After you create a Service Mesh (ASM) instance, you can modify the ASM instance as required. This topic describes how to modify an ASM instance.
Log on to the ASM console.
In the left-side navigation pane, choose .
On the Mesh Management page, find the ASM instance that you want to configure. Click the name of the ASM instance or click Manage in the Actions column.
On the Basic Information page, click Settings in the upper-right corner. In the Settings Update panel, modify the parameters as needed and click OK. The following table describes some of the parameters.
Parameter
Description
Observability
Specifies whether to enable Tracing Analysis for the ASM instance. If you enable this feature, you must set the Sampling Percentage and Sampling Method parameters.
ASM integrates with Tracing Analysis. Tracing Analysis provides a wide range of tools to help you efficiently identify the performance bottlenecks of distributed applications. You can use these tools to view trace data, display trace topologies, analyze application dependencies, and count the number of requests. This improves your efficiency in developing and troubleshooting distributed applications. For more information, see Use Tracing Analysis to trace applications inside and outside an ASM instance.
NoteBefore you enable Tracing Analysis for the ASM instance, make sure that you have activated Tracing Analysis in the Alibaba Cloud Console.
Specifies whether to enable Prometheus for the ASM instance. If you enable this feature, select whether to use the Prometheus service provided by Alibaba Cloud or use a self-managed Prometheus system.
ASM supports Application Real-Time Monitoring Service (ARMS) Prometheus and self-managed Prometheus systems. This helps you monitor ASM instances. For more information, see Monitor service meshes based on ARMS Prometheus and Monitor ASM instances by using a self-managed Prometheus instance.
Specifies whether to enable ASM Mesh Topology. If you enable this feature and use a self-managed Prometheus system, you need to specify the Prometheus endpoint.
ASM Mesh Topology is a tool that is used to observe ASM instances. This tool provides a GUI that allows you to view related services and configurations. For more information, see Enable Mesh Topology to observe an ASM instance in the ASM console.
NoteBefore you enable ASM Mesh Topology, make sure that you have enabled Prometheus.
Specifies whether to enable access log collection.
The Envoy proxy that is deployed on the data plane generates logs for all access records. The data plane contains the Kubernetes clusters that are added to the ASM instance. You can enable the access log collection feature. After that, you can view the access logs on the data plane. For more information, see Customize access logs of clusters on the data plane.
Specifies whether to enable access log query. If you enable this feature, you must set the Log Service Project parameter to use the default or existing project in Log Service.
Container Service for Kubernetes (ACK) integrates with Log Service. You can collect the access logs of clusters on the data plane of an ASM instance. To use the log collection feature for an ASM instance, you must enable access log query for the ASM instance. For more information, see Use Log Service to collect logs of ingress gateways on the data plane and Use Log Service to collect access logs on the data plane.
Traffic Management
Specifies whether to use HTTP/1.
By default, HTTP/2 is used. To use HTTP/1, select Enable HTTP 1.0.
Policy Control
Specifies whether to enable the Open Policy Agent (OPA) plug-in.
ASM integrates with OPA to help you implement fine-grained access control on your applications. If you enable the OPA plug-in, OPA proxy containers are injected into the pods of applications. Then, you can use OPA to define access control policies. This out-of-box feature improves your efficiency in developing distributed applications. For more information, see Use OPA to implement fine-grained access control in ASM.
Data Plane Extension
Specifies whether to use the WebAssembly (Wasm)-based ASM instance extension.
ASM supports Wasm. You can deploy Wasm filters in the Envoy proxy that is used to manage clusters on the data plane. This helps you extend the data plane with new features. For more information, see Write WASM filters for Envoy and deploy them in ASM.
Service Mesh Resource Configuration
Specifies whether to enable version control for custom Istio resources.
ASM provides the rollback feature for Istio resources. This feature records up to five most recent versions of Istio resources. For more information, see Roll back an Istio resource to an earlier version.
Specifies whether to allow the Kubernetes API of clusters on the data plane to access Istio resources.
ASM allows you to create, delete, modify, and query Istio resources by using the Kubernetes API of clusters on the data plane. For more information, see Use the Kubernetes API of clusters on the data plane to access Istio resources.
Performance Optimization
Specifies whether to enable MultiBuffer-based TLS encryption and decryption performance optimization.
ASM combines with Intel Multi-Buffer to accelerate TLS processing in Envoy to alleviate the bottleneck. For more information, see Enable Multi-Buffer for TLS acceleration.
NoteThis feature is supported only by ASM instances of Enterprise Edition and Ultimate Edition.