Create an ASM instance

Procedure

1. Log on to the ASM console. In the left-side navigation pane, choose Service Mesh > Mesh Management.

2. On the Mesh Management page, click Create ASM Instance and configure mesh settings.

   Configuration item	Description
   Service mesh name	The name of the Service Mesh instance.
   Spec	You can select Standard Edition, Enterprise Edition, or Ultimate Edition. For a feature comparison of ASM editions, see What is Alibaba Cloud Service Mesh (ASM)?
   Region	The region where the Service Mesh instance is deployed.
   Istio Version	The Istio version. Only the two latest major versions are available, such as 1.22.* and 1.23.*. For more information about versions, see Versioning mechanism. If you need a different version, submit a ticket.
   Kubernetes Cluster	Based on the Kubernetes clusters you plan to add to the Service Mesh, the system automatically selects the VPC, vSwitch, and cluster local domain for the mesh. For more information, see Create an ACK managed cluster.
   VPC	The virtual private cloud (VPC) for the Service Mesh instance. Click Create VPC to create one. For more information, see Create and manage a VPC.
   vSwitch	The vSwitch for the Service Mesh instance. Click Create vSwitch to create one. For more information, see Create and manage a vSwitch.
   Istio control plane access	The CLB instance for accessing the Istio control plane.
   API Server access	The CLB instance for the API Server. You can also choose whether to Use EIP to expose API Server. If enabled: An EIP is created and attached to the internal CLB. You can connect to and manage ASM over the Internet using kubeconfig. If disabled: No EIP is created. You can only connect to and manage ASM within the VPC using kubeconfig.
   Observability	Is Enable Tracing Analysis enabled? ASM integrates with Alibaba Cloud Tracing Analysis powered by OpenTelemetry to provide distributed application developers with complete capabilities including trace reconstruction, request volume statistics, topology visualization, and application dependency analysis. These features help developers quickly identify and diagnose performance bottlenecks in distributed architectures and improve troubleshooting efficiency. For more information, see Use Tracing Analysis powered by OpenTelemetry for unified tracing across mesh and non-mesh applications. Note Before enabling this feature, activate Tracing Analysis powered by OpenTelemetry.
   	Choose whether to Enable Prometheus Metrics. For more information about Prometheus, see Integrate Cloud Monitor Prometheus for mesh monitoring and Integrate self-managed Prometheus for mesh monitoring.
   	Choose whether to Enable ASM Mesh Topology to Enhance Mesh Observability. ASM Mesh Topology is an observability tool for Service Mesh that provides a visual interface for viewing related services and configurations. ASM has supported built-in mesh topology since version 1.7.5.25. For more information, see Enable mesh topology to improve observability.
   	Choose whether to Collect access logs to Alibaba Cloud Log Service. You can view ingress gateway access logs in Simple Log Service. For more information, see Generate and collect ASM gateway access logs and Use Simple Log Service to collect data plane cluster access logs.
   	Choose whether to Enable Control Plane Log Collection. ASM supports collecting control plane logs and configuring log-based alerting—for example, logs related to ASM pushing configurations to data plane Sidecars. For more information, see Enable control plane log collection and log-based alerting (legacy) or Enable control plane log collection and log-based alerting (new).
   Mesh Audit	Choose whether to Enable Mesh Audit. Mesh audit helps mesh administrators record or trace daily operations performed by different users. It is a critical part of cluster security O&M. For more information, see Use KubeAPI operation audit.
   Resource configuration	Choose whether to Enable Istio custom resource version control. When you update the spec field of an Istio resource, ASM records up to the five most recent versions. For more information, see Roll back to a previous version of an Istio resource.
   	Choose whether to Allow data plane cluster KubeAPI to access Istio CR. ASM lets you manage Istio resources through the Kubernetes API (KubeAPI) of data plane clusters. For more information, see Access Istio resources using data plane cluster KubeAPI.
   Cluster Domain	The cluster local domain used by the Service Mesh instance. The default value is cluster.local. You can only add Kubernetes clusters that use the same cluster domain to the mesh instance. Note This setting is visible only if the ASM instance version is 1.6.4.5 or later.
   Dataplane Mode	Choose whether to Enable Ambient Mesh. Ambient Mesh supports both Sidecar and sidecarless data plane architectures. You can choose either mode or use them together as needed. For more information, see Ambient mode.

3. Optional: Activate pay-as-you-go billing.

   If you are creating a commercial edition instance for the first time, the Dependency Check shows State as Not pass. You must activate pay-as-you-go billing.

   Click Dependency Check in the right-side Illustrate column, then click Activate Now. Select Service Mesh (Pay-as-you-go) Service Agreement and click Activate Now. Return to the Create Service Mesh page, click ASM service activation check in the right-side Check again, and the Dependency Check status in the right-side State column will display Pass.

4. Carefully read the Service Agreement and click Create Service Mesh.

   Note

   It typically takes 2 to 3 minutes to create an ASM instance.