Configure managed Anthos Service Mesh with asmcli x

Overview

Managed Anthos Service Mesh is a Google-managed control plane and an optional data plane that you simply configure. Google handles their reliability, upgrades, scaling and security for you in a backward-compatible manner.

This guide explains how to set up managed Anthos Service Mesh with preview features using the experimental command asmcli x.

To learn about the supported features and limitations of managed Anthos Service Mesh, see Managed Anthos Service Mesh supported features.

Before you begin

Before starting this guide, you must:

  1. Check the requirements and limitations for Managed Anthos Service Mesh.
  2. Download the installation tool.

Get cluster credentials

Retrieve the appropriate credentials. The following command will also point the kubectl context to the target cluster.

gcloud container clusters get-credentials  CLUSTER_NAME \
    --zone LOCATION \
    --project PROJECT_ID

Apply the Google-managed control plane with asmcli experimental

asmcli x (experimental) uses a Google Cloud service currently in preview to provision and set up the control plane by applying a custom resource to the Kubernetes cluster.

If your organization enforces VPC Service Control (VPC-SC) for your project, you must specify an additional flag --use-vpcsc when running the asmcli x command, otherwise the installation will fail. Support for VPC-SC is only available in the regular and rapid channels.

GKE

./asmcli x install \
    -p PROJECT_ID \
    -l LOCATION \
    -n CLUSTER_NAME \
    --managed \
    --verbose \
    --output_dir CLUSTER_NAME \
    --enable-all

Verify the control plane has been provisioned

The asmcli tool creates a ControlPlaneRevision custom resource in the cluster. This resource's status is updated when the managed control plane is provisioned or fails provisioning. Inspect the status of the resource with the following command:

kubectl describe controlplanerevision asm-managed -n istio-system

The output is similar to:

  Name:         asm-managed

  …

  Status:
    Conditions:
      Last Transition Time:  2021-08-05T18:56:32Z
      Message:               The provisioning process has completed successfully
      Reason:                Provisioned
      Status:                True
      Type:                  Reconciled
      Last Transition Time:  2021-08-05T18:56:32Z
      Message:               Provisioning has finished
      Reason:                ProvisioningFinished
      Status:                True
      Type:                  ProvisioningFinished
      Last Transition Time:  2021-08-05T18:56:32Z
      Message:               Provisioning has not stalled
      Reason:                NotStalled
      Status:                False
      Type:                  Stalled

The Reconciled condition determines whether the managed control plane is running correctly. If true, the control plane is running successfully. Stalled determines whether the managed control plane provisioning process has encountered an error. If Stalled, the Message field contains more information about the specific error. For more info, see Status codes.

What's next?