Help Center/ Application Service Mesh/ User Guide (ME-Abu Dhabi Region)/ User Guide/ Creating a Mesh/ Creating a Service Mesh
Updated on 2024-03-18 GMT+08:00
View PDF
Share

Creating a Service Mesh

ASM allows you to create a service mesh of the Basic edition, which is a standard service mesh available for commercial use.

Prerequisites

A CCE cluster is available.

Constraints

  • ASM depends on the domain name resolution of CoreDNS. Before creating a service mesh for a cluster, ensure that the cluster has required resources and CoreDNS is running normally.
  • When you enable Istio for a cluster, you must enable port 7443 in the inbound direction of the security group to which the worker node belongs, for automatic sidecar injection and callback. If you use the default security group created by CCE, this port is automatically enabled. If you create a security group rule, manually enable port 7443 to ensure that sidecars can be automatically injected.

Procedure

  1. Log in to the ASM console.
  2. Click Create Mesh in the upper right corner.
  3. Configure the following parameters.

    • Mesh Edition

      Only service meshes of the Basic edition are supported.

    • Mesh Name

      Enter a service mesh name, which consists of 4 to 64 characters. It must start with a lowercase letter and cannot end with a hyphen (-). Only lowercase letters, digits, and hyphens (-) are allowed.

      Service mesh names under the same account must be unique and cannot be modified after creation.

    • Istio Version

      Select the Istio version supported by the service mesh.

    • Cluster

      Select the target cluster from the cluster list or enter the target cluster name in the upper right corner of the list to search for it. You can select only the clusters which versions are supported by the current mesh version.

    • Mesh Control Plane Node

      To install the control plane components for the service mesh of the Basic edition in your cluster, you need to select a node for installation. If HA is required, you can select two or more nodes from different AZs.

      The selected node is labeled with istio:master, and the components are scheduled to this node.

  4. (Optional) Configure advanced settings.

    • Sidecar Configuration

      Select a namespace and label it with istio-injection=enabled. All pods in the namespace will be injected with an istio-proxy sidecar.

      You can inject a sidecar in Mesh Configuration > Sidecar Management after the mesh is created. For details, see Injecting a Sidecar.

    • Restart Existing Services

      : Pods of the existing services in the namespace will be restarted, which will temporarily interrupt your services. The istio-proxy sidecar is automatically injected into the pods of the existing services.

      : The istio-proxy sidecar cannot be automatically injected into the pods of the existing services. You need to manually restart the workloads on the CCE console to inject the sidecar.

  5. Review the service mesh configuration in the Configuration List on the right of the page and click Submit.

    It takes about 1 to 3 minutes to create a service mesh. If the service mesh status changes from Installing to Running, the service mesh is successfully created.

    When the service mesh is enabled, the following operations are performed:

    • Helm orchestrates the application into a Release as the resource of the service mesh control plane.
    • A security group is enabled for the nodes to allow the inbound traffic for port 7443 to support automatic sidecar injection.

Parent topic: Creating a Mesh