diff --git a/umn/source/_static/images/en-us_image_0000001280416429.png b/umn/source/_static/images/en-us_image_0000001280416429.png deleted file mode 100644 index 72f8c58..0000000 Binary files a/umn/source/_static/images/en-us_image_0000001280416429.png and /dev/null differ diff --git a/umn/source/_static/images/en-us_image_0000001918938240.png b/umn/source/_static/images/en-us_image_0000001918938240.png deleted file mode 100644 index 7a6220d..0000000 Binary files a/umn/source/_static/images/en-us_image_0000001918938240.png and /dev/null differ diff --git a/umn/source/_static/images/en-us_image_0000001997321585.png b/umn/source/_static/images/en-us_image_0000001997321585.png new file mode 100644 index 0000000..da5bdca Binary files /dev/null and b/umn/source/_static/images/en-us_image_0000001997321585.png differ diff --git a/umn/source/_static/images/en-us_image_0000002043652974.png b/umn/source/_static/images/en-us_image_0000002043652974.png new file mode 100644 index 0000000..401dbd6 Binary files /dev/null and b/umn/source/_static/images/en-us_image_0000002043652974.png differ diff --git a/umn/source/best_practices/creating_a_service_mesh_with_ipv4_ipv6_dual_stack_enabled.rst b/umn/source/best_practices/how_do_i_create_a_service_mesh_with_ipv4_ipv6_dual_stack_enabled.rst similarity index 90% rename from umn/source/best_practices/creating_a_service_mesh_with_ipv4_ipv6_dual_stack_enabled.rst rename to umn/source/best_practices/how_do_i_create_a_service_mesh_with_ipv4_ipv6_dual_stack_enabled.rst index c084572..ecf0103 100644 --- a/umn/source/best_practices/creating_a_service_mesh_with_ipv4_ipv6_dual_stack_enabled.rst +++ b/umn/source/best_practices/how_do_i_create_a_service_mesh_with_ipv4_ipv6_dual_stack_enabled.rst @@ -2,8 +2,8 @@ .. _asm_bestpractice_1009: -Creating a Service Mesh with IPv4/IPv6 Dual Stack Enabled -========================================================= +How Do I Create a Service Mesh with IPv4/IPv6 Dual Stack Enabled +================================================================ You can create a CCE cluster with IPv4/IPv6 dual stack enabled and enable IPv4/IPv6 dual stack for the service mesh that the cluster is added to. IPv4/IPv6 dual stack allows services in the service mesh to use both IPv4 and IPv6 addresses for service-to-service interactions. After an IPv4/IPv6 dual-stack gateway is added for the service mesh, you can provide services for users using an IPv6 client. This section describes how you can create a service mesh with IPv4/IPv6 dual stack, so that services in the service mesh can communicate with each other using IPv6 addresses. @@ -16,7 +16,7 @@ Application Scenarios Constraints ----------- -- Constraints on enabling IPv4/IPv6 dual stack for a service mesh +- Conditions for enabling IPv4/IPv6 dual stack for a service mesh +----------------------+---------------+--------------------+--------------------------+--------------------------------------------+ | Service Mesh Edition | Istio Version | Cluster Type | Cluster Network Type | Remarks | @@ -24,7 +24,7 @@ Constraints | Basic | 1.18 or later | CCE Turbo clusters | Cloud native network 2.0 | IPv6 needs to be enabled for the clusters. | +----------------------+---------------+--------------------+--------------------------+--------------------------------------------+ -- Constraints on creating an IPv4/IPv6 dual-stack gateway +- Conditions for creating an IPv4/IPv6 dual-stack gateway +----------------------+---------------+--------------------+----------------------------------+----------------------------------------+ | Service Mesh Edition | Istio Version | Load Balancer Type | Load Balancer Specification | Remarks | @@ -32,8 +32,10 @@ Constraints | Basic | 1.18 or later | Dedicated | Network load balancing (Layer 4) | The load balancer has an IPv6 address. | +----------------------+---------------+--------------------+----------------------------------+----------------------------------------+ +- **Enable IPv6** is only available in Basic service meshes based on Istio 1.18 or later. + - IPv4/IPv6 dual stack cannot be disabled once it is enabled for a service mesh. IPv4/IPv6 dual stack cannot be enabled for an existing service mesh. -- IPv4/IPv6 dual stack is only available for service meshes of v1.18 or later, but it cannot be enabled for a service mesh that is upgraded to v1.18 or later. +- IPv4/IPv6 dual stack cannot be enabled for a service mesh whose Istio version is upgraded to 1.18 or later. Creating a Service Mesh with IPv6 Addresses ------------------------------------------- diff --git a/umn/source/best_practices/index.rst b/umn/source/best_practices/index.rst index 78574df..8af3b2f 100644 --- a/umn/source/best_practices/index.rst +++ b/umn/source/best_practices/index.rst @@ -7,7 +7,7 @@ Best Practices - :ref:`Upgrading Data Plane Sidecars Without Service Interruption ` - :ref:`Service Governance for Dubbo-based Applications ` -- :ref:`Creating a Service Mesh with IPv4/IPv6 Dual Stack Enabled ` +- :ref:`How Do I Create a Service Mesh with IPv4/IPv6 Dual Stack Enabled ` .. toctree:: :maxdepth: 1 @@ -15,4 +15,4 @@ Best Practices upgrading_data_plane_sidecars_without_service_interruption service_governance_for_dubbo-based_applications/index - creating_a_service_mesh_with_ipv4_ipv6_dual_stack_enabled + how_do_i_create_a_service_mesh_with_ipv4_ipv6_dual_stack_enabled diff --git a/umn/source/change_history.rst b/umn/source/change_history.rst new file mode 100644 index 0000000..f5e9341 --- /dev/null +++ b/umn/source/change_history.rst @@ -0,0 +1,24 @@ +:original_name: asm_his_0001.html + +.. _asm_his_0001: + +Change History +============== + +.. table:: **Table 1** Change history + + +-----------------------------------+--------------------------------------------------------------+ + | Released On | Description | + +===================================+==============================================================+ + | 2024-10-12 | - The following are modifications based on review comments: | + | | | + | | - Added the "Upgrades" chapter. | + | | | + | | - Updated the infographic of ASM. | + | | | + | | - Optimized other problems. | + | | | + | | - Added the change history. | + +-----------------------------------+--------------------------------------------------------------+ + | 2024-04-25 | - First release. | + +-----------------------------------+--------------------------------------------------------------+ diff --git a/umn/source/faqs/index.rst b/umn/source/faqs/index.rst index 0bd6be6..d440b03 100644 --- a/umn/source/faqs/index.rst +++ b/umn/source/faqs/index.rst @@ -9,6 +9,7 @@ FAQs - :ref:`Mesh Management ` - :ref:`Adding a Service ` - :ref:`Performing Grayscale Release ` +- :ref:`Monitoring Traffic ` .. toctree:: :maxdepth: 1 @@ -18,3 +19,4 @@ FAQs mesh_management/index adding_a_service/index performing_grayscale_release/index + monitoring_traffic/index diff --git a/umn/source/faqs/mesh_management/how_do_i_disable_sidecar_injection_for_workloads.rst b/umn/source/faqs/mesh_management/how_do_i_disable_sidecar_injection_for_workloads.rst index 3e58573..fc4123e 100644 --- a/umn/source/faqs/mesh_management/how_do_i_disable_sidecar_injection_for_workloads.rst +++ b/umn/source/faqs/mesh_management/how_do_i_disable_sidecar_injection_for_workloads.rst @@ -5,21 +5,37 @@ How Do I Disable Sidecar Injection for Workloads? ================================================= -After sidecar injection is enabled for a namespace of a cluster, sidecars are automatically injected for pods of all workloads in the namespace. You can configure sidecars not to be injected into some workloads: +If sidecar injection is enabled for a namespace of a cluster, sidecars are automatically injected for the pods of all workloads in the namespace. To prevent sidecars from being injected for some workloads, perform the following operations: -#. Log in to the CCE console and click the cluster name to go to the cluster console. Then, choose **Workloads** > **Deployments**. +#. Log in to the CCE console and click the cluster name to go to the cluster console. In the navigation pane, choose **Workloads**. Then, click the **Deployments** tab. #. Locate the workload and click **Edit YAML** in the **Operation** column. -#. Find the **spec.template.metadata.annotations** field and add **sidecar.istio.io/inject: 'false'**. +#. Locate the target field based on the service mesh version and add **sidecar.istio.io/inject: 'false'**. - .. code-block:: + - For service meshes earlier than 1.13 - annotations: - sidecar.istio.io/inject: 'false' + Locate the **spec.template.metadata.annotations** field and add **sidecar.istio.io/inject: 'false'**. - |image1| + .. code-block:: + + annotations: + sidecar.istio.io/inject: 'false' + + |image1| + + - For service meshes 1.13 or later: + + Locate the **spec.template.metadata.label** field and add **sidecar.istio.io/inject: 'false'**. + + .. code-block:: + + label: + sidecar.istio.io/inject: 