All Products
Search

This Product

    Alibaba Cloud Service Mesh:Migrate traffic from a self-managed Istio ingress gateway to an ASM ingress gateway

    Document Center

    Alibaba Cloud Service Mesh:Migrate traffic from a self-managed Istio ingress gateway to an ASM ingress gateway

    Last Updated:Dec 28, 2023

    This topic describes how to migrate traffic from a self-managed Istio ingress gateway to a Service Mesh (ASM) ingress gateway.

    Traffic flow of the migration solution

    迁移方案

    Step 1: Create an ingress gateway for the ASM instance

    For more information, see Create an ingress gateway.

    When you create an ASM ingress gateway, take note of the following points:

    • The name of the ASM ingress gateway must be different from the existing Istio ingress gateway. You can add the -asm suffix to the name of the ASM ingress gateway to distinguish the ASM ingress gateway from the existing Istio ingress gateway. For example, you can name the ASM ingress gateway ingressgateway-asm.

    • In Step 3 of the Create an ingress gateway topic, set the Cluster parameter to the Kubernetes cluster where the source Istio ingress gateway resides.

    • Change the Domain Name System (DNS) record of the domain name to the IP address of the ASM ingress gateway. If you cannot change the DNS record of the domain name, you can gradually migrate the traffic by adjusting the weights of source and destination ingress gateways. In this case, the ASM ingress gateway must reuse the Classic Load Balancer (CLB) instance that is associated with the source Istio ingress gateway. As shown in the preceding figure, the ASM ingress gateway reuses the CLB instance that is associated with the source Istio ingress gateway.

      Note

      For more information about the reuse of the CLB instances that are created by using the LoadBalancer service type, see FAQ in this topic.

    Expand to view notes on the reuse of the CLB instance

    When you use the YAML file of the Istio gateway to create an ASM ingress gateway, take note of the following points if you need to reuse an existing CLB instance:

    • Edit the configurations related to the CLB instance for the serviceAnnotations parameter in the YAML file.

    • service.beta.kubernetes.io/alibaba-cloud-loadbalancer-id: specifies the CLB instance that you want to reuse. The CLB instance is associated with the source Istio ingress gateway.

    • service.beta.kubernetes.io/alibaba-cloud-loadbalancer-force-override-listeners: specifies whether to overwrite the existing listeners of the CLB instance. Set the value to false.

    • service.beta.kubernetes.io/alibaba-cloud-loadbalancer-vgroup-port: specifies the vServer groups of the CLB instance that you want to reuse. Separate multiple ports and vServer groups with commas (,). Example: "${YOUR_VGROUP_ID_1}:80, ${YOUR_VGROUP_ID_2}:443".

    • service.beta.kubernetes.io/alibaba-cloud-loadbalancer-weight: specifies the weight of the ASM ingress gateway. You can adjust the weight based on your business requirements. You can set the weight to 0 when no routing rule has been configured for the ASM ingress gateway or exceptions occur. When you set the weight to 0, the CLB instance does not forward traffic to the ASM ingress gateway.

    Sample configurations of service annotations:

    serviceAnnotations:
  service.beta.kubernetes.io/alibaba-cloud-loadbalancer-id: "lb-xxxxx"  //Replace lb-xxxxx with the ID of the CLB instance that you created in the CLB console. 
  service.beta.kubernetes.io/alibaba-cloud-loadbalancer-force-override-listeners: 'false'  //Set the value to false because existing CLB listeners are overwritten by default on the Istio gateway. 
  service.beta.kubernetes.io/alibaba-cloud-loadbalancer-vgroup-port: "${YOUR_VGROUP_ID}:80"   //Replace ${YOUR_VGROUP_ID} with the ID of the vServer group of the CLB instance. 
  service.beta.kubernetes.io/alibaba-cloud-loadbalancer-weight: "60" //If you set the weight to 0, the ASM ingress gateway no longer receives traffic.

    Step 2: Migrate configurations

    • Change the value of selector.istio to the name of your ASM ingress gateway in the YAML file to migrate ingress gateway configurations. Sample YAML file:

      spec:
  selector:
    istio: ingressgateway-asm

    • Migrate other configurations such as VirtualService and DestinationRule configurations.

    Step 3: Migrate traffic

    Modify the service annotations to adjust the weights of source and destination ingress gateways. You can first set the weight of the ASM ingress gateway to a small value, such as 10, and check whether the traffic flow meets expectations. Then, gradually increase the weight until all the traffic is routed to the ASM ingress gateway.

    Methods of adjusting the weight:

    • To adjust the weight of the source Istio ingress gateway, edit the service.beta.kubernetes.io/alibaba-cloud-loadbalancer-weight annotation for the corresponding service.

    • To adjust the weight of the ASM ingress gateway, edit the service.beta.kubernetes.io/alibaba-cloud-loadbalancer-weight service annotation for the ASM ingress gateway.

    FAQ: If a CLB instance is automatically created when a Service is created for a self-managed Istio ingress gateway, how do I reuse the CLB instance for an ASM ingress gateway?

    1. Go to the CLB console and find the desired CLB instance. Delete the following two labels of the CLB instance: kubernetes.do.not.delete and ack.aliyun.com.

    2. Add the following annotations to the corresponding Service of the self-managed Istio ingress gateway:

    service.beta.kubernetes.io/alibaba-cloud-loadbalancer-force-override-listeners: "false"
service.beta.kubernetes.io/alibaba-cloud-loadbalancer-id: ${ID of the CLB instance}
service.beta.kubernetes.io/alibaba-cloud-loadbalancer-vgroup-port: ${ID of the vServer group}:${Port number}
service.beta.kubernetes.io/alibaba-cloud-loadbalancer-weight: "100"