4 or later.
The version of an ASM instance is in the following format: <major>.<minor>.<patch>.<asm-patch>[-<sequence>-aliyun]. Example: v184.108.40.206-g164bbdd7-aliyun (Enterprise Edition). The following list describes the fields in the format:
Inject a sidecar proxy and verify the canary release version
After you enable the canary release feature for your ASM instance, two versions of the ASM instance exist on the control plane at the same time. For example, if you update an ASM instance from V220.127.116.11 to V1.13.4.x by implementing a canary release, both V1.12.4 and V1.13.4.x are available for the ASM instance on the control plane at the same time.
For a business service deployed in a Container Service for Kubernetes (ACK) or Serverless Kubernetes (ASK) cluster, you can add a sidecar proxy injection label to the namespace to which the business service belongs. By default, the
istio-injection=enabled label is used to enable sidecar proxy injection. The system injects the sidecar proxy into the namespace based on the version of the ASM instance.
The following information describes the version of the sidecar proxy to be injected into a namespace based on the label that you add to the namespace if two versions of an ASM instance exist at the same time.
If you add the
istio-injection=enabledlabel to the namespace, the sidecar proxy to be injected is of the version that corresponds to the current version of the ASM instance. The sidecar proxy is connected to the Istio control plane of the ASM instance.
If you add the
istio.io/rev=$revisionlabel to the namespace, you must set the revision variable to specify the version of the sidecar proxy to be injected. The format of the
If you add the
istio.io/rev=stablelabel to the namespace, the sidecar proxy to be injected is of the version that corresponds to the current version of the ASM instance.
You cannot add both the
istio.io/rev labels to a namespace at the same time.
Canary release version
If you want to inject a sidecar proxy that corresponds to the canary release version into the namespace of a business service, you can add the
istio.io/rev=canary label to the namespace. The revision variable indicates the version of the sidecar proxy, and the format of the
revision variable is
1-13-4. We recommend that you use the
The following example shows how to inject a sidecar proxy that corresponds to the canary release version:
Create a namespace in the relevant ACK cluster, such as a namespace named canary. The namespace is used to verify the canary release version.
kubectl label ns canary istio.io/rev=1-13-4label to the canary namespace.
Deploy a business service that is used to verify the canary release version in the canary namespace. In this example, the sidecar proxy of V1.13.4 is injected into the Deployment of the business service, and the Deployment is connected to the Istio control plane of V1.13.4.
When I switch a canary release version to an official version, the sidecar proxy injected into the previously deployed business service is of the previous version. How do I update the version of the sidecar proxy?
On the Upgrade Management page, click the Canary Upgrade tab, and then click the Data plane tab. In the Workload to be upgraded section, find the workload that you want to update and click Rolling Upgrade in the Actions column to enable rolling updates for the business service.