'false' + + |image2| For more details about sidecar injection, see `Automatic Sidecar Injection `__. .. |image1| image:: /_static/images/en-us_image_0000001223579300.png +.. |image2| image:: /_static/images/en-us_image_0000001997321585.png diff --git a/umn/source/faqs/mesh_management/how_do_i_handle_a_canary_upgrade_failure.rst b/umn/source/faqs/mesh_management/how_do_i_handle_a_canary_upgrade_failure.rst index 9ed56af..6d5f40b 100644 --- a/umn/source/faqs/mesh_management/how_do_i_handle_a_canary_upgrade_failure.rst +++ b/umn/source/faqs/mesh_management/how_do_i_handle_a_canary_upgrade_failure.rst @@ -9,7 +9,7 @@ There are many reasons for a canary upgrade failure. In case of a canary upgrade #. Failed to check custom resource definitions (CRDs) before the upgrade. - **Solution**: New Istio version does not support some CRDs, including clusterrbacconfigs, serviceroles, servicerolebindings, and policies. If there are resources to be discarded in the current version, delete them before the upgrade. + **Solution**: New Istio version does not support some CRDs, including ClusterRbacConfigs, ServiceRoles, ServiceRoleBindings, and Policies. If there are resources to be discarded in the current version, delete them before the upgrade. #. Failed to check Istio gateway labels before the upgrade. @@ -31,11 +31,11 @@ There are many reasons for a canary upgrade failure. In case of a canary upgrade **Solution**: Use the cluster version listed in the following table. - ============ ========================= - Mesh Version Supported Cluster Version - 1.15 1.21,1.23,1.25,1.27 - 1.18 1.25,1.27,1.28,1.29 - ============ ========================= + ==================== ========================== + Service Mesh Version Supported Cluster Version + 1.15 1.21, 1.23, 1.25, and 1.27 + 1.18 1.25,1.27, and 1.28 + ==================== ========================== #. Failed to check the component affinity before the upgrade. @@ -64,4 +64,4 @@ There are many reasons for a canary upgrade failure. In case of a canary upgrade #. Failed to check the automatic namespace injection before the upgrade. - **Solution:** If there are pods in the namespace when you migrate mesh data from the Dedicated edition to the Basic edition, enable automatic injection for the namespace. + **Solution:** If there are pods in the namespace when you migrate service mesh data from the Dedicated edition to the Basic edition, enable automatic injection for the namespace. diff --git a/umn/source/faqs/mesh_management/index.rst b/umn/source/faqs/mesh_management/index.rst index e900405..f014557 100644 --- a/umn/source/faqs/mesh_management/index.rst +++ b/umn/source/faqs/mesh_management/index.rst @@ -5,7 +5,7 @@ Mesh Management =============== -- :ref:`Why Cannot I Create a Mesh for My Cluster? ` +- :ref:`Why Cannot I Create a Service Mesh for My Cluster? ` - :ref:`Why Are Exclusive Nodes Still Exist After Istio Is Uninstalled? ` - :ref:`How Do I Enable Namespace Injection for a Cluster? ` - :ref:`How Do I Disable Sidecar Injection for Workloads? ` @@ -16,7 +16,7 @@ Mesh Management :maxdepth: 1 :hidden: - why_cannot_i_create_a_mesh_for_my_cluster + why_cannot_i_create_a_service_mesh_for_my_cluster why_are_exclusive_nodes_still_exist_after_istio_is_uninstalled how_do_i_enable_namespace_injection_for_a_cluster how_do_i_disable_sidecar_injection_for_workloads diff --git a/umn/source/faqs/mesh_management/why_cannot_i_create_a_mesh_for_my_cluster.rst b/umn/source/faqs/mesh_management/why_cannot_i_create_a_mesh_for_my_cluster.rst deleted file mode 100644 index bc98d4f..0000000 --- a/umn/source/faqs/mesh_management/why_cannot_i_create_a_mesh_for_my_cluster.rst +++ /dev/null @@ -1,22 +0,0 @@ -:original_name: asm_faq_0020.html - -.. _asm_faq_0020: - -Why Cannot I Create a Mesh for My Cluster? -========================================== - -Symptom -------- - -I cannot create a mesh for my cluster. - -Analysis --------- - -Currently, clusters of versions earlier than 1.15 cannot be managed by meshes. - -Solution --------- - -#. Check the cluster version. Currently, only clusters of v1.15, v1.17, or v1.19 can be managed by meshes. -#. Check your browser. Chrome is recommended. The button for mesh creation may be unavailable when you are using other browsers, such as Firefox, due to adaptation problems. diff --git a/umn/source/faqs/mesh_management/why_cannot_i_create_a_service_mesh_for_my_cluster.rst b/umn/source/faqs/mesh_management/why_cannot_i_create_a_service_mesh_for_my_cluster.rst new file mode 100644 index 0000000..962c3ef --- /dev/null +++ b/umn/source/faqs/mesh_management/why_cannot_i_create_a_service_mesh_for_my_cluster.rst @@ -0,0 +1,22 @@ +:original_name: asm_faq_0020.html + +.. _asm_faq_0020: + +Why Cannot I Create a Service Mesh for My Cluster? +================================================== + +Symptom +------- + +I cannot create a service mesh for my cluster. + +Analysis +-------- + +Currently, clusters earlier than v1.21 cannot be managed by service meshes. + +Solution +-------- + +#. Check the cluster version. Currently, only clusters v1.21 or later can be managed by service meshes. +#. Check your browser. Chrome is recommended. The button for service mesh creation may be unavailable when you are using other browsers, such as Firefox, due to adaptation problems. diff --git a/umn/source/faqs/monitoring_traffic/how_do_i_connect_a_service_mesh_to_jaeger_or_zipkin_for_viewing_traces.rst b/umn/source/faqs/monitoring_traffic/how_do_i_connect_a_service_mesh_to_jaeger_or_zipkin_for_viewing_traces.rst new file mode 100644 index 0000000..5e99956 --- /dev/null +++ b/umn/source/faqs/monitoring_traffic/how_do_i_connect_a_service_mesh_to_jaeger_or_zipkin_for_viewing_traces.rst @@ -0,0 +1,131 @@ +:original_name: asm_faq_0049.html + +.. _asm_faq_0049: + +How Do I Connect a Service Mesh to Jaeger or Zipkin for Viewing Traces? +======================================================================= + +ASM can export traces to Jaeger or Zipkin. You can view them on the Jaeger or Zipkin UI. The following uses Zipkin as an example. + +Prerequisites +------------- + +The cluster and namespace where Zipkin is to be installed have been specified. + +Procedure +--------- + +#. .. _asm_faq_0049__li098232175213: + + Create a Deployment named **zipkin**. + + Log in to the CCE console and click the cluster name to go to the cluster console. In the navigation pane, choose **Workloads**. On the **Deployments** tab, click **Create from YAML**, and copy the following content to the YAML file: + + .. code-block:: + + apiVersion: apps/v1 + kind: Deployment + metadata: + name: zipkin + namespace: monitoring + spec: + progressDeadlineSeconds: 600 + replicas: 1 + revisionHistoryLimit: 10 + selector: + matchLabels: + app.kubernetes.io/instance: zipkin + app.kubernetes.io/name: zipkin + strategy: + rollingUpdate: + maxSurge: 25% + maxUnavailable: 25% + type: RollingUpdate + template: + metadata: + labels: + app.kubernetes.io/instance: zipkin + app.kubernetes.io/name: zipkin + spec: + automountServiceAccountToken: false + containers: + - env: + - name: STORAGE_TYPE + value: mem + image: openzipkin/zipkin-slim:latest # Community Zipkin image path. Ensure that you can access this path. + imagePullPolicy: IfNotPresent + name: zipkin + readinessProbe: + failureThreshold: 3 + httpGet: + path: /health + port: 9411 + scheme: HTTP + initialDelaySeconds: 5 + periodSeconds: 5 + successThreshold: 1 + timeoutSeconds: 1 + resources: + limits: + cpu: 500m + memory: 4Gi + requests: + cpu: 100m + memory: 128Mi + securityContext: + readOnlyRootFilesystem: true + runAsNonRoot: true + runAsUser: 1000 + terminationMessagePath: /dev/termination-log + terminationMessagePolicy: File + terminationGracePeriodSeconds: 30 + + The Deployment named **zipkin** is displayed on the **Deployments** tab. If the status of **zipkin** changes to **Running**, Zipkin has been installed in the **monitoring** namespace of the target cluster. + + .. note:: + + You can also refer to `Zipkin official website documentation `__ to complete the installation. + +#. .. _asm_faq_0049__li139077291524: + + Create a Service of the LoadBalancer type. + + On the cluster console, choose **Services & Ingresses** in the navigation pane. On the **Services** tab, click **Create Service**. Then, configure the parameters as follows: + + - **Service Name**: Enter a name. **zipkin** is used as an example here. + - **Service Type**: Select **LoadBalancer**. + - **Selector**: Click **Reference Workload Label**. The label is automatically added. + - **Ports**: Configure the container port and Service port. **9411** is used as an example here. + + Retain the default values for other parameters. + + The Service named **zipkin** is displayed on the **Services** tab. + + .. caution:: + + If you do not need to access the Zipkin UI, set **Access Type** to **ClusterIP**. + +#. Buy a service mesh and interconnect it with Zipkin. + + Log in to the ASM console and click . In **Cluster Configuration**, select the cluster in :ref:`1 `. In **Observability Configuration**, enable tracing. Then, select **Third-party Jaeger/Zipkin service** for **Version**, set **Service Address** and **Access Port**, and configure other parameters as required. + + .. caution:: + + The value of **Service Address** is *{Service name}*\ **.