All Products
Search

This Product

    Resource Orchestration Service:ALIYUN::ASM::ServiceMesh

    Document Center

    Resource Orchestration Service:ALIYUN::ASM::ServiceMesh

    Last Updated:May 17, 2023

    ALIYUN::ASM::ServiceMesh is used to create an Alibaba Cloud Service Mesh (ASM) instance.

    Syntax

    {
  "Type": "ALIYUN::ASM::ServiceMesh",
  "Properties": {
    "EnableAudit": Boolean,
    "OPA": Map,
    "IstioVersion": String,
    "ApiServerPublicEip": Boolean,
    "LocalityLoadBalancing": Boolean,
    "Telemetry": Boolean,
    "OutboundTrafficPolicy": String,
    "AuditProject": String,
    "TraceSampling": Number,
    "Name": String,
    "Proxy": Map,
    "VpcId": String,
    "PilotPublicEip": Boolean,
    "IncludeIPRanges": String,
    "VSwitches": List,
    "Tracing": Boolean,
    "CustomizedZipkin": Boolean
  }
}

    Properties

    Property

    Type

    Required

    Editable

    Description

    Constraint

    EnableAudit

    Boolean

    No

    Yes

    Specifies whether to enable the mesh audit feature.

    Valid values:

    • true

    • false (default)

    Note

    To enable this feature, make sure that Log Service is activated.

    OPA

    Map

    No

    Yes

    The information about the Open Policy Agent (OPA) plug-in.

    For more information, see OPA properties.

    IstioVersion

    String

    No

    No

    The Istio version of the instance.

    None.

    ApiServerPublicEip

    Boolean

    No

    No

    Specifies whether to expose the API server to the Internet.

    Valid values:

    • true

    • false (default)

    LocalityLoadBalancing

    Boolean

    No

    Yes

    Specifies whether to route traffic to the nearest instance.

    Valid values:

    • true

    • false (default)

    Telemetry

    Boolean

    No

    Yes

    Specifies whether to enable Prometheus monitoring.

    We recommend that you use Prometheus Service of Application Real-Time Monitoring Service (ARMS).

    OutboundTrafficPolicy

    String

    No

    Yes

    The outbound traffic policy.

    Valid values:

    • ALLOW_ANY

    • REGISTRY_ONLY

    AuditProject

    String

    No

    Yes

    The name of the log project that is used for mesh audit.

    Default value: mesh-log-{meshId}.

    TraceSampling

    Number

    No

    Yes

    The sampling percentage of tracing analysis.

    None.

    Name

    String

    No

    No

    The name of the instance.

    None.

    Proxy

    Map

    No

    Yes

    The proxy configurations.

    For more information, see Proxy properties.

    VpcId

    String

    Yes

    No

    The virtual private cloud (VPC) ID.

    None.

    PilotPublicEip

    Boolean

    No

    No

    Specifies whether to expose Istio Pilot to the Internet.

    Valid values:

    • true

    • false (default)

    IncludeIPRanges

    String

    No

    Yes

    The IP address ranges of external services to which traffic is intercepted.

    None.

    VSwitches

    List

    Yes

    No

    The vSwitch ID.

    None.

    Tracing

    Boolean

    No

    Yes

    Specifies whether to enable the tracing analysis feature.

    Valid values:

    • true

    • false (default)

    Note

    To enable this feature, make sure that Tracing Analysis is activated.

    CustomizedZipkin

    Boolean

    No

    Yes

    Specifies whether to enable self-managed Zipkin.

    Valid values:

    • true

    • false

    OPA syntax

    "OPA": {
  "OPARequestCPU": String,
  "OpenAgentPolicy": Boolean,
  "OPALogLevel": String,
  "OPALimitCPU": String,
  "OPALimitMemory": String,
  "OPARequestMemory": String
}

    OPA properties

    Property

    Type

    Required

    Editable

    Description

    Constraint

    OPARequestCPU

    String

    No

    Yes

    The number of CPU cores that are requested by the OPA proxy container.

    None.

    OpenAgentPolicy

    Boolean

    No

    Yes

    Specifies whether to enable the OPA plug-in.

    Valid values:

    • true

    • false (default)

    OPALogLevel

    String

    No

    Yes

    The log level of the OPA proxy container.

    None.

