DescribeNamespaceScopeSidecarConfig - Alibaba Cloud Service Mesh

Call DescribeNamespaceScopeSidecarConfig to query the namespace-level sidecar configuration.

Operation description

Use DescribeASMSidecarExpectedVersion to query the expected version of a sidecar in the Service Mesh (ASM) data plane. For example, say a Pod has a v1.11 sidecar. You then upgrade the Service Mesh (ASM) instance to v1.12 but do not restart the Pod. Although the sidecar continues to run its actual version (v1.11), the DescribeASMSidecarExpectedVersion API returns the expected version: v1.12.

Try it now

Try this API in OpenAPI Explorer, no manual signing needed. Successful calls auto-generate SDK code matching your parameters. Download it with built-in credential security for local usage.

Test

RAM authorization

The table below describes the authorization required to call this API. You can define it in a Resource Access Management (RAM) policy. The table's columns are detailed below:

Action: The actions can be used in the Action element of RAM permission policy statements to grant permissions to perform the operation.
API: The API that you can call to perform the action.
Access level: The predefined level of access granted for each API. Valid values: create, list, get, update, and delete.
Resource type: The type of the resource that supports authorization to perform the action. It indicates if the action supports resource-level permission. The specified resource must be compatible with the action. Otherwise, the policy will be ineffective.
- For APIs with resource-level permissions, required resource types are marked with an asterisk (*). Specify the corresponding Alibaba Cloud Resource Name (ARN) in the Resource element of the policy.
- For APIs without resource-level permissions, it is shown as All Resources. Use an asterisk (*) in the Resource element of the policy.
Condition key: The condition keys defined by the service. The key allows for granular control, applying to either actions alone or actions associated with specific resources. In addition to service-specific condition keys, Alibaba Cloud provides a set of common condition keys applicable across all RAM-supported services.
Dependent action: The dependent actions required to run the action. To complete the action, the RAM user or the RAM role must have the permissions to perform all dependent actions.

Action

Access level

Resource type

Condition key

Dependent action

servicemesh:DescribeNamespaceScopeSidecarConfig

get

*All Resource

*

None

Request parameters

Parameter	Type	Required	Description	Example
ServiceMeshId	string	Yes	The Service Mesh (ASM) instance ID.	c7120e75a202d4fd8acb028a86b6a****
Namespace	string	No	The namespace.	default