**\ *{Namespace}*\ **.svc.cluster.local**. Replace *{Service name}* and *{Namespace}* with those specified in :ref:`2 `. + + The value of **Access Port** is that specified in :ref:`2 `. + +#. . After the deployment is complete, the services shown in the following figure are displayed on the **Service Management** page. + +#. Access the productpage details page to trigger tracing. + + Go to the service mesh details page. In the navigation pane, choose **Service Management**. On the displayed page, click the external address **http://**\ *{IP address}*\ **:**\ *{Port number}*\ **/productpage** of the **productpage** service. + +#. View the traces on the Zipkin UI at **http://**\ *{Public IP address of the load balancer configured for* **zipkin**\ *}*\ **:**\ *{Access port of* **zipkin**\ *}*\ **/zipkin/**. + + .. note:: + + You can obtain the IP address and port for logging in to the Zipkin client as follows: + + - IP address: Go to the console of the cluster where Zipkin is installed. In the navigation pane, choose **Services & Ingresses**. On the **Services** tab, view the public IP address of the load balancer configured for **zipkin**. + - Port: On the **Services** tab, view the access port of **zipkin**. diff --git a/umn/source/faqs/monitoring_traffic/index.rst b/umn/source/faqs/monitoring_traffic/index.rst new file mode 100644 index 0000000..e8c6ff4 --- /dev/null +++ b/umn/source/faqs/monitoring_traffic/index.rst @@ -0,0 +1,24 @@ +:original_name: asm_faq_0014.html + +.. _asm_faq_0014: + +Monitoring Traffic +================== + +- :ref:`Why Cannot I View Traffic Monitoring Data Immediately After a Pod Is Started? ` +- :ref:`Why Are the Latency Statistics on the Dashboard Page Inaccurate? ` +- :ref:`Why Is the Traffic Ratio Inconsistent with That in the Traffic Monitoring Chart? ` +- :ref:`Why Can't I Find Certain Error Requests in Tracing? ` +- :ref:`Why Cannot I Find My Service in the Traffic Monitoring Topology? ` +- :ref:`How Do I Connect a Service Mesh to Jaeger or Zipkin for Viewing Traces? ` + +.. toctree:: + :maxdepth: 1 + :hidden: + + why_cannot_i_view_traffic_monitoring_data_immediately_after_a_pod_is_started + why_are_the_latency_statistics_on_the_dashboard_page_inaccurate + why_is_the_traffic_ratio_inconsistent_with_that_in_the_traffic_monitoring_chart + why_cant_i_find_certain_error_requests_in_tracing + why_cannot_i_find_my_service_in_the_traffic_monitoring_topology + how_do_i_connect_a_service_mesh_to_jaeger_or_zipkin_for_viewing_traces diff --git a/umn/source/faqs/monitoring_traffic/why_are_the_latency_statistics_on_the_dashboard_page_inaccurate.rst b/umn/source/faqs/monitoring_traffic/why_are_the_latency_statistics_on_the_dashboard_page_inaccurate.rst new file mode 100644 index 0000000..5cb2466 --- /dev/null +++ b/umn/source/faqs/monitoring_traffic/why_are_the_latency_statistics_on_the_dashboard_page_inaccurate.rst @@ -0,0 +1,8 @@ +:original_name: asm_faq_0016.html + +.. _asm_faq_0016: + +Why Are the Latency Statistics on the Dashboard Page Inaccurate? +================================================================ + +The latency statistics displayed on the **Dashboard** page are data of the services that have the highest latency among all the services in all the clusters of your account within the last one minute. Therefore, ensure that the service has been accessed within the last one minute. diff --git a/umn/source/faqs/monitoring_traffic/why_cannot_i_find_my_service_in_the_traffic_monitoring_topology.rst b/umn/source/faqs/monitoring_traffic/why_cannot_i_find_my_service_in_the_traffic_monitoring_topology.rst new file mode 100644 index 0000000..7a61cb4 --- /dev/null +++ b/umn/source/faqs/monitoring_traffic/why_cannot_i_find_my_service_in_the_traffic_monitoring_topology.rst @@ -0,0 +1,10 @@ +:original_name: asm_faq_0023.html + +.. _asm_faq_0023: + +Why Cannot I Find My Service in the Traffic Monitoring Topology? +================================================================ + +#. Select a mesh, cluster, and namespace to monitor service traffic. +#. Check whether the ICAgent collector is correctly installed in the cluster. +#. Check whether the service has been added to the service mesh. diff --git a/umn/source/faqs/monitoring_traffic/why_cannot_i_view_traffic_monitoring_data_immediately_after_a_pod_is_started.rst b/umn/source/faqs/monitoring_traffic/why_cannot_i_view_traffic_monitoring_data_immediately_after_a_pod_is_started.rst new file mode 100644 index 0000000..254111d --- /dev/null +++ b/umn/source/faqs/monitoring_traffic/why_cannot_i_view_traffic_monitoring_data_immediately_after_a_pod_is_started.rst @@ -0,0 +1,9 @@ +:original_name: asm_faq_0015.html + +.. _asm_faq_0015: + +Why Cannot I View Traffic Monitoring Data Immediately After a Pod Is Started? +============================================================================= + +#. Check whether APM has been enabled for the cluster. +#. Traffic monitoring aggregates the collected data. Please wait for a minute for the data to be displayed on the **Traffic Monitoring** page. diff --git a/umn/source/faqs/monitoring_traffic/why_cant_i_find_certain_error_requests_in_tracing.rst b/umn/source/faqs/monitoring_traffic/why_cant_i_find_certain_error_requests_in_tracing.rst new file mode 100644 index 0000000..efb61cf --- /dev/null +++ b/umn/source/faqs/monitoring_traffic/why_cant_i_find_certain_error_requests_in_tracing.rst @@ -0,0 +1,8 @@ +:original_name: asm_faq_0018.html + +.. _asm_faq_0018: + +Why Can't I Find Certain Error Requests in Tracing? +=================================================== + +For performance purposes, the sampling rate of tracing is 10%. That is, 10 of your 100 requests are recorded and displayed on the page. diff --git a/umn/source/faqs/monitoring_traffic/why_is_the_traffic_ratio_inconsistent_with_that_in_the_traffic_monitoring_chart.rst b/umn/source/faqs/monitoring_traffic/why_is_the_traffic_ratio_inconsistent_with_that_in_the_traffic_monitoring_chart.rst new file mode 100644 index 0000000..e077e51 --- /dev/null +++ b/umn/source/faqs/monitoring_traffic/why_is_the_traffic_ratio_inconsistent_with_that_in_the_traffic_monitoring_chart.rst @@ -0,0 +1,8 @@ +:original_name: asm_faq_0017.html + +.. _asm_faq_0017: + +Why Is the Traffic Ratio Inconsistent with That in the Traffic Monitoring Chart? +================================================================================ + +The traffic ratio data is polled every 10 seconds, while the traffic monitoring data shows the traffic situation of the last 10 seconds. diff --git a/umn/source/faqs/service_mesh_cluster/index.rst b/umn/source/faqs/service_mesh_cluster/index.rst index ad99e60..209abe8 100644 --- a/umn/source/faqs/service_mesh_cluster/index.rst +++ b/umn/source/faqs/service_mesh_cluster/index.rst @@ -5,12 +5,12 @@ Service Mesh Cluster ==================== -- :ref:`Why Does a Service Mesh Remain in the Installing Status for a Long Time After I Enable It for a Cluster? ` -- :ref:`Why Does a Service Mesh Remain in the Unready Status for a Long Time After I Uninstall It? ` +- :ref:`Why Does a Service Mesh Remain in the Installing State for a Long Time After I Enable It for a Cluster? ` +- :ref:`Why Does a Service Mesh Remain in the Unready State for a Long Time After I Uninstall It? ` .. toctree:: :maxdepth: 1 :hidden: - why_does_a_service_mesh_remain_in_the_installing_status_for_a_long_time_after_i_enable_it_for_a_cluster - why_does_a_service_mesh_remain_in_the_unready_status_for_a_long_time_after_i_uninstall_it + why_does_a_service_mesh_remain_in_the_installing_state_for_a_long_time_after_i_enable_it_for_a_cluster + why_does_a_service_mesh_remain_in_the_unready_state_for_a_long_time_after_i_uninstall_it diff --git a/umn/source/faqs/service_mesh_cluster/why_does_a_service_mesh_remain_in_the_installing_status_for_a_long_time_after_i_enable_it_for_a_cluster.rst b/umn/source/faqs/service_mesh_cluster/why_does_a_service_mesh_remain_in_the_installing_state_for_a_long_time_after_i_enable_it_for_a_cluster.rst similarity index 61% rename from umn/source/faqs/service_mesh_cluster/why_does_a_service_mesh_remain_in_the_installing_status_for_a_long_time_after_i_enable_it_for_a_cluster.rst rename to umn/source/faqs/service_mesh_cluster/why_does_a_service_mesh_remain_in_the_installing_state_for_a_long_time_after_i_enable_it_for_a_cluster.rst index a26f0e8..21d2d05 100644 --- a/umn/source/faqs/service_mesh_cluster/why_does_a_service_mesh_remain_in_the_installing_status_for_a_long_time_after_i_enable_it_for_a_cluster.rst +++ b/umn/source/faqs/service_mesh_cluster/why_does_a_service_mesh_remain_in_the_installing_state_for_a_long_time_after_i_enable_it_for_a_cluster.rst @@ -2,13 +2,13 @@ .. _asm_faq_0030: -Why Does a Service Mesh Remain in the Installing Status for a Long Time After I Enable It for a Cluster? -======================================================================================================== +Why Does a Service Mesh Remain in the Installing State for a Long Time After I Enable It for a Cluster? +======================================================================================================= Symptom ------- -After I create a service mesh (that is, create a Dedicated mesh) for a CCE cluster, the mesh remains in the installing status for a long time and a message is displayed, indicating that the user security group rules are successfully enabled. +After I create a service mesh (that is, create a Dedicated service mesh) for a CCE cluster, it remains in the installing state for a long time and a message is displayed indicating that the user security group rules are successfully enabled. Fault Diagnosis --------------- @@ -23,4 +23,4 @@ Residual **istio-system** namespaces exist. Solution -------- -Delete the residual **istio-system** namespaces and install the mesh again. +Delete the residual **istio-system** namespaces and install the service mesh again. diff --git a/umn/source/faqs/service_mesh_cluster/why_does_a_service_mesh_remain_in_the_unready_status_for_a_long_time_after_i_uninstall_it.rst b/umn/source/faqs/service_mesh_cluster/why_does_a_service_mesh_remain_in_the_unready_state_for_a_long_time_after_i_uninstall_it.rst similarity index 82% rename from umn/source/faqs/service_mesh_cluster/why_does_a_service_mesh_remain_in_the_unready_status_for_a_long_time_after_i_uninstall_it.rst rename to umn/source/faqs/service_mesh_cluster/why_does_a_service_mesh_remain_in_the_unready_state_for_a_long_time_after_i_uninstall_it.rst index 35c4297..6f4fe5f 100644 --- a/umn/source/faqs/service_mesh_cluster/why_does_a_service_mesh_remain_in_the_unready_status_for_a_long_time_after_i_uninstall_it.rst +++ b/umn/source/faqs/service_mesh_cluster/why_does_a_service_mesh_remain_in_the_unready_state_for_a_long_time_after_i_uninstall_it.rst @@ -2,18 +2,18 @@ .. _asm_faq_0031: -Why Does a Service Mesh Remain in the Unready Status for a Long Time After I Uninstall It? -========================================================================================== +Why Does a Service Mesh Remain in the Unready State for a Long Time After I Uninstall It? +========================================================================================= Symptom ------- -On the ASM console, after I uninstall a service mesh, the mesh remains in the unready status for a long time. +On the ASM console, after I uninstall a service mesh, it remains in the unready state for a long time. Fault Diagnosis --------------- -#. Log in to the CCE console. Click the cluster name to go to the cluster console. In the navigation pane on the left, choose **App Templates**. +#. Log in to the CCE console. Click the cluster name to go to the cluster console. In the navigation pane, choose **App Templates**. #. Click **Releases** and select the target cluster from the drop-down list. Check the releases and the latest events about uninstallation failure. @@ -44,4 +44,4 @@ Solution kubectl delete crd -n istio-system `kubectl get crd -n istio-system | grep istio | awk '{print $1}'` kubectl delete mutatingwebhookconfigurations -n istio-system `kubectl get mutatingwebhookconfigurations -n istio-system | grep istio | awk '{print $1}'` -#. Log in to the ASM console and uninstall the mesh again. +#. Log in to the ASM console and uninstall the service mesh again. diff --git a/umn/source/getting_started/grayscale_release_practices_of_bookinfo.rst b/umn/source/getting_started/grayscale_release_practices_of_bookinfo.rst index e97299e..ea42cdb 100644 --- a/umn/source/getting_started/grayscale_release_practices_of_bookinfo.rst +++ b/umn/source/getting_started/grayscale_release_practices_of_bookinfo.rst @@ -5,7 +5,7 @@ Grayscale Release Practices of Bookinfo ======================================= -Application Service Mesh (ASM) is a service mesh platform developed based on Istio and seamlessly interconnects with Cloud Container Engine (CCE). With better usability, reliability, and visualization, ASM provides you with out-of-the-box features and enhanced user experience. +Application Service Mesh (ASM) is a service mesh platform developed based on Istio and seamlessly interconnects with Cloud Container Engine (CCE). With better usability, reliability, and visualization, ASM provides you with out-of-the-box features and enhanced experience. Introduction ------------ @@ -34,13 +34,13 @@ Bookinfo consists of four independent services developed in different languages. The reviews service has three versions: -- The v1 (1.5.0) version does not call the ratings service. -- The v2 (1.5.1) version calls the ratings service and uses one to five black stars to show ratings. -- The v3 (1.5.2) version calls the ratings service and uses one to five red stars to show ratings. +- v1 (1.17.0) does not call the ratings service. +- v2 (1.17.1) calls the ratings service and uses one to five black stars to show ratings. +- v3 (1.17.2) calls the ratings service and uses one to five red stars to show ratings. .. note:: - To demonstrate traffic switching between versions, this section takes 1.5.1 (rating with black stars) and 1.5.2 (rating with red stars) of the reviews service as examples. + To demonstrate traffic switching between versions, this section takes 1.17.1 (rating with black stars) and 1.17.2 (rating with red stars) of the reviews service as examples. .. figure:: /_static/images/en-us_image_0000001440024745.png @@ -140,15 +140,15 @@ Perform the following operations: .. table:: **Table 1** Image list - =========== ================================ ========== + =========== ================================ ============ Service Image Name Image Tag - =========== ================================ ========== - productpage examples-bookinfo-productpage-v1 1.5.0 - details examples-bookinfo-details-v1 1.5.01.5.0 - ratings examples-bookinfo-ratings-v1 1.5.01.5.0 - reviews examples-bookinfo-reviews-v1 1.5.1 - \ examples-bookinfo-reviews-v1 1.5.2 - =========== ================================ ========== + =========== ================================ ============ + productpage examples-bookinfo-productpage-v1 1.17.0 + details examples-bookinfo-details-v1 1.17.01.17.0 + ratings examples-bookinfo-ratings-v1 1.17.01.17.0 + reviews examples-bookinfo-reviews-v1 1.17.1 + \ examples-bookinfo-reviews-v1 1.17.2 + =========== ================================ ============ The following uses Bookinfo images as an example: @@ -158,48 +158,48 @@ Perform the following operations: Run the following commands in sequence to download the images required by Bookinfo: - **docker pull docker.io/istio/examples-bookinfo-productpage-v1:1.5.0** + **docker pull docker.io/istio/examples-bookinfo-productpage-v1:1.17.0** - **docker pull docker.io/istio/examples-bookinfo-details-v1:1.5.0** + **docker pull docker.io/istio/examples-bookinfo-details-v1:1.17.0** - **docker pull docker.io/istio/examples-bookinfo-ratings-v1:1.5.0** + **docker pull docker.io/istio/examples-bookinfo-ratings-v1:1.17.0** - **docker pull docker.io/istio/examples-bookinfo-reviews-v2:1.5.0** + **docker pull docker.io/istio/examples-bookinfo-reviews-v2:1.17.0** - **docker pull docker.io/istio/examples-bookinfo-reviews-v3:1.5.0** + **docker pull docker.io/istio/examples-bookinfo-reviews-v3:1.17.0** c. Connect to SWR. d. Label the images pulled in :ref:`5.b `. Ensure that the image names and tags are the same as those in :ref:`Table 1 `. - **docker tag docker.io/istio/examples-bookinfo-productpage-v1:1.5.0** *swr.xxxxxxxxx.*\ **/**\ *group*\ **/examples-bookinfo-productpage-v1:1.5.0** + **docker tag docker.io/istio/examples-bookinfo-productpage-v1:1.17.0** *swr.xxxxxxxxx.*\ **/**\ *group*\ **/examples-bookinfo-productpage-v1:1.17.0** - **docker tag docker.io/istio/examples-bookinfo-details-v1:1.5.0** *swr.xxxxxxxxx.*\ **/**\ *group*\ **/examples-bookinfo-details-v1:1.5.0** + **docker tag docker.io/istio/examples-bookinfo-details-v1:1.17.0** *swr.xxxxxxxxx.*\ **/**\ *group*\ **/examples-bookinfo-details-v1:1.17.0** - **docker tag docker.io/istio/examples-bookinfo-ratings-v1:1.5.0** *swr.xxxxxxxxx.*\ **/**\ *group*\ **/examples-bookinfo-ratings-v1:1.5.0** + **docker tag docker.io/istio/examples-bookinfo-ratings-v1:1.17.0** *swr.xxxxxxxxx.*\ **/**\ *group*\ **/examples-bookinfo-ratings-v1:1.17.0** - **docker tag docker.io/istio/examples-bookinfo-reviews-v2:1.5.0** *swr.xxxxxxxxx.*\ **/**\ *group*\ **/examples-bookinfo-reviews-v1:1.5.1** + **docker tag docker.io/istio/examples-bookinfo-reviews-v2:1.17.0** *swr.xxxxxxxxx.*\ **/**\ *group*\ **/examples-bookinfo-reviews-v1:1.17.1** - **docker tag docker.io/istio/examples-bookinfo-reviews-v3:1.5.0** *swr.xxxxxxxxx.