- What's New
- Product Bulletin
- Service Overview
- Billing
- Getting Started
-
User Guide
- Application Service Mesh
- Buying a Service Mesh
- Mesh Management
- Service Management
- Gateway Management
- Grayscale Release
- Mesh Configuration
- Traffic Management
- Security
-
Best Practices
- Upgrading Data Plane Sidecars Without Service Interruption
- Service Governance for Dubbo-based Applications
- Reserving Source IP Address for Gateway Access
- How Do I Create a Service Mesh with IPv4/IPv6 Dual Stack Enabled
- How Do I Query Application Metrics in AOM?
- Reducing the Agency Permissions of ASM Users
- Istio-ingressgateway HA Configuration
- API Reference
-
FAQs
- Service Mesh Cluster
-
Mesh Management
- Why Cannot I Create a Service Mesh for My Cluster?
- Why Are Exclusive Nodes Still Exist After Istio Is Uninstalled?
- How Do I Upgrade ICAgent?
- How Do I Enable Namespace Injection for a Cluster?
- How Do I Disable Sidecar Injection for Workloads?
- What Can I Do If a Pod Cannot Be Started Due to Unready Sidecar?
- Why Does the Owner Group of the File Mounted to the Service Container Change After Configuring fsgroup?
- How Do I Handle a Canary Upgrade Failure?
- Possible Causes of Sidecar Injection Failures
-
Adding a Service
- What Do I Do If an Added Gateway Does Not Take Effect?
- Why Does It Take a Long Time to Start the Demo Application in Experiencing Service Mesh in One Click?
- Why Cannot I Access the Page of the Deployed Demo Application?
- Why Does Error Code 500 Is Displayed When I Create a Gateway?
- Why Cannot I Select the Corresponding Service When Adding a Route?
- What Should I Do If the Application Data Fails to Be Obtained?
- How Do I Inject a Sidecar for the Pod Created Using a Job or Cron Job?
- Performing Grayscale Release
-
Managing Traffic
- Why Are the Created Clusters, Namespaces, and Applications Not Displayed on the Traffic Management Page?
- How Do I Change the Resource Requests of the istio-proxy Container?
- Does ASM Support HTTP/1.0?
- How Can I Block Access from Some IP Address Ranges or Ports for a Service Mesh?
- How Do I Configure max_concurrent_streams for a Gateway?
- How Do I Fix Compatibility Issues Between Istio CNI and Init Containers?
-
Monitoring Traffic
- Why Cannot I View Traffic Monitoring Data Immediately After a Pod Is Started?
- Why Are the Latency Statistics on the Dashboard Page Inaccurate?
- Why Is the Traffic Ratio Inconsistent with That in the Traffic Monitoring Chart?
- Why Can't I Find Certain Error Requests in Tracing?
- Why Cannot I Find My Service in the Traffic Monitoring Topology?
- How Do I Connect a Service Mesh to Jaeger or Zipkin for Viewing Traces?
- Videos
-
More Documents
-
User Guide (ME-Abu Dhabi Region)
- Service Overview
- Getting Started
- User Guide
-
FAQs
- Service Mesh Cluster
- Mesh Management
-
Adding a Service
- What Do I Do If an Added Gateway Does Not Take Effect?
- Why Does It Take a Long Time to Start the Demo Application in Experiencing Service Mesh in One Click?
- Why Cannot I Access the page of the Demo Application After It Is Successfully Deployed?
- Why Cannot I Select the Corresponding Service When Adding a Route?
- Performing Grayscale Release
-
User Guide (ME-Abu Dhabi Region)
- General Reference
Copied.
Before You Start
Overview
Welcome to use Application Service Mesh (ASM). ASM provides full-lifecycle management and traffic management of cloud-native containerized applications in a non-intrusive manner. Compatible with the Kubernetes and Istio ecosystems, ASM features intelligent, flexible traffic services including full-process automatic management of grayscale releases, graphical application topologies, and visualized traffic management.
This document describes how to use application programming interfaces (APIs) to perform operations on service meshes, such as creating, deleting, and querying service meshes. For details about all supported operations, see API.
If you plan to access ASM through an API, ensure that you are familiar with ASM concepts.
API Calling
ASM provides Representational State Transfer (REST) APIs. You can call these APIs using HTTPS.
For details about API calling, see Calling APIs.
Constraints
To use ASM, make sure you apply for the full permissions of Cloud Container Engine (CCE) as your ASM permissions are related to CCE permissions.
Basic Concepts
- Account
An account is created after successful registration with Huawei Cloud. The account has full access permissions for all of its cloud services and resources. It can be used to reset user passwords and grant user permissions. The account is a payment entity and should not be used directly to perform routine management. For security purposes, create users and grant them permissions for routine management.
- User
A user is created by an account to use cloud services. Each user has its own identity credentials (password or access keys).
A user can view the account ID and user ID on the My Credentials page of the console. The account, username, and password will be required for API authentication.
- Region
Regions are divided based on geographical location and network latency. Public services, such as Elastic Cloud Server (ECS), Elastic Volume Service (EVS), Object Storage Service (OBS), Virtual Private Cloud (VPC), Elastic IP (EIP), and Image Management Service (IMS), are shared within the same region. Regions are classified into universal regions and dedicated regions. A universal region provides universal cloud services for common tenants. A dedicated region provides specific services for specific tenants.
- Availability zone
An availability zone (AZ) contains one or more physical data centers. Each AZ has independent cooling, fire extinguishing, moisture-proof, and electricity facilities. Within an AZ, compute, network, storage, and other resources are logically divided into multiple clusters. AZs within a region are interconnected by optical fibers for high-availability networking.
- Project
A Huawei Cloud region corresponds to a project. Default projects are defined to group and physically isolate resources (including compute, storage, and network resources) across regions. You can grant users permissions in a default project to access all resources in the region associated with the project. If you need more refined access control, you can create subprojects under a default project and purchase resources in subprojects. Then you can grant users the permissions required to access only the resources in specific subprojects.
Figure 1 Project isolation model
To view a project ID, go to the My Credentials page.
- Enterprise project
Enterprise projects allow you to group and manage resources across regions. Resources in enterprise projects are logically isolated from each other. An enterprise project can contain resources of multiple regions, and you can easily add resources to or remove resources from enterprise projects.
Feedback
Was this page helpful?
Provide feedbackThank you very much for your feedback. We will continue working to improve the documentation.See the reply and handling status in My Cloud VOC.
For any further questions, feel free to contact us through the chatbot.
Chatbot