Response elements

Element	Type	Description	Example
	object	The response body.
RequestId	string	The request ID.	31d3a0f0-07ed-4f6e-9004-1804498c****
ConfigPatches	object	The Sidecar Proxy configurations for the namespace.
TerminationDrainDuration	string	The termination drain duration for the sidecar proxy.	6s
SidecarProxyInitResourceLimit	object	The resource limits for the sidecar proxy init container.
ResourceCPULimit	string	The CPU resource limit.	2000 m
ResourceMemoryLimit	string	The memory resource limit.	50 Mi
SidecarProxyInitResourceRequest	object	The resource requests for the sidecar proxy init container.
ResourceCPURequest	string	The CPU resource request.	60 m
ResourceMemoryRequest	string	The memory resource request.	30 Mi
SidecarProxyResourceLimit	object	The resource limits for the sidecar proxy container.
ResourceCPULimit	string	The CPU resource limit.	2000 m
ResourceMemoryLimit	string	The memory resource limit.	50 Mi
SidecarProxyResourceRequest	object	The resource requests for the sidecar proxy container.
ResourceCPURequest	string	The CPU resource request.	60 m
ResourceMemoryRequest	string	The Memory Resource Request.	30 Mi
ExcludeOutboundPorts	string	The outbound traffic ports to exclude from sidecar proxy interception.	81
ExcludeOutboundIPRanges	string	The outbound traffic IP ranges to exclude from sidecar proxy interception.	192.168.1.3/31
IncludeOutboundIPRanges	string	The outbound traffic IP ranges to include in sidecar proxy interception.	192.168.1.4/31
ExcludeInboundPorts	string	The inbound traffic ports to exclude from sidecar proxy interception.	82
IncludeInboundPorts	string	The inbound traffic ports to include in sidecar proxy interception.	83
IncludeOutboundPorts	string	The outbound traffic ports to include in sidecar proxy interception.	84
IstioDNSProxyEnabled	boolean	Specifies whether to enable the DNS proxy feature. Valid values: `true`: Enables the DNS proxy feature. `false`: Disables the DNS proxy feature.	true
LifecycleStr	string	The lifecycle of the sidecar proxy, defined as a JSON string.	{"postStart":{"exec":{"command":["pilot-agent","wait"]}},"preStop":{"exec":{"command":["/bin/sh","-c","sleep 15"]}}}
Concurrency	integer	The number of worker threads for the istio-proxy.	2
LogLevel	string	The log level. Valid values: `info`, `debug`, `trace`, and `error`.	info
HoldApplicationUntilProxyStarts	boolean	Specifies whether the application container should wait for the istio-proxy container to be ready before starting. Valid values: `true`: Wait for the istio-proxy container to be ready. `false`: Do not wait for the istio-proxy container to be ready.	true
ProxyStatsMatcher	object	The metrics for Envoy monitoring.
InclusionPrefixes	array	The prefixes for the metrics to be included in Envoy monitoring.
	string	A prefix for the metrics to be included in Envoy monitoring.	server
InclusionSuffixes	array	The suffixes for the metrics to be included in Envoy monitoring.
	string	A suffix for the metrics to be included in Envoy monitoring.	cluster.outbound
InclusionRegexps	array	The regular expressions for including metrics in Envoy monitoring.
	string	A regular expression for including metrics in Envoy monitoring.	listener.*.downstream_cx_total
Tracing	object	The custom tracing configurations.
Sampling	number	The sampling rate for tracing.	99.8
CustomTags	object	The custom tags to add to reported traces. The key is the custom tag name. The value is a JSON object that defines how to obtain the tag's value. You can source the value in one of the following ways: `literal`: The tag has a static value. The JSON object must contain a `value` field to specify the literal value. For example: `{"value":"test"}`. `header`: The tag takes its value from a request header. The JSON object must contain `name` and `defaultValue` fields. The `name` field specifies the name of the request header, and the `defaultValue` field provides a fallback value. For example: `{"name":"test","defaultValue":"test"}`. `environment`: The tag takes its value from an environment variable. The JSON object must contain `name` and `defaultValue` fields. The `name` field specifies the name of the environment variable, and the `defaultValue` field provides a fallback value. For example: `{"name":"test","defaultValue":"test"}`.	{"test":{"literal":{"value":"test"}}}
MaxPathTagLength	integer	The maximum length of the tracing tag.	10
InterceptionMode	string	The traffic interception mode for the sidecar. Valid values: `REDIRECT`: The default mode. The sidecar proxy uses iptables redirection to intercept traffic. `TPROXY`: The transparent proxy mode. The sidecar proxy uses TPROXY to intercept traffic.	TPROXY
ProxyMetadata	object	Additional environment variables for the sidecar proxy. The keys are the variable names and the values are their corresponding values.
	string	The value of an additional environment variable.	"true"
SidecarProxyInitAckSloResource	object	The resource limit and resource request for the sidecar proxy init container, specified as ACK (Alibaba Cloud Container Service for Kubernetes) dynamic overcommitment resources. These settings apply if the pod has the ACK dynamic overcommitment label `labelkoordinator.sh/qosClass`.
Requests	object	The resource requests for the sidecar proxy init container, specified as ACK dynamic overcommitment resources. These settings apply when the pod has the ACK dynamic overcommitment label `labelkoordinator.sh/qosClass`. The object can contain keys for the following resource types: `kubernetes.io/batch-cpu`: The CPU resources of the ACK overcommitment type. Unit: millicores. `kubernetes.io/batch-memory`: The memory resources of the ACK overcommitment type.
	string	The value of the resource request for the sidecar proxy init container.	128Mi
Limits	object	The resource limits for the sidecar proxy init container, specified as ACK dynamic overcommitment resources. These settings apply when the pod has the ACK dynamic overcommitment label `labelkoordinator.sh/qosClass`. The object can contain keys for the following resource types: `kubernetes.io/batch-cpu`: The CPU resources of the ACK overcommitment type. Unit: millicores. `kubernetes.io/batch-memory`: The memory resources of the ACK overcommitment type.
	string	The value of the resource limit for the sidecar proxy init container.	2048Mi
SidecarProxyAckSloResource	object	The resource settings for the sidecar proxy container, specified as ACK dynamic overcommitment resources. These settings are used when the pod has the ACK dynamic overcommitment label `labelkoordinator.sh/qosClass`.
Requests	object	The resource requests for the sidecar proxy container, specified as ACK dynamic overcommitment resources. These settings apply when the pod has the ACK dynamic overcommitment label `labelkoordinator.sh/qosClass`. The object can contain keys for the following resource types: `kubernetes.io/batch-cpu`: The CPU resources of the ACK overcommitment type. Unit: millicores. `kubernetes.io/batch-memory`: The memory resources of the ACK overcommitment type.
	string	The value of the resource request for the sidecar proxy container.	128Mi
Limits	object	The resource limits for the sidecar proxy container, specified as ACK dynamic overcommitment resources. These settings apply when the pod has the ACK dynamic overcommitment label `labelkoordinator.sh/qosClass`. The object can contain keys for the following resource types: `kubernetes.io/batch-cpu`: The CPU resources of the ACK overcommitment type. Unit: millicores. `kubernetes.io/batch-memory`: The memory resources of the ACK overcommitment type.
	string	The value of the resource limit for the sidecar proxy container.	2048Mi
Privileged	boolean	Specifies whether to run the sidecar proxy container in privileged mode. Valid values: `true`: The sidecar proxy container runs in privileged mode. `false`: The sidecar proxy container does not run in privileged mode.	false
EnableCoreDump	boolean	Specifies whether to enable core dump for the sidecar proxy container. Valid values: `true`: Enables core dump. `false`: Disables core dump.	false
ReadinessInitialDelaySeconds	integer	The delay in seconds before the first readiness probe is run on the sidecar proxy container.	2
ReadinessPeriodSeconds	integer	The interval in seconds between readiness probes for the sidecar proxy container.	3
ReadinessFailureThreshold	integer	The number of consecutive failed readiness probes before the sidecar proxy container is marked as not ready.	5
SMCConfiguration	object	The configurations for SMC-R optimization.
Enabled	boolean	Enables or disables SMC-R optimization. SMC-R improves cross-node communication performance and requires Alibaba Cloud Linux 3 and an elastic Remote Direct Memory Access (eRDMA) network device on the node.	true
RuntimeValues	object	The runtime parameters for the Envoy proxy.
	string	The value of an Envoy runtime parameter.	"65536"
ScaledSidecarResource	object	The settings for dynamically scaling sidecar resources based on a specified percentage.
ResourceCalculationStrategy	string	The calculation strategy for sidecar resources.
ContainerRef	string	The baseline container for calculating sidecar resources.
ResourcePercentage	integer	The resource percentage for the sidecar.