*\ **/**\ *group*\ **/examples-bookinfo-reviews-v1:1.5.2** + **docker tag docker.io/istio/examples-bookinfo-reviews-v3:1.17.0** *swr.xxxxxxxxx.*\ **/**\ *group*\ **/examples-bookinfo-reviews-v1:1.17.2** *swr.xxxxxxxxx.* indicates the image repository address, and *group* indicates the organization name. Replace them with the actual values. e. Push the images to the SWR. - **docker push** *swr.xxxxxxxxx.*\ **/**\ *group*\ **/examples-bookinfo-productpage-v1:1.5.0** + **docker push** *swr.xxxxxxxxx.*\ **/**\ *group*\ **/examples-bookinfo-productpage-v1:1.17.0** - **docker push** *swr.xxxxxxxxx.*\ **/**\ *group*\ **/examples-bookinfo-details-v1:1.5.0** + **docker push** *swr.xxxxxxxxx.*\ **/**\ *group*\ **/examples-bookinfo-details-v1:1.17.0** - **docker push** *swr.xxxxxxxxx.*\ **/**\ *group*\ **/examples-bookinfo-ratings-v1:1.5.0** + **docker push** *swr.xxxxxxxxx.*\ **/**\ *group*\ **/examples-bookinfo-ratings-v1:1.17.0** - **docker push** *swr.xxxxxxxxx.*\ **/**\ *group*\ **/examples-bookinfo-reviews-v1:1.5.1** + **docker push** *swr.xxxxxxxxx.*\ **/**\ *group*\ **/examples-bookinfo-reviews-v1:1.17.1** - **docker push** *swr.xxxxxxxxx.*\ **/**\ *group*\ **/examples-bookinfo-reviews-v1:1..5.2** + **docker push** *swr.xxxxxxxxx.*\ **/**\ *group*\ **/examples-bookinfo-reviews-v1:1.17.2** f. Change the image type to **Public**. -Creating a Mesh ---------------- +Creating a Service Mesh +----------------------- #. Log in to the ASM console. @@ -213,11 +213,11 @@ Creating a Mesh - **Mesh Name** - Enter the mesh name. + Enter the service mesh name. - **Istio Version** - Select the Istio version supported by the mesh. + Select the Istio version supported by the service mesh. - **Cluster** diff --git a/umn/source/index.rst b/umn/source/index.rst index 680a870..336c340 100644 --- a/umn/source/index.rst +++ b/umn/source/index.rst @@ -10,3 +10,4 @@ Application Service Mesh - User Guide user_guide/index best_practices/index faqs/index + change_history diff --git a/umn/source/service_overview/infographic_for_asm.rst b/umn/source/service_overview/infographic_for_asm.rst index b634706..d2bd1c5 100644 --- a/umn/source/service_overview/infographic_for_asm.rst +++ b/umn/source/service_overview/infographic_for_asm.rst @@ -7,4 +7,4 @@ Infographic for ASM |image1| -.. |image1| image:: /_static/images/en-us_image_0000001918938240.png +.. |image1| image:: /_static/images/en-us_image_0000002043652974.png diff --git a/umn/source/user_guide/creating_a_service_mesh/creating_a_service_mesh.rst b/umn/source/user_guide/creating_a_service_mesh/creating_a_service_mesh.rst index 77ba7ea..b18066f 100644 --- a/umn/source/user_guide/creating_a_service_mesh/creating_a_service_mesh.rst +++ b/umn/source/user_guide/creating_a_service_mesh/creating_a_service_mesh.rst @@ -1,11 +1,11 @@ -:original_name: asm_01_0020.html +:original_name: asm_01_0084.html -.. _asm_01_0020: +.. _asm_01_0084: Creating a Service Mesh ======================= -ASM allows you to create a service mesh of the Basic edition, which is a standard service mesh available for commercial use. +ASM allows you to create a Basic service mesh for commercial use. Prerequisites ------------- @@ -29,7 +29,7 @@ Procedure - **Mesh Edition** - Only service meshes of the Basic edition are supported. + Only service meshes of the Basic edition are supported for commercial use. - **Mesh Name** @@ -43,49 +43,56 @@ Procedure - **Enable IPv6** - Determine whether to enable IPv6. This option is supported only in Istio 1.18 or later. + Conditions for enabling IPv4/IPv6 dual stack for a service mesh + + +----------------------+---------------+--------------------+--------------------------+-----------------+ + | Service Mesh Edition | Istio Version | Cluster Type | Cluster Network Type | Remarks | + +======================+===============+====================+==========================+=================+ + | Basic edition | 1.18 or later | CCE Turbo clusters | Cloud native network 2.0 | To enable IPv6. | + +----------------------+---------------+--------------------+--------------------------+-----------------+ + + For details, see :ref:`How Do I Create a Service Mesh with IPv4/IPv6 Dual Stack Enabled ` + + .. note:: + + - **Enable IPv6** is only available in Basic service meshes based on Istio 1.18 or later. + - IPv4/IPv6 dual stack cannot be enabled for a service mesh whose Istio version is upgraded to 1.18 or later. + + - IPv4/IPv6 dual stack cannot be disabled once it is enabled for a service mesh. IPv4/IPv6 dual stack cannot be enabled for an existing service mesh. - **Cluster** - Select the target cluster from the cluster list or enter the target cluster name in the upper right corner of the list to search for it. You can select only the clusters which versions are supported by the current mesh version. + Select the cluster from the cluster list or enter the cluster name in the upper right corner of the list to search for it. You can only select the clusters whose versions are supported by the current service mesh version. - **Mesh Control Plane Node** - To install the control plane components for the service mesh of the Basic edition in your cluster, you need to select a node for installation. If HA is required, you can select two or more nodes from different AZs. + The control plane components of the Basic service mesh are installed in the user cluster. Therefore, you need to select a node for installing the control plane. If HA is required, you can select two or more nodes from different AZs. - The selected node is labeled with **istio:master**, and the components are scheduled to this node. + A selected node will be labeled with **istio:master**, and the components will be scheduled to that node. - **Observability Configuration** - **Application Metrics** - If this option is enabled, you can build service access metrics, application topologies, and service health and SLO definitions in the service mesh. + If this option is enabled, you can specify service access metrics, application topologies, and service health and SLO definitions in the service mesh. - - **Access Logging** + - **Tracing** - If this option is enabled, you can query inter-service access records in the service mesh to locate exceptions. After enabling this option, you need to select the Log Tank Service (LTS) log group and log stream. Access logs will be transmitted to the log stream. You can view the access logs on the **Monitoring Center** > **Access Logs** page. + - **Sampling Rate**: Number of requests generated by the tracing service/Total number of requests - .. note:: - - - Only Istio 1.18 or later can work with LTS to collect and store access logs. To ensure logs are reported to LTS, install CCE Log-Agent on the **Add-ons** page in advance. - - - Tracing - - - **Sampling Rate**: Number of requests generated by the tracing/Total number of requests - - - **Version**: the tracing service. If you select **Third-party Jaeger/Zipkin service**, you need to set **Service Address** and **Service Port**, which indicate the address and port number used by the third-party tracing service to receive requests. + - **Version**: tracing service. If you select **Third-party Jaeger/Zipkin service**, you need to set **Service Address** and **Service Port**, which indicate the address and port number used by the third-party tracing service to receive requests. .. note:: - Only Istio 1.15 or later support the third-party tracing service. - - If you want to use the third-party Jaeger or Zipkin service, install Jaeger or Zipkin first. Alternatively, you can obtain the service address after installing Jaeger or Zipkin by referring to section "Installing Jaeger/Zipkin" in the *FAQs*. + - If you want to use the third-party Jaeger or Zipkin service, install it first. Then, obtain the service address. - The default service ports of Jaeger and Zipkin are both 9411. If you customize the service port during Jaeger or Zipkin installation, replace **Service Port** with the actual value. #. (Optional) Configure advanced settings. - - **Sidecar Configuration** + - **Namespace Injection Settings** - Select a namespace and label it with **istio-injection=enabled**. All pods in the namespace will be injected with an istio-proxy sidecar. + Select a namespace and label it with **istio-injection=enabled**. After being restarted, all pods in the namespace will be automatically injected with an istio-proxy sidecar. You can inject a sidecar in **Mesh Configuration** > **Sidecar Management** after the mesh is created. For details, see :ref:`Injecting a Sidecar `. @@ -113,7 +120,7 @@ Procedure - **Exclude only specified ports** means that the traffic from services in a service mesh over the ports except the specified ports will be redirected to the sidecar. - **Outbound IP Ranges**: IP address ranges separated by commas (,) in CIDR format. You can use this field to specify the IP ranges that will be excluded from redirection to the sidecar. + **Outbound