Enabling and disabling the Canonical Service controller

Note: Canonical Services are supported automatically in Cloud Service Mesh version 1.6.8 and higher.

When you install or upgrade Cloud Service Mesh using the asmcli, it deploys the Canonical Service controller to your cluster. The Canonical Service controller groups workloads belonging to the same logical service, and is required for the full functionality of the Services dashboard in the Google Cloud console. Deploying the controller creates the canonical-service-controller-manager deployment in your cluster in the asm-system namespace, and does not affect your services or workloads.

If you didn't use the asmcli tool to install Cloud Service Mesh, you might not have the Canonical Service controller enabled on your cluster. To determine if the Canonical Service controller is enabled on your cluster:

kubectl get services -n asm-system

Enable the in-cluster Canonical Service controller

If the Canonical Service controller isn't enabled, you can enable it with the following steps:

  1. Download the kpt package that contains the controller to the current working directory:

    kpt pkg get https://github.com/GoogleCloudPlatform/anthos-service-mesh-packages.git/asm@release-1.19 asm

  2. Apply the controller configuration:

        kubectl apply -f asm/canonical-service/controller.yaml

Disable the in-cluster Canonical Service controller

If you want to disable the Canonical Service controller:

  1. Download the kpt package that contains the controller to the current working directory:

    kpt pkg get https://github.com/GoogleCloudPlatform/anthos-service-mesh-packages.git/asm@release-1.19 asm

  2. Delete the controller from your cluster:

    kubectl delete -f asm/canonical-service/controller.yaml

Enable the Managed Canonical Service Controller

If you would prefer not to install the in-cluster controller, you can instead enable the Managed Canonical Service Controller, which performs the same function for all the registered clusters in your mesh without the need to install or manage the controller yourself.

The managed controller is designed to yield to the in-cluster controller. If you are migrating from the in-cluster controller, you must delete the in-cluster controller from each cluster it is running on for the managed controller to take over. For more information, see Disable the in-cluster Canonical Service controller.

To enable the Managed controller:

Anthos Features Page

  1. In the Google Cloud console, go to the GKE Enterprise Clusters page.

    Go to the GKE Enterprise Clusters page

  2. "Register" all the clusters in your mesh.

  3. In the Google Cloud console, go to the GKE Enterprise Features page.

    Go to the GKE Enterprise Features page

  4. Click Enable next to the "Service Mesh" feature

After a few minutes, the Managed controller activates and creates Canonical Services for the workloads running on registered clusters in your mesh. Run kubectl get canonicalservices --all-namespaces to confirm that some Canonical Services have been created for the workloads in your mesh.

GKE cluster creation

If you used the Enable Cloud Service Mesh option when creating a new GKE cluster, then the Managed Canonical Service Controller was installed by default.

Ensure you are running the Managed Canonical Service Controller by running the following command:

gcloud beta container hub mesh describe --project=PROJECT_ID

The description states that the Canonical Services are reconciled successfully:

  projects/<your project number>/locations/global/memberships/<your cluster name>:
    code: OK
    description: |-
      Revision(s) ready for use: asm-managed.
      All Canonical Services have been reconciled successfully.
    servicemeshFeatureState: {}
    updateTime: '2021-11-16T21:10:36.289467777Z'

If the Canonical Services aren't reconciled successfully, there will either be an error message, or an output similar to the following message:

  projects/<your project number>/locations/global/memberships/<your cluster name>:
    code: OK
    description: |-
      Revision(s) ready for use: istiod-asm-173-6.
      The Managed Canonical Service Controller is yielding to the in-cluster controller.  See https://cloud.google.com/service-mesh/v1.19/docs/canonical-service-controller-enable-and-disable#disable-in-cluster-service-controller for instructions on removing the in-cluster controller.
    servicemeshFeatureState: {}
    updateTime: '2021-11-16T21:05:43.286828851Z'
  lifecycleState: ENABLED

Managed control plane installation

If you installed managed Cloud Service Mesh (with the fleet API or with asmcli), then the Managed Canonical Service Controller was installed by default.

Ensure you are running the Managed Canonical Service Controller by running the following command:

gcloud beta container hub mesh describe --project=PROJECT_ID

The description states that the Canonical Services are reconciled successfully:

  projects/<your project number>/locations/global/memberships/<your cluster name>:
    code: OK
    description: |-
      Revision(s) ready for use: asm-managed.
      All Canonical Services have been reconciled successfully.
    servicemeshFeatureState: {}
    updateTime: '2021-11-16T21:10:36.289467777Z'

If the Canonical Services aren't reconciled successfully, there will either be an error message, or an output similar to the following message:

  projects/<your project number>/locations/global/memberships/<your cluster name>:
    code: OK
    description: |-
      Revision(s) ready for use: istiod-asm-173-6.
      The Managed Canonical Service Controller is yielding to the in-cluster controller.  See https://cloud.google.com/service-mesh/v1.19/docs/canonical-service-controller-enable-and-disable#disable-in-cluster-service-controller for instructions on removing the in-cluster controller.
    servicemeshFeatureState: {}
    updateTime: '2021-11-16T21:05:43.286828851Z'
  lifecycleState: ENABLED

What's next

Learn about: