在本部分中,迁移脚本用于在 gke-system 命名空间内创建 Cloud Service Mesh 入站流量网关。
对于迁移,将使用 gke-system 命名空间,以便在刚刚移除的“捆绑的 Istio”使用的同一命名空间中创建入站流量网关。这样,Cloud Service Mesh Ingress pod 便可以无缝接管流量,而无需对入站流量服务进行任何配置更改。例如,您无需配置新的外部 IP 地址。
要在 gke-system 命名空间中创建入站流量网关,请运行以下命令启动迁移脚本:
./migration-addon.sh--commandset-up-asm-ingress
该过程中的终端输出类似于以下内容:
Setting up Cloud Service Mesh ingress. Note that the Cloud Service Mesh ingress is not
serving traffic at this step.
namespace/gke-system labeled
deployment.apps/istio-ingressgateway created
horizontalpodautoscaler.autoscaling/istio-ingressgateway created
role.rbac.authorization.k8s.io/istio-ingressgateway-sds created
rolebinding.rbac.authorization.k8s.io/istio-ingressgateway-sds created
Cloud Service Mesh ingress is successfully installed.
[[["易于理解","easyToUnderstand","thumb-up"],["解决了我的问题","solvedMyProblem","thumb-up"],["其他","otherUp","thumb-up"]],[["很难理解","hardToUnderstand","thumb-down"],["信息或示例代码不正确","incorrectInformationOrSampleCode","thumb-down"],["没有我需要的信息/示例","missingTheInformationSamplesINeed","thumb-down"],["翻译问题","translationIssue","thumb-down"],["其他","otherDown","thumb-down"]],["最后更新时间 (UTC):2025-09-04。"],[],[],null,["# Migrate the bundled Istio to Cloud Service Mesh\n\nThese steps are specific to the bundled version of Istio that is included by\ndefault with the Knative serving \"*GKE add-on*\".\n| **Important:** If the \"*Istio add-on* \" is installed on your cluster, you must instead perform the steps to [migrate the Istio add-on to Cloud Service Mesh](/kubernetes-engine/enterprise/knative-serving/docs/install/on-gcp/upgrade/uninstall-istio-addon).\n\nSince the bundled version of Istio is uninstalled when you performed the\n[process of uninstalling the Knative serving \"*GKE add-on*\"](/kubernetes-engine/enterprise/knative-serving/docs/install/on-gcp/upgrade/uninstall-addon),\nthe steps on this page install Cloud Service Mesh on your cluster and then\nconfigures your ingress gateway.\n\nBefore you begin\n----------------\n\n- You must first review and ensure that you meet the\n [requirements for upgrading](/kubernetes-engine/enterprise/knative-serving/docs/install/on-gcp/upgrade).\n\n- The commands on this page use the environment variables and migration script\n from the [upgrade preparation step](/kubernetes-engine/enterprise/knative-serving/docs/install/on-gcp/upgrade/prepare).\n\n- It is important that you perform each step of this process in the\n [specified order](/kubernetes-engine/enterprise/knative-serving/docs/install/on-gcp/upgrade#upgrading).\n\nOverview\n--------\n\nIn general, the process for installing Cloud Service Mesh when migrating from the\nbundled version of Istio, is the same process as performing a clean\nCloud Service Mesh installation. In this process Cloud Service Mesh version\n1.18 is installed with the\n[In-cluster control plane](/service-mesh/v1.18/docs/supported-features).\n\nInstall Cloud Service Mesh version 1.18\n---------------------------------------\n\nYou use the Cloud Service Mesh installation documentation to install Cloud Service Mesh.\n\n**Before you begin**:\n\n- For the migration, the ingress gateway must be installed\n separately during the subsequent [configuration steps](#meshconfig). The\n installation script won't install the ingress gateway by default.\n\n- Optional: If you use Cloud Service Mesh certificate authority (Mesh CA), you must\n also include the `--ca mesh_ca` flag with the Cloud Service Mesh installation\n script.