IP Ranges**: IP address ranges separated by commas (,) in CIDR format. You can use this field to specify the IP ranges that will be included or excluded for outbound traffic redirection. - **Include only specified IP ranges** means that the traffic from specified IP ranges will be redirected to the sidecar. @@ -123,7 +130,7 @@ Procedure Enter the tag key and tag value. A maximum of 20 tags can be added. -#. Review the service mesh configuration in the **Configuration List** on the right of the page and click **Submit**. +#. Review the service mesh configuration in **Configuration List** on the right of the page and click **Submit**. It takes about 1 to 3 minutes to create a service mesh. If the service mesh status changes from **Installing** to **Running**, the service mesh is successfully created. diff --git a/umn/source/user_guide/creating_a_service_mesh/index.rst b/umn/source/user_guide/creating_a_service_mesh/index.rst index 54496ad..aa1740d 100644 --- a/umn/source/user_guide/creating_a_service_mesh/index.rst +++ b/umn/source/user_guide/creating_a_service_mesh/index.rst @@ -5,7 +5,7 @@ Creating a Service Mesh ======================= -- :ref:`Creating a Service Mesh ` +- :ref:`Creating a Service Mesh ` .. toctree:: :maxdepth: 1 diff --git a/umn/source/user_guide/gateway_management/adding_a_gateway.rst b/umn/source/user_guide/gateway_management/adding_a_gateway.rst index dfd55cf..5dfe381 100644 --- a/umn/source/user_guide/gateway_management/adding_a_gateway.rst +++ b/umn/source/user_guide/gateway_management/adding_a_gateway.rst @@ -33,9 +33,9 @@ Procedure - **Load Balancer** - - Gateways use shared load balancers of ELB for the access over both public and private IPv4 networks. + - Gateways use shared and dedicated load balancers of ELB for the access over both public and private IPv4 networks. - - **Listener** + - **Access Entry** Gateways configure a listener for the load balancer, which listens to requests from the load balancer and distributes traffic. diff --git a/umn/source/user_guide/gateway_management/adding_a_route.rst b/umn/source/user_guide/gateway_management/adding_a_route.rst index b7847d3..a7d723d 100644 --- a/umn/source/user_guide/gateway_management/adding_a_route.rst +++ b/umn/source/user_guide/gateway_management/adding_a_route.rst @@ -5,8 +5,8 @@ Adding a Route ============== -Scenario --------- +Scenarios +--------- You can add multiple routes and configure multiple forwarding policies for a created gateway. diff --git a/umn/source/user_guide/mesh_configuration/index.rst b/umn/source/user_guide/mesh_configuration/index.rst index 43d7589..19ba62f 100644 --- a/umn/source/user_guide/mesh_configuration/index.rst +++ b/umn/source/user_guide/mesh_configuration/index.rst @@ -8,7 +8,7 @@ Mesh Configuration - :ref:`Overview ` - :ref:`Sidecar Management ` - :ref:`Istio Resource Management ` -- :ref:`Service Mesh Extension ` +- :ref:`Upgrades ` .. toctree:: :maxdepth: 1 @@ -17,4 +17,4 @@ Mesh Configuration overview sidecar_management istio_resource_management/index - service_mesh_extension + upgrades/index diff --git a/umn/source/user_guide/mesh_configuration/overview.rst b/umn/source/user_guide/mesh_configuration/overview.rst index f7fa8ca..67f4c6b 100644 --- a/umn/source/user_guide/mesh_configuration/overview.rst +++ b/umn/source/user_guide/mesh_configuration/overview.rst @@ -15,4 +15,4 @@ The functions of each tab page in **Mesh Configuration** are as follows: - **Sidecar Management**: You can view information about all workloads injected with sidecars, perform sidecar injection, and configure sidecar resource limits. For details, see :ref:`Sidecar Management `. - **Istio Resource Management**: You can view all Istio resources (such as VirtualService and DestinationRule), create Istio resources in YAML or JSON format, and modify existing Istio resources. For details, see :ref:`Istio Resource Management `. - **Upgrade**: You can upgrade the version of a service mesh. -- Mesh extension: provides the observability configuration. For details, see :ref:`Service Mesh Extension `. +- **Extensions**: provides the observability configuration. diff --git a/umn/source/user_guide/mesh_configuration/service_mesh_extension.rst b/umn/source/user_guide/mesh_configuration/service_mesh_extension.rst deleted file mode 100644 index b61a94a..0000000 --- a/umn/source/user_guide/mesh_configuration/service_mesh_extension.rst +++ /dev/null @@ -1,33 +0,0 @@ -:original_name: asm_01_0123.html - -.. _asm_01_0123: - -Service Mesh Extension -====================== - -Observability configuration includes access logs, application metrics, and traces of the current service mesh. You can enable application metric collection and access logging. - -.. note:: - - Tracing can be enabled only when a service mesh is created. - -Constraints ------------ - -Only Istio 1.18 or later can work with LTS to collect and store access logs. To enable access logging, install CCE Log-Agent on the **Add-ons** page in advance. - -Enabling Application Metrics ----------------------------- - -#. Log in to the ASM console. -#. Click the name of the service mesh to go to its details page. -#. In the navigation pane, choose **Mesh Configuration**. Then click the tab for displaying service mesh extension. -#. Enable application metrics, select an AOM instance, and click **OK**. - -Enabling Access Logging ------------------------ - -#. Log in to the ASM console. -#. Click the name of the service mesh to go to its details page. -#. In the navigation pane, choose **Mesh Configuration**. Then click the tab for displaying service mesh extension. -#. Enable access logging, select the log group and log stream, and click **OK**. diff --git a/umn/source/user_guide/mesh_configuration/upgrades/features_in_v1.15.rst b/umn/source/user_guide/mesh_configuration/upgrades/features_in_v1.15.rst new file mode 100644 index 0000000..35a5857 --- /dev/null +++ b/umn/source/user_guide/mesh_configuration/upgrades/features_in_v1.15.rst @@ -0,0 +1,13 @@ +:original_name: asm_01_0095.html + +.. _asm_01_0095: + +Features in v1.15 +================= + +- Istio 1.15.7 is supported. +- CCE Turbo clusters v1.21, v1.23, v1.25, and v1.27 are supported. +- CCE clusters v1.21, v1.23, v1.25, and v1.27 are supported. +- Security vulnerabilities such as CVE-2023-44487, CVE-2023-39325 and CVE-2023-27487 are fixed. + +For details, visit https://istio.io/latest/news/releases/1.15.x/announcing-1.15.7/. diff --git a/umn/source/user_guide/mesh_configuration/upgrades/features_in_v1.18.rst b/umn/source/user_guide/mesh_configuration/upgrades/features_in_v1.18.rst new file mode 100644 index 0000000..c14663b --- /dev/null +++ b/umn/source/user_guide/mesh_configuration/upgrades/features_in_v1.18.rst @@ -0,0 +1,13 @@ +:original_name: asm_01_0124.html + +.. _asm_01_0124: + +Features in v1.18 +================= + +- Istio 1.18 is supported. +- CCE Turbo clusters v1.25, v1.27, and v1.28 are supported. +- CCE clusters v1.25, v1.27, and v1.28 are supported. +- Kubernetes Gateway API is supported. + +For details, visit https://istio.io/latest/news/releases/1.18.x/. diff --git a/umn/source/user_guide/mesh_configuration/upgrades/index.rst b/umn/source/user_guide/mesh_configuration/upgrades/index.rst new file mode 100644 index 0000000..6d12382 --- /dev/null +++ b/umn/source/user_guide/mesh_configuration/upgrades/index.rst @@ -0,0 +1,16 @@ +:original_name: asm_01_0082.html + +.. _asm_01_0082: + +Upgrades +======== + +- :ref:`Features in v1.15 ` +- :ref:`Features in v1.18 ` + +.. toctree:: + :maxdepth: 1 + :hidden: + + features_in_v1.15 + features_in_v1.18 diff --git a/umn/source/user_guide/mesh_management/index.rst b/umn/source/user_guide/mesh_management/index.rst index 716a450..e1aaf41 100644 --- a/umn/source/user_guide/mesh_management/index.rst +++ b/umn/source/user_guide/mesh_management/index.rst @@ -5,12 +5,12 @@ Mesh Management =============== -- :ref:`Mesh Events ` -- :ref:`Uninstalling a Mesh ` +- :ref:`Service Mesh Events ` +- :ref:`Uninstalling a Service Mesh ` .. toctree:: :maxdepth: 1 :hidden: - mesh_events - uninstalling_a_mesh + service_mesh_events + uninstalling_a_service_mesh diff --git a/umn/source/user_guide/mesh_management/mesh_events.rst b/umn/source/user_guide/mesh_management/mesh_events.rst deleted file mode 100644 index 0b30079..0000000 --- a/umn/source/user_guide/mesh_management/mesh_events.rst +++ /dev/null @@ -1,23 +0,0 @@ -:original_name: asm_01_0133.html - -.. _asm_01_0133: - -Mesh Events -=========== - -Scenario --------- - -ASM supports the event center, which allows you to query details about important operations such as mesh creation and deletion and gateway creation and deletion. - -.. note:: - - You can view events in a mesh of the Basic edition (1.15 or later). - -Procedure ---------- - -#. Log in to the ASM console and search for the mesh of the Basic edition by edition. -#. Click |image1| in the upper right corner. In the window that slides out from the right, view