Examples

Success response

JSON format

{
  "RequestId": "31d3a0f0-07ed-4f6e-9004-1804498c****",
  "ConfigPatches": {
    "TerminationDrainDuration": "6s",
    "SidecarProxyInitResourceLimit": {
      "ResourceCPULimit": "2000 m",
      "ResourceMemoryLimit": "50 Mi"
    },
    "SidecarProxyInitResourceRequest": {
      "ResourceCPURequest": "60 m",
      "ResourceMemoryRequest": "30 Mi"
    },
    "SidecarProxyResourceLimit": {
      "ResourceCPULimit": "2000 m",
      "ResourceMemoryLimit": "50 Mi"
    },
    "SidecarProxyResourceRequest": {
      "ResourceCPURequest": "60 m",
      "ResourceMemoryRequest": "30 Mi"
    },
    "ExcludeOutboundPorts": "81",
    "ExcludeOutboundIPRanges": "192.168.1.3/31",
    "IncludeOutboundIPRanges": "192.168.1.4/31",
    "ExcludeInboundPorts": "82",
    "IncludeInboundPorts": "83",
    "IncludeOutboundPorts": "84",
    "IstioDNSProxyEnabled": true,
    "LifecycleStr": "{\"postStart\":{\"exec\":{\"command\":[\"pilot-agent\",\"wait\"]}},\"preStop\":{\"exec\":{\"command\":[\"/bin/sh\",\"-c\",\"sleep 15\"]}}}",
    "Concurrency": 2,
    "LogLevel": "info",
    "HoldApplicationUntilProxyStarts": true,
    "ProxyStatsMatcher": {
      "InclusionPrefixes": [
        "server"
      ],
      "InclusionSuffixes": [
        "cluster.outbound"
      ],
      "InclusionRegexps": [
        "listener.*.downstream_cx_total"
      ]
    },
    "Tracing": {
      "Sampling": 99.8,
      "CustomTags": {
        "test": {
          "literal": {
            "value": "test"
          }
        }
      },
      "MaxPathTagLength": 10
    },
    "InterceptionMode": "TPROXY",
    "ProxyMetadata": {
      "key": "\"true\""
    },
    "SidecarProxyInitAckSloResource": {
      "Requests": {
        "key": "128Mi"
      },
      "Limits": {
        "key": "2048Mi"
      }
    },
    "SidecarProxyAckSloResource": {
      "Requests": {
        "key": "128Mi"
      },
      "Limits": {
        "key": "2048Mi"
      }
    },
    "Privileged": false,
    "EnableCoreDump": false,
    "ReadinessInitialDelaySeconds": 2,
    "ReadinessPeriodSeconds": 3,
    "ReadinessFailureThreshold": 5,
    "SMCConfiguration": {
      "Enabled": true
    },
    "RuntimeValues": {
      "key": "\"65536\""
    },
    "ScaledSidecarResource": {
      "ResourceCalculationStrategy": "",
      "ContainerRef": "",
      "ResourcePercentage": 0
    }
  }
}

Error codes

See Error Codes for a complete list.

Release notes

See Release Notes for a complete list.