Creates an Alibaba Cloud Service Mesh (ASM) instance.

Debugging

OpenAPI Explorer automatically calculates the signature value. For your convenience, we recommend that you call this operation in OpenAPI Explorer. OpenAPI Explorer dynamically generates the sample code of the operation for different SDKs.

Request parameters

Parameter Type Required Example Description
Action String Yes CreateServiceMesh

The operation that you want to perform. Set the value to CreateServiceMesh.

RegionId String Yes cn-hangzhou

The ID of the region in which the ASM instance to be created resides.

IstioVersion String No v1.5.4.1-g5960ec40-aliyun

The Istio version of the ASM instance.

VpcId String Yes vpc-xzelac2tw4ic7wz31****

The ID of the virtual private cloud (VPC).

ApiServerPublicEip Boolean No false

Specifies whether to expose the API server to the Internet. Valid values:

  • true: exposes the API server to the Internet.
  • false: does not expose the API server to the Internet.

Default value: false.

Note If you do not set this parameter, the API server of the clusters for the ASM instance cannot be accessed from the Internet.
Tracing Boolean No false

Specifies whether to enable the tracing feature. To enable this feature, make sure that you have activated Tracing Analysis. Valid values:

  • true: enables the tracing feature.
  • false: disables the tracing feature.

Default value: false.

Name String No mesh1

The name of the ASM instance.

VSwitches String Yes ["vsw-xzegf5dndkbf4m6eg****"]

The ID of the vSwitch.

TraceSampling Float No 100

The sampling percentage of tracing.

CustomizedZipkin Boolean No false

Specifies whether to export the tracing data of ASM to a custom Zipkin system. Valid values:

  • true: exports the tracing data of ASM to a custom Zipkin system.
  • false: does not export the tracing data of ASM to a custom Zipkin system.

Default value: false.

LocalityLoadBalancing Boolean No false

Specifies whether to route traffic to the nearest instance. Valid values:

  • true: routes traffic to the nearest instance.
  • false: does not route traffic to the nearest instance.

Default value: false.

LocalityLBConf String No null

The configurations for the access to the nearest instance.

Telemetry Boolean No false

Specifies whether to enable Prometheus monitoring. We recommend that you use Prometheus Service of Application Real-Time Monitoring Service (ARMS). Valid values:

  • true: enables Prometheus monitoring.
  • false: disables Prometheus monitoring.

Default value: false.

OpenAgentPolicy Boolean No false

Specifies whether to install the Open Policy Agent (OPA) plug-in. Valid values:

  • true: installs the OPA plug-in.
  • false: does not install the OPA plug-in.

Default value: false.

OPALogLevel String No info

The log level of OPA.

OPARequestCPU String No 1

The number of CPU cores that are requested by OPA. You can represent the parameter value in the standard representation form of CPUs in Kubernetes. For example, a value of 1 represents one CPU core.

OPARequestMemory String No 512Mi

The size of the memory that is requested by OPA. You can represent the parameter value in the standard representation form of memory in Kubernetes. For example, a value of 1Mi represents a memory size of 1,024 KB.

OPALimitCPU String No 2

The maximum number of CPU cores that are available for OPA.

OPALimitMemory String No 1024Mi

The maximum size of the memory that is available for OPA. You can represent the parameter value in the standard representation form of memory in Kubernetes. For example, a value of 1Mi represents a memory size of 1,024 KB.

EnableAudit Boolean No false

Specifies whether to enable the mesh audit feature. To enable this feature, make sure that you have activated Log Service. Valid values:

  • true: enables the mesh audit feature.
  • false: disables the mesh audit feature.

Default value: false.

AuditProject String No mesh-log-xxxx

The name of the Log Service project that is used for mesh audit.

Default value: mesh-log-{ASM instance ID}.

ProxyRequestCPU String No 100m

The number of CPU cores that are requested by the proxy container.

ProxyRequestMemory String No 128Mi

The size of the memory that is requested by the proxy container.

ProxyLimitCPU String No 2000m

The maximum number of CPU cores that are available for the proxy container.

ProxyLimitMemory String No 1024Mi

The maximum size of the memory that is available for the proxy container.

IncludeIPRanges String No *

The IP addresses that are denied to access external services.

ExcludeIPRanges String No 100.100.10*.***

The IP addresses that are allowed to access external services.

ExcludeOutboundPorts String No 80,81

The outbound ports. Separate multiple port numbers with commas (,).

ExcludeInboundPorts String No 80,81

The inbound ports. Separate multiple port numbers with commas (,).

OpaEnabled Boolean No false

Specifies whether to enable the OPA plug-in. Valid values:

  • true: enables the OPA plug-in.
  • false: disables the OPA plug-in.

