Version 1.11

About the asmcli

The asmcli is a Google-provided tool that you can use to install or upgrade Anthos Service Mesh. If you let it, asmcli will configure your project and cluster as follows:

  • Grant you the required Identity and Access Management (IAM) permissions on your Google Cloud project.
  • Enable the required Google APIs on your Cloud project.
  • Set a label on the cluster that identifies the mesh.
  • Create a service account that lets data plane components, such as the sidecar proxy, securely access your project's data and resources.
  • Register the cluster to the fleet if it isn't already registered.

Just include the --enable_all flag when you run asmcli to let it configure your project and cluster. For more information about asmcli options and flags, see the asmcli reference.

Next, asmcli configures YAML files with your project and cluster information. These configuration files are needed to install the Anthos Service Mesh control plane.

If you are new to Anthos Service Mesh and Istio, skip ahead to Supported platforms. The next section is intended to help existing Anthos Service Mesh upgrade to 1.11.

Transitioning to asmcli

The asmcli takes the place of istioctl install and install_asm. Although you can still use the legacy tools in Anthos Service Mesh 1.11, we are deprecating them and they will no longer be supported in Anthos Service Mesh 1.12 and later. Please update your scripts and tools to use asmcli.

With Anthos Service Mesh 1.11 and later, all clusters must be registered to a fleet. See Fleet requirements for details.

Transitioning from install_asm

If you are familiar with install_asm, asmcli is similar but with the following notable differences:

  • You use asmcli install for new installations and upgrades. There isn't a --mode option like with install_asm. When you run asmcli install, it checks to see if there's an existing control plane on the cluster. If there isn't an existing control plane, asmcli installs Anthos Service Mesh. If the cluster has an existing control plane (either an Anthos Service Mesh control plane or an open source Istio control plane):

    • If the revision label on the existing control plane doesn't match the revision label for the new control plane, asmcli does a canary upgrade.

    • If the control plane revision labels are the same, asmcli does an in-place upgrade.

  • Most of the asmcli options and flags behave the same as the ones for install_asm.

Transitioning from istioctl install

If you are familiar with istioctl install, if you normally pass an IstioOperator YAML file via the -f command-line argument to configure the control plane, you can pass the file to asmcli using the --custom_overlay option. In the Anthos Service Mesh documentation, we refer to these files as overlay files.

Supported platforms

You can use asmcli for new installations or upgrades of Anthos Service Mesh on the following platforms:

  • GKE clusters in a single project

  • GKE clusters in multiple projects

  • Anthos clusters on VMware

  • Anthos on bare metal

  • Anthos clusters on AWS

  • Amazon EKS

See Supported platforms for details on supported versions of the platforms.

Not all features are available on the platforms outside of Google Cloud. For example, Anthos Service Mesh certificate authority (Mesh CA) isn't supported on Anthos clusters on AWS or Amazon EKS. For details, see In-cluster control plane supported features.

What's next