All Products
Search
Document Center

Alibaba Cloud Service Mesh:Create an ASM instance

Last Updated:Oct 14, 2024

To use Service Mesh (ASM), you must first create an ASM instance. ASM allows you to perform operations such as traffic management, security management, fault recovery, observation, and monitoring on applications. This topic describes how to create an ASM instance in the ASM console.

Prerequisites

Configuration descriptions

When you create an ASM instance, ASM may perform the following operations based on your settings:Service Mesh

  • Creates a security group to allow all Internet Control Message Protocol (ICMP) ports to accept inbound traffic to a virtual private cloud (VPC).

    Note

    An existing security group cannot be reused. A security group cannot be modified after it is created.

  • Adds route entries to the route table of the VPC.

  • Creates an Elastic IP Address (EIP).

  • Creates a RAM role and policies, and attaches the policies to the RAM role to grant full permissions on Classic Load Balancer (CLB), CloudMonitor, VPC, and Simple Log Service. The RAM role allows Service Mesh to dynamically create CLB instances and add route entries to the route table of the VPC based on your settings.

  • Creates an internal-facing CLB instance and exposes ports 6443 and 15011.

  • Collects the logs of managed components to ensure stability when you use the Service Mesh instance.

Procedure

  1. Log on to the ASM console. In the left-side navigation pane, choose Service Mesh > Mesh Management.

  2. On the Mesh Management page, click Create ASM Instance. Then, configure related information.

    1. Basic information and network configurations of the instance

      image

      Note
      • In the preceding example, an instance of Enterprise Edition is selected. Select the instance edition based on your business requirements. For more information about the features of different ASM editions, see What is ASM?

      • You can select and use an existing VPC and vSwitch. Alternatively, you can click Create VPC to create a VPC and click Create vSwitch to create a vSwitch. For more information, see Create and manage a VPC and Create and manage a vSwitch.

      • You can create ASM instances of only V1.21 and V1.22. If you need to create ASM instances of other versions, submit a ticket.

    2. API server and optional configurations

      image

      Note
      • Select Use EIP to expose API Server based on your business requirements.

      • You can enable either Ambient Mesh Mode or ACMG Mode.

      • It takes about 2 to 3 minutes to create an ASM instance.

Related operations

After an ASM instance is created, you can view the instance in the instance list on the Mesh Management page. In the Actions column of the instance list, you can also perform the following operations:

Operation

Description

View the information about an ASM instance

Find the desired ASM instance and click Manage in the Actions column. On the Base Information page, view the details of the ASM instance.

By default, the system creates five namespaces for a new ASM instance. Only the istio-system and default namespaces are displayed in the ASM console. You can use kubectl to query and manage all namespaces, including istio-system, kube-node-lease, kube-public, kube-system, and default.

Modify the information about an ASM instance

  1. Find the desired ASM instance and click Manage in the Actions column.

  2. In the upper-right corner of the Base Information page, click Settings. In the Settings Update panel, modify the settings and click OK.

Change the specifications of an ASM instance

Find the desired ASM instance and click Specification change in the Actions column. For more information, see Change the edition of an ASM instance.

View logs of an ASM instance

Find the desired ASM instance and click Log in the Actions column. For more information, see Log Analysis.

Delete an ASM instance

Find the desired ASM instance, click the More icon 更多..png in the Actions column and then select Delete. In the Delete ASM Instance dialog box, read the Deletion Notice carefully, select the resources that you want to retain, and then click OK.

Important

Exercise caution when you perform delete operations:

  • After you delete an ASM instance, you cannot use the Service Mesh features of the instance.

  • After you delete the CLB instance that is used to expose the API server, you cannot perform operations on the clusters managed by the Service Mesh instance and related configurations.

  • After you delete the CLB instance that is used by Istio Pilot, you cannot perform operations on the Service Mesh instance and related configurations.