mesh events. - -.. |image1| image:: /_static/images/en-us_image_0000001698197390.png diff --git a/umn/source/user_guide/mesh_management/service_mesh_events.rst b/umn/source/user_guide/mesh_management/service_mesh_events.rst new file mode 100644 index 0000000..494391a --- /dev/null +++ b/umn/source/user_guide/mesh_management/service_mesh_events.rst @@ -0,0 +1,23 @@ +:original_name: asm_01_0133.html + +.. _asm_01_0133: + +Service Mesh Events +=================== + +Scenarios +--------- + +ASM supports the event center, which allows you to query details about important operations such as service mesh creation and deletion and gateway creation and deletion. + +.. note:: + + You can view events in a Basic service mesh (based on Istio 1.15 or later). + +Procedure +--------- + +#. Log in to the ASM console and search for the Basic service mesh by edition. +#. Click |image1| in the upper right corner. In the window that slides out from the right, view service mesh events. + +.. |image1| image:: /_static/images/en-us_image_0000001698197390.png diff --git a/umn/source/user_guide/mesh_management/uninstalling_a_mesh.rst b/umn/source/user_guide/mesh_management/uninstalling_a_service_mesh.rst similarity index 70% rename from umn/source/user_guide/mesh_management/uninstalling_a_mesh.rst rename to umn/source/user_guide/mesh_management/uninstalling_a_service_mesh.rst index 0432b10..9def5e3 100644 --- a/umn/source/user_guide/mesh_management/uninstalling_a_mesh.rst +++ b/umn/source/user_guide/mesh_management/uninstalling_a_service_mesh.rst @@ -2,18 +2,18 @@ .. _asm_01_0086: -Uninstalling a Mesh -=================== +Uninstalling a Service Mesh +=========================== -Scenario --------- +Scenarios +--------- -When a mesh is no longer needed, you can uninstall it. +If you no longer need a service mesh, you can uninstall it. Constraints ----------- -- To uninstall a mesh in which a grayscale release task is running, you need to complete the grayscale release first. +- To uninstall a service mesh in which a grayscale release task is running, you need to complete the grayscale release first. - You need to ensure available nodes exist in the clusters for running the cleanup task to avoid uninstallation failure. Procedure @@ -21,7 +21,7 @@ Procedure #. Log in to the ASM console. -#. Click |image1| in the target mesh. +#. Click |image1| in the service mesh. #. On the dialogue box displayed, select whether to restart existing services and read the precautions. @@ -31,13 +31,13 @@ Procedure You are advised to restart existing services to avoid the following exceptions: If the cluster enables the current mesh again after it is uninstalled, gateway access failed. - - Uninstalling a mesh will uninstall its control plane components and data plane sidecars. + - Uninstalling a service mesh will uninstall its control plane components and data plane sidecars. - After the uninstallation, service gateways of applications cannot be used. Configure Services for external access to applications. To update the external access mode, log in to the CCE console and click the cluster name to go to the cluster console. Then, choose **Services & Ingresses** > **Services**. - - Uninstalling a mesh will delete the labels of the mesh exclusive nodes, but the Istio-master node will not be automatically deleted. You can delete it on the CCE console. + - Uninstalling a service mesh will delete the labels of the Istio exclusive nodes, but the Istio-master node will not be automatically deleted. You can delete it on the CCE console. To view node information, log in to the CCE console and click the cluster name to go to the cluster console. In the navigation pane on the left, choose **Nodes** > **Nodes**. diff --git a/umn/source/user_guide/security/authenticating_jwt_requests_on_the_ingress_gateway_using_asm.rst b/umn/source/user_guide/security/authenticating_jwt_requests_on_the_ingress_gateway_using_asm.rst index 87ab099..6d89be1 100644 --- a/umn/source/user_guide/security/authenticating_jwt_requests_on_the_ingress_gateway_using_asm.rst +++ b/umn/source/user_guide/security/authenticating_jwt_requests_on_the_ingress_gateway_using_asm.rst @@ -10,7 +10,7 @@ This section describes how to authenticate JWT requests on the ingress gateway u Preparations ------------ -#. A mesh of version 1.15 or 1.18 has been created. +#. A service mesh of version 1.15 or 1.18 has been created. #. The **httpbin** service that passes the diagnosis exists in the mesh. The image is **httpbin**, the port protocol is **HTTP**, and the port number is **80**. #. An accessible gateway has been created for the **httpbin** service in the mesh. @@ -143,4 +143,4 @@ Checking Whether JWT Authentication Takes Effect server: istio-envoy x-envoy-upstream-service-time: 6 - According to the preceding outputs, the request with the correct JWT token can access the service, and the request with an incorrect JWT token or without a JWT token cannot access the service, which indicate that the request identity authentication takes effect. + According to the preceding outputs, the request with the correct JWT token can access the service, and the request with an incorrect JWT token or without a JWT token cannot access the service. This means the request identity authentication takes effect. diff --git a/umn/source/user_guide/service_management/auto_fixing_items/the_service_port_name_complies_with_the_istio_specifications.rst b/umn/source/user_guide/service_management/auto_fixing_items/the_service_port_name_complies_with_the_istio_specifications.rst index 431720d..7afb08e 100644 --- a/umn/source/user_guide/service_management/auto_fixing_items/the_service_port_name_complies_with_the_istio_specifications.rst +++ b/umn/source/user_guide/service_management/auto_fixing_items/the_service_port_name_complies_with_the_istio_specifications.rst @@ -21,9 +21,9 @@ If the Service port name is invalid, this item is abnormal. Rectification Guide ------------------- -#. Log in to the CCE console. +#. Log in to the CCE console and click the cluster name to go to the cluster console. -#. Click the cluster name to go to the cluster console. In the navigation pane on the left, choose **Services & Ingresses**. On the **Services** tab, search for the Service by cluster name and namespace and click **Edit YAML**. Then, view the Service protocol and add a protocol type before the service name. +#. In the navigation pane, choose **Services & Ingresses**. Click the **Service** tab, search for the Service by cluster name and namespace, and click **Edit YAML**. Then, view the Service protocol and add a protocol type before the Service name. |image1| diff --git a/umn/source/user_guide/service_management/auto_fixing_items/the_service_selector_cannot_contain_version_labels.rst b/umn/source/user_guide/service_management/auto_fixing_items/the_service_selector_cannot_contain_version_labels.rst index 1fdec0e..cf0d3e1 100644 --- a/umn/source/user_guide/service_management/auto_fixing_items/the_service_selector_cannot_contain_version_labels.rst +++ b/umn/source/user_guide/service_management/auto_fixing_items/the_service_selector_cannot_contain_version_labels.rst @@ -13,9 +13,9 @@ The **spec.selector** of a Service cannot be labeled with **version**. Otherwise Rectification Guide ------------------- -#. Log in to the CCE console. +#. Log in to the CCE console and click the cluster name to go to the cluster console. -#. Click the cluster name to go to the cluster console. In the navigation pane on the left, choose **Services & Ingresses**. On the **Services** tab, search for the Service by cluster name and namespace and click **Edit YAML**. Then, view the selector (specified by **spec.selector**) of the Service and delete the **version** label. +#. In the navigation pane, choose **Services & Ingresses**. Click the **Service** tab, search for the Service by cluster name and namespace, click **Edit YAML**. Then, view **spec.selector** and delete the **version** label. |image1| diff --git a/umn/source/user_guide/traffic_management/changing_a_traffic_policy.rst b/umn/source/user_guide/traffic_management/changing_a_traffic_policy.rst index dd7fd2f..cf4cf76 100644 --- a/umn/source/user_guide/traffic_management/changing_a_traffic_policy.rst +++ b/umn/source/user_guide/traffic_management/changing_a_traffic_policy.rst @@ -5,8 +5,8 @@ Changing a Traffic Policy ========================= -Scenario --------- +Scenarios +--------- You can change the settings of a configured traffic policy. For example, you can change the load balancing algorithm from **Round robin** to **Random**. diff --git a/umn/source/user_guide/traffic_management/configuring_a_traffic_policy.rst b/umn/source/user_guide/traffic_management/configuring_a_traffic_policy.rst index ea80405..862011b 100644 --- a/umn/source/user_guide/traffic_management/configuring_a_traffic_policy.rst +++ b/umn/source/user_guide/traffic_management/configuring_a_traffic_policy.rst @@ -22,7 +22,7 @@ Configuring