All Products
Search
Document Center

Alibaba Cloud Service Mesh:DescribeNamespaceScopeSidecarConfig

Last Updated:Feb 11, 2026

Call DescribeNamespaceScopeSidecarConfig to query the namespace-level sidecar configuration.

Operation description

Use DescribeASMSidecarExpectedVersion to query the expected version of a sidecar in the Service Mesh (ASM) data plane. For example, say a Pod has a v1.11 sidecar. You then upgrade the Service Mesh (ASM) instance to v1.12 but do not restart the Pod. Although the sidecar continues to run its actual version (v1.11), the DescribeASMSidecarExpectedVersion API returns the expected version: v1.12.

Try it now

Try this API in OpenAPI Explorer, no manual signing needed. Successful calls auto-generate SDK code matching your parameters. Download it with built-in credential security for local usage.

Test

RAM authorization

The table below describes the authorization required to call this API. You can define it in a Resource Access Management (RAM) policy. The table's columns are detailed below:

  • Action: The actions can be used in the Action element of RAM permission policy statements to grant permissions to perform the operation.

  • API: The API that you can call to perform the action.

  • Access level: The predefined level of access granted for each API. Valid values: create, list, get, update, and delete.

  • Resource type: The type of the resource that supports authorization to perform the action. It indicates if the action supports resource-level permission. The specified resource must be compatible with the action. Otherwise, the policy will be ineffective.

    • For APIs with resource-level permissions, required resource types are marked with an asterisk (*). Specify the corresponding Alibaba Cloud Resource Name (ARN) in the Resource element of the policy.

    • For APIs without resource-level permissions, it is shown as All Resources. Use an asterisk (*) in the Resource element of the policy.

  • Condition key: The condition keys defined by the service. The key allows for granular control, applying to either actions alone or actions associated with specific resources. In addition to service-specific condition keys, Alibaba Cloud provides a set of common condition keys applicable across all RAM-supported services.

  • Dependent action: The dependent actions required to run the action. To complete the action, the RAM user or the RAM role must have the permissions to perform all dependent actions.

Action

Access level

Resource type

Condition key

Dependent action

servicemesh:DescribeNamespaceScopeSidecarConfig

get

*All Resource

*

None

None

Request parameters

Parameter

Type

Required

Description

Example

ServiceMeshId

string

Yes

The Service Mesh (ASM) instance ID.

c7120e75a202d4fd8acb028a86b6a****

Namespace

string

No

The namespace.

default

Response elements

Element

Type

Description

Example

object

The response body.

RequestId

string

The request ID.

31d3a0f0-07ed-4f6e-9004-1804498c****

ConfigPatches

object

The Sidecar Proxy configurations for the namespace.

TerminationDrainDuration

string

The termination drain duration for the sidecar proxy.

6s

SidecarProxyInitResourceLimit

object

The resource limits for the sidecar proxy init container.

ResourceCPULimit

string

The CPU resource limit.

2000 m

ResourceMemoryLimit

string

The memory resource limit.

50 Mi

SidecarProxyInitResourceRequest

object

The resource requests for the sidecar proxy init container.

ResourceCPURequest

string

The CPU resource request.

60 m

ResourceMemoryRequest

string

The memory resource request.

30 Mi

SidecarProxyResourceLimit

object

The resource limits for the sidecar proxy container.

ResourceCPULimit

string

The CPU resource limit.

2000 m

ResourceMemoryLimit

string

The memory resource limit.

50 Mi

SidecarProxyResourceRequest

object

The resource requests for the sidecar proxy container.

ResourceCPURequest

string

The CPU resource request.

60 m

ResourceMemoryRequest

string

The Memory Resource Request.

30 Mi

ExcludeOutboundPorts

string

The outbound traffic ports to exclude from sidecar proxy interception.

81

ExcludeOutboundIPRanges

string

The outbound traffic IP ranges to exclude from sidecar proxy interception.

192.168.1.3/31

IncludeOutboundIPRanges

string

The outbound traffic IP ranges to include in sidecar proxy interception.

192.168.1.4/31

ExcludeInboundPorts

string

The inbound traffic ports to exclude from sidecar proxy interception.

82

IncludeInboundPorts

string

The inbound traffic ports to include in sidecar proxy interception.

83

IncludeOutboundPorts

string

The outbound traffic ports to include in sidecar proxy interception.

84

IstioDNSProxyEnabled

boolean

Specifies whether to enable the DNS proxy feature. Valid values:

  • true: Enables the DNS proxy feature.

  • false: Disables the DNS proxy feature.

true

LifecycleStr

string

The lifecycle of the sidecar proxy, defined as a JSON string.

{"postStart":{"exec":{"command":["pilot-agent","wait"]}},"preStop":{"exec":{"command":["/bin/sh","-c","sleep 15"]}}}

Concurrency

integer

The number of worker threads for the istio-proxy.

