After you create an Alibaba Cloud Service Mesh (ASM) instance, you can edit the ASM instance as required. This topic describes how to edit an ASM instance.

  1. Log on to the ASM console.
  2. In the left-side navigation pane, choose Service Mesh > Mesh Management.
  3. On the Mesh Management page, find the ASM instance that you want to edit and click Manage in the Actions column.
  4. On the details page of the ASM instance, click Settings in the upper-right corner. In the Settings Update panel, modify the parameters as required.
    Parameter Description
    Observability Specifies whether to enable Tracing Analysis for the ASM instance.
    ASM integrates with Tracing Analysis. Tracing Analysis provides a wide range of tools to help you identify the performance bottlenecks of distributed applications. You can use the tools to map traces, display trace topologies, analyze application dependencies, and calculate the number of requests. This helps you improve the efficiency of developing and troubleshooting distributed applications.
    Note Before you enable Tracing Analysis, make sure that you have activated Tracing Analysis in the Tracing Analysis console.
    Specifies whether to enable Prometheus for the ASM instance.
    Specifies whether to enable Kiali for the ASM instance.
    Kiali for ASM is a tool that is used to observe ASM instances. This tool provides a GUI that allows you to view related services and configurations.
    Note To enable Kiali, you must enable Prometheus.
    Specifies whether to enable access log query.

    Container Service for Kubernetes (ACK) integrates with Log Service. You can collect the access logs of clusters on the data plane of an ASM instance. To use the log collection feature for an ASM instance, you must enable access log query for the ASM instance.

    Traffic Management Specifies whether to use HTTP/1.

    By default, HTTP/2 is used. To use HTTP/1, select Enable HTTP 1.0.

    Specifies whether to route traffic to the nearest instances of application services.

    ASM uses Envoy proxies to ensure global load balancing among application services. You can deploy multiple instances for application services in ACK clusters across different regions. ASM collects and sends the information about the status, routes, and backend servers of application services to Envoy proxies. This way, the Envoy proxies can route traffic to the optimal instances of application services. When an Envoy proxy sends a request to an application service, ASM prioritizes the workload instances of the application service based on the location of the Envoy proxy. If you select Enable Nearby Access and all instances of the application service are normal, requests from Envoy proxies are preferentially sent to the nearest instances.

    Policy Control Specifies whether to enable the Open Policy Agent (OPA) plug-in.

    ASM integrates with OPA to help you implement fine-grained access control on your applications. If you enable the OPA plug-in, OPA containers, together with the Envoy proxy containers of Istio, are injected into the pods of applications. Then, you can use OPA to define access control policies. This out-of-the-box feature improves your efficiency in developing distributed applications.

    Blocked Addresses for External Access The CIDR blocks in the ASM instance that are not allowed to access external services. Separate multiple CIDR blocks with commas (,). If you do not set this parameter, all CIDR blocks in the ASM instance are not allowed to access external services.
    Resource Settings for Injected Proxies The resources that are required by a sidecar.
    Note
    • Resource limits: By default, each sidecar can be allocated up to 2 CPU cores and 1,024 MiB of memory.
    • Resource requirements: By default, each sidecar is allocated 0.1 CPU cores and 128 MiB of memory.
    External Access Policy The policy that is used to control access to external services. Valid values:
    • ALLOW_ANY: allows applications in the ASM instance to access all external services.
    • REGISTRY_ONLY: allows applications in the ASM instance to access only the external services that are registered in the ASM instance.
    Resource Settings for Sidecar Injection The resources that are required for sidecar injection.

    Allows you to set resource requirements and resource limits for sidecar injection.

    Enable Automatic Sidecar Injection The mode of automatic sidecar injection. For more information, see Enable automatic sidecar injection.
  5. Click OK.