Add a cluster to an ASM instance to enhance system reliability and security-Container Compute Service(ACS)-阿里云帮助中心

Adding a cluster to an ASM instance lets you use features like traffic management, fault handling, unified monitoring, and logging to enhance system reliability and security, more effectively manage and monitor service interactions, and improve service observability.

Prerequisites

You have created an ASM instance.
You have created an ACK cluster or an ACS cluster. For more information, see Create an ACK dedicated cluster (discontinued), Create an ACK managed cluster, Create an ACK One registered cluster, or Create an ACS cluster.

Note
We recommend that the cluster you add is in the same VPC as the ASM instance. If you need to add a cluster from a different VPC, connect the VPCs by using Cloud Enterprise Network (CEN). For more information, see Disaster recovery across multiple ACK clusters in different VPCs (connect VPC networks by using CEN).

Add a VPC-connected cluster

VPC-connected clusters include:

Clusters that are in the same VPC as the ASM control plane.
Clusters that are in a different VPC from the ASM control plane but are connected through a method such as CEN.

Procedure

Log on to the ASM console. In the left-side navigation pane, choose Service Mesh > Mesh Management.
On the Mesh Management page, click the name of the ASM instance. In the left-side navigation pane, choose Cluster & Workload Management > Kubernetes Clusters. On the page that appears, click Add.
On the Add Kubernetes Cluster page, select the cluster to add and click OK.
- If your services run on a single cluster or multiple clusters in the same VPC, we recommend that you first click Filter out Kubernetes clusters that are in the same VPC as the ASM instance and then select the target cluster from the list.
- Ensure that the proxy containers running in the cluster you are adding can access the Istio Pilot address exposed by the ASM instance. That is, if the ASM instance does not expose an Internet endpoint for Istio Pilot, ensure that the endpoint is accessible through the VPC.
In the Note dialog box, click OK.

After you add the cluster, on the Instance Information > Base Information page, the Status of the ASM instance changes to Updating. The update takes a few seconds, and the duration varies based on the number of clusters added. Then, click Refresh in the upper-right corner. The Status of the ASM instance changes to Running. On the Kubernetes Clusters page, you can view the added cluster.

Note

When you no longer need a cluster in an ASM instance, you can remove it from the instance. On the Kubernetes Clusters page, select the cluster that you want to remove, click Remove, and then click OK in the Confirm dialog box.

Removing the cluster prevents it from using the service mesh. Proceed with caution.

Add a cluster from an external network

ASM supports three methods to add a cluster from an external network to an ASM instance:

Connect VPCs via CEN

To connect VPCs by using CEN, see Use an Enterprise Edition transit router for secure traffic communication to connect the ASM instance's VPC with the cluster's VPC. After the VPCs are connected, follow the steps in Procedure to add the cluster to the ASM instance.

Connect VPCs via PrivateLink

To connect VPCs by using PrivateLink, see Use PrivateLink to manage network connectivity between control plane and data plane clusters across VPCs.

Connect over the Internet

Ensure that the Kubernetes cluster has Internet access enabled. Then, see Associate an EIP with or disassociate an EIP from the control plane of an ASM instance to enable Internet access for the ASM control plane. Finally, follow the steps in Procedure to add the cluster to the ASM instance.