Alibaba Cloud Service Mesh (ASM) allows you to manage applications in external Kubernetes clusters that are registered in the Container Service console.
- An external Kubernetes cluster that can access the Internet is registered in the Container Service console. For more information, see Create a cluster registration proxy and register an on-premises cluster.
- ASM is activated. For more information, see Create an ASM instance.
- Log on to the ASM console.
- In the left-side navigation pane, choose .
- On the Mesh Management page, click Create ASM Instance.
- In the Create ASM Instance panel, enter an instance name, and select a region, a virtual private cloud (VPC),
and a vSwitch. Note
- Select the region where the registered external Kubernetes cluster resides or a region that is nearest to the cluster.
- Select the VPC where the registered external Kubernetes cluster resides.
- Select a vSwitch from the vSwitch drop-down list as required. If no vSwitch is available, click Create vSwitch to create one. For more information, see Work with vSwitches.
- Specify whether to allow Internet access to the API server. Note An ASM instance runs on Kubernetes runtime. You can use the API server to define various mesh resources, such as virtual services, destination rules, and Istio gateways.
- If you allow Internet access to the API server, an elastic IP address (EIP) is created and bound to a Server Load Balancer (SLB) instance on the private network. Port 6443 of the API server is exposed. You can use the kubeconfig file of the cluster to connect to and manage the registered cluster to define mesh resources over the Internet.
- If you do not allow Internet access to the API server, no EIP is created. You can use the kubeconfig file to connect to and manage the registered cluster to define mesh resource only through the VPC where the cluster resides.
- Select Expose Istio Pilot in the Internet Access section. Note If you do not select Expose Istio Pilot, the pod in the registered external cluster cannot connect to Istio Pilot, and applications in the pod cannot work as expected.
- Keep the default settings for other parameters. Click OK to create the ASM instance. Note It takes 2 to 3 minutes to create an ASM instance.
- On the Mesh Management page, find the ASM instance that you want to configure. Click the name of the ASM instance or click Manage in the Actions column of the ASM instance.
- On the details page of the ASM instance, choose Add. in the left-side navigation pane. On the Kubernetes Clusters page, click
- In the Add Cluster panel, select an external cluster as required and click OK. Note After you add a cluster to an ASM instance, the status of the ASM instance becomes Updating. Wait a few seconds and click Refresh in the upper-right corner. If the cluster is added to the instance, the status of the instance will become Running. The waiting duration may vary with the network speed. On the Kubernetes Clusters page, you can view the information about the added cluster.
- On the details page of the ASM instance, click ASM Gateways in the left-side navigation pane. On the ASM Gateways page, click Deploy Default Ingress Gateway.
- In the Deploy Ingress Gateway panel, set the parameters as required.
- Select the cluster where you want to deploy an ingress gateway service from the Cluster drop-down list.
- Select Internet Access or Internal Access for the SLB Instance Type parameter. Note Different external clusters may support different types of SLB instances. For example, specific external clusters do not support internal SLB instances. Select the SLB instance type as required. If the registered external cluster does not support SLB instances, select Internet Access for SLB Instance Type. After the ingress gateway service is defined, edit the YAML file of the ingress gateway service to specify the service type, such as Nodeport or ClusterIP.
You can only create SLB instances instead of using existing ones for external clusters.
- Configure port mappings. Note
- We recommend that you use the same port for the container and the service in a mapping and enable the port on the Istio gateway.
- ASM provides four default ports that are commonly used by Istio. You can keep or delete the default ports, or add new ports as required.
- Click OK to deploy the ingress gateway service. After you deploy the ingress gateway service, log on to the external cluster to view the details of the ingress gateway service.
Deploy applications in the external cluster
Deploy applications in the external cluster by running commands on the kubectl client or using the external cluster console. For more information, see Deploy an application in an ASM instance.
Define Istio resources
Define Istio resources in the ASM console. For more information, see Define Istio resources.