To use Service Mesh (ASM), you must first create an ASM instance. ASM allows you to perform operations such as traffic management, security management, fault recovery, observation, and monitoring on applications. This topic describes how to create an ASM instance in the ASM console.
Prerequisites
The following services are activated:
The permissions of the following roles are obtained. For more information, see Grant permissions to RAM users and RAM roles.
AliyunServiceMeshDefaultRole
AliyunCSClusterRole
AliyunCSManagedKubernetesRole
Configuration descriptions
When you create an ASM instance, ASM may perform the following operations based on your settings:Service Mesh
Creates a security group to allow all Internet Control Message Protocol (ICMP) ports to accept inbound traffic to a virtual private cloud (VPC).
NoteAn existing security group cannot be reused. A security group cannot be modified after it is created.
Adds route entries to the route table of the VPC.
Creates an Elastic IP Address (EIP).
Creates a RAM role and policies, and attaches the policies to the RAM role to grant full permissions on Classic Load Balancer (CLB), CloudMonitor, VPC, and Simple Log Service. The RAM role allows Service Mesh to dynamically create CLB instances and add route entries to the route table of the VPC based on your settings.
Creates an internal-facing CLB instance and exposes ports 6443 and 15011.
Collects the logs of managed components to ensure stability when you use the Service Mesh instance.
Procedure
Log on to the ASM console. In the left-side navigation pane, choose .
On the Mesh Management page, click Create ASM Instance. Then, configure related information.
Basic information and network configurations of the instance
NoteIn the preceding example, an instance of Enterprise Edition is selected. Select the instance edition based on your business requirements. For more information about the features of different ASM editions, see What is ASM?
You can select and use an existing VPC and vSwitch. Alternatively, you can click Create VPC to create a VPC and click Create vSwitch to create a vSwitch. For more information, see Create and manage a VPC and Create and manage a vSwitch.
You can create ASM instances of only V1.21 and V1.22. If you need to create ASM instances of other versions, submit a ticket.
API server and optional configurations
NoteSelect Use EIP to expose API Server based on your business requirements.
You can enable either Ambient Mesh Mode or ACMG Mode.
It takes about 2 to 3 minutes to create an ASM instance.
Related operations
After an ASM instance is created, you can view the instance in the instance list on the Mesh Management page. In the Actions column of the instance list, you can also perform the following operations:
Operation | Description |
View the information about an ASM instance | Find the desired ASM instance and click Manage in the Actions column. On the Base Information page, view the details of the ASM instance. By default, the system creates five namespaces for a new ASM instance. Only the istio-system and default namespaces are displayed in the ASM console. You can use kubectl to query and manage all namespaces, including istio-system, kube-node-lease, kube-public, kube-system, and default. |
Modify the information about an ASM instance |
|
Change the specifications of an ASM instance | Find the desired ASM instance and click Specification change in the Actions column. For more information, see Change the edition of an ASM instance. |
View logs of an ASM instance | Find the desired ASM instance and click Log in the Actions column. For more information, see Log Analysis. |
Delete an ASM instance | Find the desired ASM instance, click the More icon in the Actions column and then select Delete. In the Delete ASM Instance dialog box, read the Deletion Notice carefully, select the resources that you want to retain, and then click OK. |
Exercise caution when you perform delete operations:
After you delete an ASM instance, you cannot use the Service Mesh features of the instance.
After you delete the CLB instance that is used to expose the API server, you cannot perform operations on the clusters managed by the Service Mesh instance and related configurations.
After you delete the CLB instance that is used by Istio Pilot, you cannot perform operations on the Service Mesh instance and related configurations.