Default value: false.

KialiEnabled Boolean No false

Specifies whether to enable Kiali. To enable Kiali, make sure that Prometheus monitoring is enabled. If Prometheus monitoring is disabled, the value of this parameter must be false. Valid values:

  • true: enables Kiali.
  • false: disables Kiali.

Default value: false.

AccessLogEnabled Boolean No false

Specifies whether to enable access log collection. Valid values:

  • true: enables access log collection.
  • false: disables access log collection.

Default value: false.

CustomizedPrometheus Boolean No false

Specifies whether to use a custom Prometheus instance. Valid values:

  • true: uses a custom Prometheus instance.
  • false: does not use a custom Prometheus instance.

Default value: false.

PrometheusUrl String No http://prometheus:9090

The endpoint of the custom Prometheus instance.

RedisFilterEnabled Boolean No true

Specifies whether to enable Redis Filter. Valid values:

  • true: enables Redis Filter.
  • false: disables Redis Filter.

Default value: false.

MysqlFilterEnabled Boolean No false

Specifies whether to enable MySQL Filter. Valid values:

  • true: enables MySQL Filter.
  • false: disables MySQL Filter.

Default value: false.

ThriftFilterEnabled Boolean No false

Specifies whether to enable Thrift Filter. Valid values:

  • true: enables Thrift Filter.
  • false: disables Thrift Filter.

Default value: false.

WebAssemblyFilterEnabled Boolean No false

Specifies whether to enable WebAssembly Filter. Valid values:

  • true: enables WebAssembly Filter.
  • false: disables WebAssembly Filter.

Default value: false.

MSEEnabled Boolean No false

Specifies whether to enable Microservice Engine (MSE). Valid values:

  • true: enables MSE.
  • false: disables MSE.

Default value: false.

DNSProxyingEnabled Boolean No false

Specifies whether to enable the DNS proxy feature.

  • true: enables the DNS proxy feature.
  • false: disables the DNS proxy feature.

Default value: false.

Edition String No Pro

The edition of the ASM instance.

ConfigSourceEnabled Boolean No false

Specifies whether to enable service registry. Valid values:

  • true: enables service registry.
  • false: disables service registry.

Default value: false.

ConfigSourceNacosID String No mse-cn-tl326******

The instance ID of the Nacos registry.

DubboFilterEnabled Boolean No false

Specifies whether to enable Dubbo Filter. Valid values:

  • true: enables Dubbo Filter.
  • false: disables Dubbo Filter.

Default value: false.

FilterGatewayClusterConfig Boolean No false

Specifies whether to enable gateway configuration filtering. Valid values:

  • true: enables gateway configuration filtering.
  • false: disables gateway configuration filtering.

Default value: false.

EnableSDSServer Boolean No false

Specifies whether to enable Secret Discovery Service (SDS). Valid values:

  • true: enables SDS.
  • false: disables SDS.

Default value: false.

AccessLogServiceEnabled Boolean No false

Specifies whether to enable gRPC Access Log Service (ALS) for Envoy. Valid values:

  • true: enables gRPC ALS.
  • false: disables gRPC ALS.

Default value: false.

AccessLogServiceHost String No 0.0.0.0

The endpoint of gRPC ALS for Envoy.

AccessLogServicePort Integer No 9999

The port of gRPC ALS for Envoy.

GatewayAPIEnabled Boolean No false

Specifies whether to enable Gateway API. Valid values:

  • true: enables Gateway API.
  • false: disables Gateway API.

Default value: false.

ControlPlaneLogEnabled Boolean No false

Specifies whether to enable the collection of control plane logs. Valid values:

  • true: enables the collection of control plane logs.
  • false: disables the collection of control plane logs.

Default value: false.

ControlPlaneLogProject String No mesh-log-cf245a429b6ff4b6e97f20797758*****

The name of the Log Service project that is used to collect the logs of the control plane.

AccessLogFormat String No null

The custom format of access logs. To set this parameter, you must enable access log collection. Otherwise, you cannot set this parameter. The value must be a JSON string and contain the following key values: authority_for, bytes_received, bytes_sent, downstream_local_address, downstream_remote_address, duration, istio_policy_status, method, path, protocol, requested_server_name, response_code, response_flags, route_name, start_time, trace_id, upstream_cluster, upstream_host, upstream_local_address, upstream_service_time, upstream_transport_failure_reason, user_agent, and x_forwarded_for.

AccessLogFile String No /dev/stdout

Specifies whether to enable access logging. Valid values:

  • "": disables access logging.
  • /dev/stdout: enables access logging. /dev/stdout indicates the file address of access logs.
AccessLogProject String No mesh-log-cf245a429b6ff4b6e97f20797758*****

The name of the Log Service project that is used to collect access logs.