a Traffic Policy +-------------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+---------------+ | Parameter | Description | Value Range | +===================+=============================================================================================================================================================================================================================================================================================================================+===============+ - | Retries | Maximum number of retries allowed for a single request. The default retry interval is 25 ms. The actual number of retries depends on the configured timeout period and retry timeout period. | 1-2147483647 | + | Retries | Maximum number of retries allowed for a single request. The default retry interval is 25 ms. The actual number of retries depends on the configured timeout period and retry timeout period. | 1-4294967295 | +-------------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+---------------+ | Retry Timeout (s) | Timeout period of an initial or retry request. The default value is the same as the timeout period configured in the **Timeout** area below. | 0.001-2592000 | +-------------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+---------------+ @@ -54,9 +54,9 @@ Configuring a Traffic Policy +---------------------------------+-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+---------------+ | Parameter | Description | Value Range | +=================================+===========================================================================================================================================================================================+===============+ - | Maximum Number of Connections | Maximum number of HTTP/TCP connections to the target service. The default value is **4294967295**. | 1-2147483647 | + | Maximum Number of Connections | Maximum number of HTTP/TCP connections to the target service. The default value is **4294967295**. | 1-4294967295 | +---------------------------------+-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+---------------+ - | Maximum Number of Non-responses | Maximum number of keepalive probes to be sent before the connection is determined to be invalid. By default, the OS-level configuration is used. (The default value is **9** for Linux.) | 1-2147483647 | + | Maximum Number of Non-responses | Maximum number of keepalive probes to be sent before the connection is determined to be invalid. By default, the OS-level configuration is used. (The default value is **9** for Linux.) | 1-4294967295 | +---------------------------------+-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+---------------+ | Health Check Interval (s) | Time interval between two keepalive probes. By default, the OS-level configuration is used. (The default value is **75** for Linux.) | 0.001-2592000 | +---------------------------------+-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+---------------+ @@ -70,13 +70,13 @@ Configuring a Traffic Policy +-------------------------------------------+----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+---------------+ | Parameter | Description | Value Range | +===========================================+============================================================================================================================================================================================================================+===============+ - | Maximum Number of Requests | Maximum number of requests that can be forwarded to a single service pod. The default value is **4294967295**. | 1-2147483647 | + | Maximum Number of Requests | Maximum number of requests that can be forwarded to a single service pod. The default value is **4294967295**. | 1-4294967295 | +-------------------------------------------+----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+---------------+ - | Maximum Number of Pending Requests | Maximum number of HTTP requests that can be forwarded to the target service for processing. The default value is **4294967295**. | 1-2147483647 | + | Maximum Number of Pending Requests | Maximum number of HTTP requests that can be forwarded to the target service for processing. The default value is **4294967295**. | 1-4294967295 | +-------------------------------------------+----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+---------------+ | Maximum Connection Idle Period (s) | Timeout period of an idle upstream service connection. If there is no active request within this time period, the connection will be closed. The default value is **3600** (1 hour). | 0.001-2592000 | +-------------------------------------------+----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+---------------+ - | Maximum Retries | Maximum number of retries of all service pods within a specified period. The default value is **4294967295**. | 1-2147483647 | + | Maximum Retries | Maximum number of retries of all service pods within a specified period. The default value is **4294967295**. | 1-4294967295 | +-------------------------------------------+----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+---------------+ | Maximum Number of Requests Per Connection | Maximum number of requests for each connection to the backend. If this parameter is set to **1**, the keepalive function is disabled. The default value is **0**, indicating infinite. The maximum value is **536870912**. | 1-536870912 | +-------------------------------------------+----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+---------------+ @@ -94,7 +94,7 @@ Configuring a Traffic Policy +----------------------------------------+-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+---------------+ | Parameter | Description | Value Range | +========================================+=============================================================================================================================================================================================================================================================+===============+ - | Consecutive Errors | Number of consecutive errors in a specified time period. If the number of consecutive errors exceeds the parameter value, the pod will be ejected. The default value is **5**. | 1-2147483647 | + | Consecutive Errors | Number of consecutive errors in a specified time period. If the number of consecutive errors exceeds the parameter value, the pod will be ejected. The default value is **5**. | 1-4294967295 | +----------------------------------------+-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+---------------+ | Base Ejection Time (s) | Base ejection time of a service pod that meets the outlier detection conditions. The actual ejection time of a service pod = Base ejection time x Number of ejection times. The value must be greater than or equal to 0.001s. The default value is **30**. | 0.001-2592000 | +----------------------------------------+-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+---------------+ diff --git a/umn/source/user_guide/traffic_management/index.rst b/umn/source/user_guide/traffic_management/index.rst index bc0167b..f0f34fd 100644 --- a/umn/source/user_guide/traffic_management/index.rst +++ b/umn/source/user_guide/traffic_management/index.rst @@ -7,7 +7,6 @@ Traffic Management - :ref:`Overview ` - :ref:`Configuring a Traffic Policy ` -- :ref:`Viewing Traffic Monitoring ` - :ref:`Changing a Traffic Policy ` .. toctree:: @@ -16,5 +15,4 @@ Traffic Management overview configuring_a_traffic_policy - viewing_traffic_monitoring changing_a_traffic_policy diff --git a/umn/source/user_guide/traffic_management/viewing_traffic_monitoring.rst b/umn/source/user_guide/traffic_management/viewing_traffic_monitoring.rst deleted file mode 100644 index 250e05e..0000000 --- a/umn/source/user_guide/traffic_management/viewing_traffic_monitoring.rst +++ /dev/null @@ -1,28 +0,0 @@ -:original_name: asm_01_0051.html - -.. _asm_01_0051: - -Viewing Traffic Monitoring -========================== - -Scenario --------- - -In the traffic management window, you can view the traffic monitoring data of the last hour, including RPS, success rate, and request latency. - -Procedure ---------- - -#. Log in to the ASM console and click the name of the target service mesh to go to its details page. - -#. In the navigation pane, choose **Service Management**. In the upper right corner of the list, select the namespace that your services belong to. - -#. Locate the target service and click **Manage Traffic** in the **Operation** column. In the window that slides out from the right, view the traffic monitoring data of the last hour. - - - .. figure:: /_static/images/en-us_image_0000001280416429.png - :alt: **Figure 1** Traffic monitoring - - **Figure 1** Traffic monitoring - -#. After real-time monitoring is enabled, data is dynamically refreshed every minute.