About the asmcli
asmcli is a Google-provided tool that you can use to install or
upgrade Anthos Service Mesh. If you let it,
asmcli will configure your
project and cluster as follows:
- Grant you the required Identity and Access Management (IAM) permissions on your Google Cloud project.
- Enable the required Google APIs on your Cloud project.
- Set a label on the cluster that identifies the mesh.
- Create a service account that lets data plane components, such as the sidecar proxy, securely access your project's data and resources.
- Register the cluster to the fleet if it isn't already registered.
Just include the
--enable_all flag when you run
asmcli to let it configure
your project and cluster. For more information about
asmcli options and flags,
asmcli configures YAML files with your project and cluster information.
These configuration files are needed to install the Anthos Service Mesh control plane.
If you are new to Anthos Service Mesh and Istio, skip ahead to Supported platforms. The next section is intended to help existing Anthos Service Mesh upgrade to 1.14.
asmcli takes the place of
istioctl install and
you can still use the legacy tools in Anthos Service Mesh 1.11, we are deprecating
them and they will no longer be supported in Anthos Service Mesh 1.12 and later.
Please update your scripts and tools to use
If you are familiar with
asmcli is similar but with the
following notable differences:
asmcli installfor new installations and upgrades. There isn't a
--modeoption like with
install_asm. When you run
asmcli install, it checks to see if there's an existing control plane on the cluster. If there isn't an existing control plane,
asmcliinstalls Anthos Service Mesh. If the cluster has an existing control plane (either an Anthos Service Mesh control plane or an open source Istio control plane):
Most of the
asmclioptions and flags behave the same as the ones for
If you are familiar with
istioctl install, if you normally pass an
IstioOperator YAML file via the
-f command-line argument to configure the
control plane, you can pass the file to
asmcli using the
option. In the Anthos Service Mesh documentation, we refer to these files as
Anthos Service Mesh installations on the list of
Supported platforms can be configured
or upgraded by
Not all features are available on the platforms outside of Google Cloud. For example, Anthos Service Mesh certificate authority (Mesh CA) isn't supported on Anthos clusters on AWS, Amazon EKS, or Microsoft AKS. For details, see In-cluster control plane supported features.