When you run services across one or more Kubernetes clusters, adding those clusters to a Service Mesh (ASM) instance lets ASM manage service-to-service communication, traffic routing, and observability from a single control plane.
Adding a cluster connects its data plane to the ASM control plane. The workflow depends on network connectivity between the cluster and the ASM instance:
Confirm that the ASM instance and the Kubernetes cluster exist.
Determine whether the cluster and the ASM instance can communicate over a shared or interconnected Virtual Private Cloud (VPC).
If not, establish connectivity first.
Add the cluster through the ASM console.
Verify that the ASM instance returns to Running status.
Prerequisites
Before you begin, make sure that you have:
An ASM instance. See Create an ASM instance
A Container Service for Kubernetes (ACK) cluster or Container Compute Service (ACS) cluster. Supported types:
Network reachability from the proxy container in the cluster to Istio Pilot on the ASM instance. If Istio Pilot does not allow Internet access, the cluster must connect to the ASM instance through a shared or interconnected VPC. See Network connectivity options
Network connectivity options
For the simplest setup, place the cluster and the ASM instance in the same VPC.
A VPC-connected cluster meets either of the following conditions:
The cluster is in the same VPC as the ASM control plane.
The cluster is in a different VPC, but the VPCs are interconnected through Cloud Enterprise Network (CEN) or another method.
If the cluster is already VPC-connected, skip to Add a VPC-connected cluster.
If the cluster and the ASM instance are not VPC-connected, establish connectivity first using one of the following methods.
| Method | How it works | When to use |
|---|---|---|
| CEN (recommended) | Connect the VPCs through an Enterprise Edition transit router. | Clusters in different VPCs or regions. Production workloads that need low-latency private connectivity. |
| PrivateLink | Create a private endpoint connection between the ASM control plane and the cluster VPC. | Cross-VPC connectivity with fine-grained access control. No need to modify route tables. |
| Internet | Associate an Elastic IP Address (EIP) with the ASM control plane and enable Internet access on the ACK cluster. | Testing or development environments where private connectivity is not required. |
Connect VPCs through CEN
Connect the VPCs where the cluster and the ASM instance reside through an Enterprise Edition transit router. See Use an Enterprise Edition transit router to establish and secure network communication. For a multi-cluster setup across regions, see Implement cross-region disaster recovery and load balancing by using multiple clusters.
After the VPCs are connected, follow the steps in Add a VPC-connected cluster.
Connect VPCs through PrivateLink
Create a private endpoint connection between the ASM control plane and the data-plane cluster. See Use PrivateLink to manage network connectivity between a control plane and a data-plane cluster across VPCs.
Connect over the Internet
Enable Internet access for the ACK cluster.
Associate an EIP with the ASM control plane. See Associate an EIP with or disassociate an EIP from the control plane of an ASM instance.
After connectivity is established, follow the steps in Add a VPC-connected cluster.
Add a VPC-connected cluster
Log on to the ASM console.
In the left-side navigation pane, choose Service Mesh > Mesh Management.
On the Mesh Management page, click the name of the target ASM instance.
In the left-side navigation pane, choose Cluster & Workload Management > Kubernetes Clusters.
Click Add.
On the Add Kubernetes Cluster page, select the cluster to add and click OK.
NoteTo show only clusters in the same VPC as the ASM instance, select Filter out Kubernetes clusters that are in the same VPC as the ASM instance.
In the Note message, click OK.
Verify the result
After you add the cluster, go to the ASM Instance > Base Information page. The Status changes to Updating.
Wait a moment, then click Refresh in the upper-right corner. The wait time varies depending on the number of clusters being added.
Confirm that the Status changes to Running. The cluster is now part of the mesh.
To view details about the added cluster, go to the Kubernetes Clusters page.
Remove a cluster from an ASM instance
After you remove a cluster, ASM no longer manages services in that cluster. Existing mesh configurations for the cluster stop working immediately.
In the left-side navigation pane, choose Cluster & Workload Management > Kubernetes Clusters.
Select the cluster to remove and click Remove.
In the Submit dialog box, click OK.
What to do next
Create an ingress gateway -- Deploy an ingress gateway in the cluster to expose services over the Internet or an internal network.
Route traffic to different service versions -- Set up canary releases or A/B testing by distributing traffic across service versions.
View application topology -- Use Mesh Topology to visualize call relationships and traffic flows among services.
API reference
To add a cluster programmatically, call the AddClusterIntoServiceMesh API operation.