Service Mesh (ASM) is a fully managed service mesh platform. ASM is compatible with open source Istio. ASM allows you to manage services in a simplified manner. For example, you can use ASM to route and split inter-service traffic, secure inter-service communication with authentication, and observe the behavior of services in meshes. This greatly reduces your workload in development and O&M.
Architecture
The following figure shows the architecture of ASM.
ASM integrates and manages all components on the Istio control plane to simplify your use of ASM. This way, you can focus on application development and deployment. In addition, ASM is compatible with open source Istio. You can use declarative parameters to define flexible routing rules and centrally manage traffic between services in a mesh.
An ASM instance with the managed control plane supports application services from multiple Kubernetes clusters or application services that run in Elastic Container Instance-based pods.
Key features
ASM builds managed and unified service mesh capabilities for hybrid cloud, multi-cloud, and multi-cluster scenarios. ASM provides the following benefits:
Centralized management mode
ASM manages application services that run in Container Service for Kubernetes (ACK) managed clusters, ACK dedicated clusters, ACK Serverless clusters, and registered clusters in hybrid cloud and multi-cloud environments in a centralized manner. This provides unified observability and traffic management for application services.
Centralized traffic management
ASM centrally manages the traffic in hybrid cloud, multi-cloud, and multi-cluster scenarios.
Managed core components of the control plane
ASM manages core components of the Istio control plane. This helps minimize your resource overhead and O&M costs.
The following table introduces the core features of ASM. For more information, see Features.
Feature | Description | References |
Full lifecycle management of ASM instances | ASM manages all components on the Istio control plane and allows you to deploy, upgrade, and delete ASM instances with a few clicks. This simplifies the use and O&M of ASM instances. | |
Management of applications in multiple types of clusters | ASM allows you to manage applications in ACK clusters, ACK Serverless clusters, edge clusters, and registered external Kubernetes clusters. | |
Unified ingress and egress gateways | ASM provides ingress and egress gateways to control inbound and outbound traffic and implement end-to-end encryption. | |
Multiple types of traffic management | ASM provides the following features for you to manage traffic: protocol-specific traffic management, end-to-end canary release, circuit breaking, local throttling, warm-up, and traffic shifting. | |
Non-intrusive zero trust security system | ASM provides an out-of-the-box zero trust security solution. This solution can be easily configured and provides features such as identity authentication, security certificate, policy implementation, and visual analytics. | |
Extensibility for custom logic | Multiple out-of-the-box extensions are provided in the plug-in marketplace, and custom Envoy filters are supported. | |
Perfect ecosystem integration | ASM allows you to use GitOps, Knative, and KServe to support serverless and AI services. |
Editions
ASM provides the following editions that support different features and capabilities: Standard Edition, Enterprise Edition, and Ultimate Edition. Compared with Standard Edition, Enterprise Edition and Ultimate Edition support more protocols, enhance dynamic extension capabilities, provide fine-grained service governance, and improve the zero trust security system. In addition, Enterprise Edition and Ultimate Edition enhance performance, provide better support for large-scale clusters, and simplify the use of Service Mesh instances in production environments. Enterprise Edition and Ultimate Edition are applicable to scenarios in which you require cross-language interoperability and fine-grained service governance and want to apply the service mesh technology in production environments on a large scale.
Edition | Description | |
Commercial editions | Enterprise Edition | This edition is applicable to scenarios in which the number of pods does not exceed 1,000. This edition provides enterprise-class capabilities and service level agreements (SLAs) are provided for this edition. |
Ultimate Edition | This edition is applicable to scenarios in which the number of pods does not exceed 10,000. This edition provides enterprise-class capabilities and SLAs are provided for this edition. | |
For more information about the features of Enterprise Edition and Ultimate Edition, see Features.
For more information about how to change the edition of an ASM instance, see Change the edition of an ASM instance.
For more information about the specifications of ASM instances, see Announcement on the launch of commercial editions.
Procedure
The following figure shows the overall procedure of deploying the Bookinfo application and viewing the topology of the application.
The following section describes the overall procedure:
Create an Alibaba Cloud account and activate ASM, Auto Scaling, Resource Access Management (RAM), and ACK. Obtain the following permissions. For more information, see Grant permissions to RAM users and RAM roles.
AliyunServiceMeshDefaultRole
AliyunCSClusterRole
AliyunCSManagedKubernetesRole
NoteYou are charged for Alibaba Cloud services that are used together with ASM instances. For more information, see Related Alibaba Cloud services.
Create an ASM instance and a Kubernetes cluster, and add the cluster to the ASM instance. For more information, see Getting started.
Deploy an ingress gateway and an application, route traffic to different versions of a service based on the specified ratio, and then use Mesh Topology to view the traffic flows and the communication between workloads. For more information, see Getting started.
View the bills incurred by ASM. For more information, see Billing rules.
Methods
You can use the following methods to create and manage your ASM instances:
Use the ASM console. The ASM console provides a web UI for you to access features. For more information, see Create an ASM instance.
Use ASM CLI. ASM CLI is integrated into Alibaba Cloud Command Line Interface (CLI). You can obtain the latest version of ASM CLI by downloading the unified aliyun-cli release package. For more information, see Install and use ASM CLI.
Billing
ASM provides the following editions that support different features and capabilities: Standard Edition, Enterprise Edition, and Ultimate Edition. Standard Edition is free of charge, and Enterprise Edition and Ultimate Edition are commercial editions. The billing methods vary depending on the edition. For more information about the billing of ASM, see Billing rules.
Related Alibaba Cloud services
Alibaba Cloud service | Required | Description | Billing rule |
Classic Load Balancer (CLB) | Yes | This service is used to access the Istio control plane and API server. For more information, see What is SLB? | |
Virtual Private Cloud (VPC) | Yes | This service is used to build a network environment and create routing rules for ASM instances. For more information, see What is a VPC? | |
Elastic IP Address (EIP) | No, but recommended | This service is used to expose the API server to the Internet. For more information, see What is an Elastic IP Address? | |
Managed Service for Prometheus | No, but recommended | This service is used to monitor ASM instances and generate alerts when exceptions are detected. For more information, see What is Managed Service for Prometheus? | |
Simple Log Service | No, but recommended | This service is used to collect access logs of ASM gateways and sidecar proxies in ASM instances. For more information, see What is Simple Log Service? |
References
Link | Description |
Istio is an open source service mesh that provides a uniform and more efficient way to connect, secure, control, and monitor services. Istio provides a comprehensive and non-intrusive microservices governance solution for you to handle issues related to cloud-native service management, network connection, and security management. ASM integrates and manages all components on the Istio control plane. ASM instances allow you to focus on application development and deployment without the need to maintain the Istio control plane. ASM instances are easy to use and provide high availability at low cost. |