\n\n**To install Cloud Service Mesh**:\n\nFollow the steps in the Cloud Service Mesh documentation:\n[Install Cloud Service Mesh version 1.18](/service-mesh/v1.18/docs/unified-install/install-anthos-service-mesh)\n\nExample\n\n: The following is an example of the default command that includes the required\n flag:\n\n ./asmcli install \\\n --project_id ${PROJECT_ID} \\\n --cluster_name ${CLUSTER_NAME} \\\n --cluster_location ${CLUSTER_LOCATION} \\\n --ca mesh_ca \\\n --output_dir DIR_PATH \\\n --enable_all\n\n### Configure Cloud Service Mesh ingress\n\nIn this section, the [migration script](/kubernetes-engine/enterprise/knative-serving/docs/install/on-gcp/upgrade/prepare) is used to\ncreate the Cloud Service Mesh ingress gateway within the `gke-system` namespace.\n\nFor the migration, the `gke-system` namespace is used so that the ingress\ngateway is placed within the same namespace used by the recently removed\n\"bundled Istio\". Therefore, the Cloud Service Mesh ingress pods can seamlessly\ntakeover traffic without any required configuration changes to the ingress\nservice. For example, you do not need to configure a new external IP address.\n\n1. To create the ingress gateway within the `gke-system` namespace,\n run the following command to start the migration script:\n\n ./migration-addon.sh --command set-up-asm-ingress\n\n The terminal output during the process looks similar to the following: \n\n Setting up Cloud Service Mesh ingress. Note that the Cloud Service Mesh ingress is not\n serving traffic at this step.\n namespace/gke-system labeled\n deployment.apps/istio-ingressgateway created\n horizontalpodautoscaler.autoscaling/istio-ingressgateway created\n role.rbac.authorization.k8s.io/istio-ingressgateway-sds created\n rolebinding.rbac.authorization.k8s.io/istio-ingressgateway-sds created\n Cloud Service Mesh ingress is successfully installed.\n\n2. Verify that the `istio-ingrerssgateway` ingress gateway is running in the\n `gke-system` namespace by running the following command:\n\n kubectl get deployment istio-ingressgateway -n gke-system\n\n Note that the number of `istio-ingressgateway` pods is intentionally `0`.\n After installing the Knative serving fleet component, there is a subsequent\n step to\n [migrate all traffic to the Cloud Service Mesh ingress](/kubernetes-engine/enterprise/knative-serving/docs/install/on-gcp/upgrade/migrate-traffic).\n\nWhat's next\n-----------\n\n[Install the fleet component](/kubernetes-engine/enterprise/knative-serving/docs/install/on-gcp/upgrade/fleet-install-script)\n\nRollback\n--------\n\nIf you need to rollback the changes that you made through the preceding steps,\nyou can use the migration script to:\n\n- Delete the Cloud Service Mesh ingress gateway.\n- Uninstall Cloud Service Mesh.\n\nTo rollback the Cloud Service Mesh configuration and installation:\n\n1. Run the following command to start the rollback.\n\n ./migration-addon.sh --command rollback-set-up-asm-ingress\n\n The terminal output during the process looks similar to the following: \n\n Deleting Cloud Service Mesh ingress\n deployment.apps \"istio-ingressgateway\" deleted\n horizontalpodautoscaler.autoscaling \"istio-ingressgateway\" deleted\n role.rbac.authorization.k8s.io \"istio-ingressgateway-sds\" deleted\n rolebinding.rbac.authorization.k8s.io \"istio-ingressgateway-sds\" deleted\n Cloud Service Mesh ingress is successfully deleted.\n\n2. To verify that the Cloud Service Mesh ingress gateway was removed, check that the\n `istio-ingressgateway` service no longer exists in the `gke-system`\n namespace:\n\n kubectl get deployment istio-ingressgateway -n gke-system\n\n3. [Uninstall Cloud Service Mesh](/service-mesh/v1.18/docs/uninstall)\n\n4. To continue rolling back all the changes to your installations original state,\n [rollback the Knative serving \"GKE add-on\"](/kubernetes-engine/enterprise/knative-serving/docs/install/on-gcp/upgrade/uninstall-addon#rollbackgkeaddon)."]]