2

LogLevel

string

The log level. Valid values: info, debug, trace, and error.

info

HoldApplicationUntilProxyStarts

boolean

Specifies whether the application container should wait for the istio-proxy container to be ready before starting. Valid values:

  • true: Wait for the istio-proxy container to be ready.

  • false: Do not wait for the istio-proxy container to be ready.

true

ProxyStatsMatcher

object

The metrics for Envoy monitoring.

InclusionPrefixes

array

The prefixes for the metrics to be included in Envoy monitoring.

string

A prefix for the metrics to be included in Envoy monitoring.

server

InclusionSuffixes

array

The suffixes for the metrics to be included in Envoy monitoring.

string

A suffix for the metrics to be included in Envoy monitoring.

cluster.outbound

InclusionRegexps

array

The regular expressions for including metrics in Envoy monitoring.

string

A regular expression for including metrics in Envoy monitoring.

listener.*.downstream_cx_total

Tracing

object

The custom tracing configurations.

Sampling

number

The sampling rate for tracing.

99.8

CustomTags

object

The custom tags to add to reported traces. The key is the custom tag name. The value is a JSON object that defines how to obtain the tag's value. You can source the value in one of the following ways:

  • literal: The tag has a static value. The JSON object must contain a value field to specify the literal value. For example: {"value":"test"}.

  • header: The tag takes its value from a request header. The JSON object must contain name and defaultValue fields. The name field specifies the name of the request header, and the defaultValue field provides a fallback value. For example: {"name":"test","defaultValue":"test"}.

  • environment: The tag takes its value from an environment variable. The JSON object must contain name and defaultValue fields. The name field specifies the name of the environment variable, and the defaultValue field provides a fallback value. For example: {"name":"test","defaultValue":"test"}.

{"test":{"literal":{"value":"test"}}}

MaxPathTagLength

integer

The maximum length of the tracing tag.

10

InterceptionMode

string

The traffic interception mode for the sidecar. Valid values:

  • REDIRECT: The default mode. The sidecar proxy uses iptables redirection to intercept traffic.

  • TPROXY: The transparent proxy mode. The sidecar proxy uses TPROXY to intercept traffic.

TPROXY

ProxyMetadata

object

Additional environment variables for the sidecar proxy. The keys are the variable names and the values are their corresponding values.

string

The value of an additional environment variable.

"true"

SidecarProxyInitAckSloResource

object

The resource limit and resource request for the sidecar proxy init container, specified as ACK (Alibaba Cloud Container Service for Kubernetes) dynamic overcommitment resources. These settings apply if the pod has the ACK dynamic overcommitment label labelkoordinator.sh/qosClass.

Requests

object

The resource requests for the sidecar proxy init container, specified as ACK dynamic overcommitment resources. These settings apply when the pod has the ACK dynamic overcommitment label labelkoordinator.sh/qosClass. The object can contain keys for the following resource types:

  • kubernetes.io/batch-cpu: The CPU resources of the ACK overcommitment type. Unit: millicores.

  • kubernetes.io/batch-memory: The memory resources of the ACK overcommitment type.

string

The value of the resource request for the sidecar proxy init container.

128Mi

Limits

object

The resource limits for the sidecar proxy init container, specified as ACK dynamic overcommitment resources. These settings apply when the pod has the ACK dynamic overcommitment label labelkoordinator.sh/qosClass. The object can contain keys for the following resource types:

  • kubernetes.io/batch-cpu: The CPU resources of the ACK overcommitment type. Unit: millicores.

  • kubernetes.io/batch-memory: The memory resources of the ACK overcommitment type.

string

The value of the resource limit for the sidecar proxy init container.

2048Mi

SidecarProxyAckSloResource

object

The resource settings for the sidecar proxy container, specified as ACK dynamic overcommitment resources. These settings are used when the pod has the ACK dynamic overcommitment label labelkoordinator.sh/qosClass.

Requests

object

The resource requests for the sidecar proxy container, specified as ACK dynamic overcommitment resources. These settings apply when the pod has the ACK dynamic overcommitment label labelkoordinator.sh/qosClass. The object can contain keys for the following resource types:

  • kubernetes.io/batch-cpu: The CPU resources of the ACK overcommitment type. Unit: millicores.

  • kubernetes.io/batch-memory: The memory resources of the ACK overcommitment type.

string

The value of the resource request for the sidecar proxy container.

128Mi

Limits

object

The resource limits for the sidecar proxy container, specified as ACK dynamic overcommitment resources. These settings apply when the pod has the ACK dynamic overcommitment label labelkoordinator.sh/qosClass. The object can contain keys for the following resource types:

  • kubernetes.io/batch-cpu: The CPU resources of the ACK overcommitment type. Unit: millicores.