    OPALimitCPU

    String

    No

    Yes

    The maximum number of CPU cores that are available for the OPA proxy container.

    None.

    OPALimitMemory

    String

    No

    Yes

    The maximum memory size that is available for the OPA proxy container.

    None.

    OPARequestMemory

    String

    No

    Yes

    The memory size that is requested by the OPA proxy container.

    None.

    Proxy syntax

    "Proxy": {
  "ClusterDomain": String,
  "ProxyLimitCPU": String,
  "ProxyLimitMemory": String,
  "ProxyRequestCPU": String,
  "ProxyRequestMemory": String
}

    Proxy properties

    Property

    Type

    Required

    Editable

    Description

    Constraint

    ClusterDomain

    String

    No

    Yes

    The cluster domain of the instance.

    None.

    ProxyLimitCPU

    String

    No

    Yes

    The maximum number of CPU cores that are available for the proxy.

    None.

    ProxyLimitMemory

    String

    No

    Yes

    The maximum memory size that is available for the proxy.

    None.

    ProxyRequestCPU

    String

    No

    Yes

    The number of CPU cores that are requested by the proxy.

    None.

    ProxyRequestMemory

    String

    No

    Yes

    The memory size that is requested by the proxy.

    None.

    Return values

    Fn::GetAtt

    ServiceMeshId: The ID of the instance.

    Examples

    YAML format

    ROSTemplateFormatVersion: '2015-09-01'
Parameters:
  ZoneId:
    Type: String
    Description: Create an Availability Zone for an instance to ensure that the Availability Zone supports the creation of Memcache resource specifications.
    AssociationProperty: ALIYUN::ECS::Instance::ZoneId
    Label: Zone ID
  VPC:
    AssociationProperty: ALIYUN::ECS::VPC::VPCId
    Type: String
    Description: Please search the ID starts with (vpc-xxx)from console-Virtual Private Cloud
    Label: Existing VPC Instance ID
  VSwitch:
    AssociationProperty: ALIYUN::ECS::VSwitch::VSwitchId
    Type: String
    Description: Please search the business VSwitch ID starts with(vsw-xxx)from console-Virtual Private Cloud-VSwitches
    Label: Existing VSwitch ID
    AssociationPropertyMetadata:
      VpcId: VPC
      ZoneId: ZoneId
Resources:
  ServiceMesh:
    Type: ALIYUN::ASM::ServiceMesh
    Properties:
      VpcId:
        Ref: VPC
      VSwitches:
        - Ref: VSwitch
Outputs:
  ServiceMeshId:
    Description: The ID of the ASM instance.
    Value:
      Fn::GetAtt:
        - ServiceMesh
        - ServiceMeshId

    JSON format

    {
  "ROSTemplateFormatVersion": "2015-09-01",
  "Parameters": {
    "ZoneId": {
      "Type": "String",
      "Description": "Create an Availability Zone for an instance to ensure that the Availability Zone supports the creation of Memcache resource specifications.",
      "AssociationProperty": "ALIYUN::ECS::Instance::ZoneId",
      "Label": "Zone ID"
    },
    "VPC": {
      "AssociationProperty": "ALIYUN::ECS::VPC::VPCId",
      "Type": "String",
      "Description": "Please search the ID starts with (vpc-xxx)from console-Virtual Private Cloud",
      "Label": "Existing VPC Instance ID"
    },
    "VSwitch": {
      "AssociationProperty": "ALIYUN::ECS::VSwitch::VSwitchId",
      "Type": "String",
      "Description": "Please search the business VSwitch ID starts with(vsw-xxx)from console-Virtual Private Cloud-VSwitches",
      "Label": "Existing VSwitch ID",
      "AssociationPropertyMetadata": {
        "VpcId": "VPC",
        "ZoneId": "ZoneId"
      }
    }
  },
  "Resources": {
    "ServiceMesh": {
      "Type": "ALIYUN::ASM::ServiceMesh",
      "Properties": {
        "VpcId": {
          "Ref": "VPC"
        },
        "VSwitches": [
          {
            "Ref": "VSwitch"
          }
        ]
      }
    }
  },
  "Outputs": {
    "ServiceMeshId": {
      "Description": "The ID of the ASM instance.",
      "Value": {
        "Fn::GetAtt": [
          "ServiceMesh",
          "ServiceMeshId"
        ]
      }
    }
  }
}