  • kubernetes.io/batch-memory: The memory resources of the ACK overcommitment type.

string

The value of the resource limit for the sidecar proxy container.

2048Mi

Privileged

boolean

Specifies whether to run the sidecar proxy container in privileged mode. Valid values:

  • true: The sidecar proxy container runs in privileged mode.

  • false: The sidecar proxy container does not run in privileged mode.

false

EnableCoreDump

boolean

Specifies whether to enable core dump for the sidecar proxy container. Valid values:

  • true: Enables core dump.

  • false: Disables core dump.

false

ReadinessInitialDelaySeconds

integer

The delay in seconds before the first readiness probe is run on the sidecar proxy container.

2

ReadinessPeriodSeconds

integer

The interval in seconds between readiness probes for the sidecar proxy container.

3

ReadinessFailureThreshold

integer

The number of consecutive failed readiness probes before the sidecar proxy container is marked as not ready.

5

SMCConfiguration

object

The configurations for SMC-R optimization.

Enabled

boolean

Enables or disables SMC-R optimization. SMC-R improves cross-node communication performance and requires Alibaba Cloud Linux 3 and an elastic Remote Direct Memory Access (eRDMA) network device on the node.

true

RuntimeValues

object

The runtime parameters for the Envoy proxy.

string

The value of an Envoy runtime parameter.

"65536"

ScaledSidecarResource

object

The settings for dynamically scaling sidecar resources based on a specified percentage.

ResourceCalculationStrategy

string

The calculation strategy for sidecar resources.

ContainerRef

string

The baseline container for calculating sidecar resources.

ResourcePercentage

integer

The resource percentage for the sidecar.

Examples

Success response

JSON format

{
  "RequestId": "31d3a0f0-07ed-4f6e-9004-1804498c****",
  "ConfigPatches": {
    "TerminationDrainDuration": "6s",
    "SidecarProxyInitResourceLimit": {
      "ResourceCPULimit": "2000 m",
      "ResourceMemoryLimit": "50 Mi"
    },
    "SidecarProxyInitResourceRequest": {
      "ResourceCPURequest": "60 m",
      "ResourceMemoryRequest": "30 Mi"
    },
    "SidecarProxyResourceLimit": {
      "ResourceCPULimit": "2000 m",
      "ResourceMemoryLimit": "50 Mi"
    },
    "SidecarProxyResourceRequest": {
      "ResourceCPURequest": "60 m",
      "ResourceMemoryRequest": "30 Mi"
    },
    "ExcludeOutboundPorts": "81",
    "ExcludeOutboundIPRanges": "192.168.1.3/31",
    "IncludeOutboundIPRanges": "192.168.1.4/31",
    "ExcludeInboundPorts": "82",
    "IncludeInboundPorts": "83",
    "IncludeOutboundPorts": "84",
    "IstioDNSProxyEnabled": true,
    "LifecycleStr": "{\"postStart\":{\"exec\":{\"command\":[\"pilot-agent\",\"wait\"]}},\"preStop\":{\"exec\":{\"command\":[\"/bin/sh\",\"-c\",\"sleep 15\"]}}}",
    "Concurrency": 2,
    "LogLevel": "info",
    "HoldApplicationUntilProxyStarts": true,
    "ProxyStatsMatcher": {
      "InclusionPrefixes": [
        "server"
      ],
      "InclusionSuffixes": [
        "cluster.outbound"
      ],
      "InclusionRegexps": [
        "listener.*.downstream_cx_total"
      ]
    },
    "Tracing": {
      "Sampling": 99.8,
      "CustomTags": {
        "test": {
          "literal": {
            "value": "test"
          }
        }
      },
      "MaxPathTagLength": 10
    },
    "InterceptionMode": "TPROXY",
    "ProxyMetadata": {
      "key": "\"true\""
    },
    "SidecarProxyInitAckSloResource": {
      "Requests": {
        "key": "128Mi"
      },
      "Limits": {
        "key": "2048Mi"
      }
    },
    "SidecarProxyAckSloResource": {
      "Requests": {
        "key": "128Mi"
      },
      "Limits": {
        "key": "2048Mi"
      }
    },
    "Privileged": false,
    "EnableCoreDump": false,
    "ReadinessInitialDelaySeconds": 2,
    "ReadinessPeriodSeconds": 3,
    "ReadinessFailureThreshold": 5,
    "SMCConfiguration": {
      "Enabled": true
    },
    "RuntimeValues": {
      "key": "\"65536\""
    },
    "ScaledSidecarResource": {
      "ResourceCalculationStrategy": "",
      "ContainerRef": "",
      "ResourcePercentage": 0
    }
  }
}

Error codes

See Error Codes for a complete list.

Release notes

See Release Notes for a complete list.