EnableCRHistory Boolean No false

Specifies whether to enable the rollback feature for Istio resources.

  • true: enables the rollback feature for Istio resources.
  • false: disables the rollback feature for Istio resources.

Default value: false.

CRAggregationEnabled Boolean No false

Specifies whether to use the Kubernetes API of clusters on the data plane to access Istio resources. The version of the ASM instance must be V1.9.7.93 or later.

  • true: uses the Kubernetes API of clusters on the data plane to access Istio resources.
  • false: does not use the Kubernetes API of clusters on the data plane to access Istio resources.

Default value: false.

GlobalRateLimitEnabled Boolean No false

Specifies whether to enable Application High Availability Service (AHAS)-based throttling. Valid values:

  • true: enables AHAS-based throttling.
  • false: disables AHAS-based throttling.

Default value: false.

ApiServerLoadBalancerSpec String No slb.s1.small

The instance type of the Server Load Balancer (SLB) instance bound to the API server. Valid values: slb.s1.small, slb.s2.small, slb.s2.medium, slb.s3.small, slb.s3.medium, and slb.s3.large.

PilotLoadBalancerSpec String No slb.s1.small

The instance type of the pilot load balancer. Valid values: slb.s1.small, slb.s2.small, slb.s2.medium, slb.s3.small, slb.s3.medium, and slb.s3.large.

ChargeType String No PostPaid

The billing method of the SLB instance. Valid values:

  • PayOnDemand: pay-as-you-go
  • PrePaid: subscription
Period Integer No 3

The subscription period of the SLB instance. Unit: month. This parameter is valid only if the ChargeType parameter is set to PrePay. For example, if the subscription period is one year, set this parameter to 12.

AutoRenew Boolean No true

Specifies whether to enable auto-renewal for the SLB instance if the SLB instance uses the subscription billing method. Valid values:

  • true: enables auto-renewal.
  • false: disables auto-renewal.
AutoRenewPeriod Integer No 3

The auto-renewal period of the SLB instance. This parameter is valid only if the ChargeType parameter is set to PrePay. If the subscription period of the SLB instance is less than one year, the value of this parameter indicates the number of months for auto-renewal. If the subscription period of the SLB instance is more than one year, the value of this parameter indicates the number of years for auto-renewal.

ClusterSpec String No standard

The edition of the ASM instance. Valid values:

  • standard: Standard Edition
  • enterprise: Enterprise Edition
  • ultimate: Ultimate Edition
MultiBufferEnabled Boolean No true

Specifies whether to enable MultiBuffer-based Transport Layer Security (TLS) acceleration. Valid values:

  • true: enables MultiBuffer-based TLS acceleration.
  • false: disables MultiBuffer-based TLS acceleration.

Default value: true.

MultiBufferPollDelay String No 30s

The pull-request latency Default value: 30. Unit: seconds.

Response parameters

Parameter Type Example Description
RequestId String BD65C0AD-D3C6-48D3-8D93-38D2015C****

The ID of the request.

ServiceMeshId String c08ba3fd1e6484b0f8cc1ad8fe10d****

The ID of the ASM instance.

Examples

Sample requests

http(s)://[Endpoint]/?Action=CreateServiceMesh
&RegionId=cn-hangzhou
&IstioVersion=v1.5.4.1-g5960ec40-aliyun
&VpcId=vpc-xzelac2tw4ic7wz31****
&ApiServerPublicEip=false
&Tracing=false
&Name=mesh1
&VSwitches=["vsw-xzegf5dndkbf4m6eg****"]
&TraceSampling=100.0
&CustomizedZipkin=false
&LocalityLoadBalancing=false
&LocalityLBConf={"failover":[{"from":"cn-hangzhou","to":"cn-shanghai"}]}
&Telemetry=false
&OpenAgentPolicy=false
&OPALogLevel=info
&OPARequestCPU=1
&OPARequestMemory=512Mi
&OPALimitCPU=2
&OPALimitMemory=1024Mi
&EnableAudit=false
&AuditProject=mesh-log-xxxx
&ProxyRequestCPU=100m
&ProxyRequestMemory=128Mi
&ProxyLimitCPU=2000m
&ProxyLimitMemory=1024Mi
&IncludeIPRanges=*
&ExcludeIPRanges=100.100.100.100
&ExcludeOutboundPorts=80,81
&ExcludeInboundPorts=80,81
&OpaEnabled=false
&KialiEnabled=false
&AccessLogEnabled=false
&CustomizedPrometheus=false
&PrometheusUrl=http://prometheus:9090
&RedisFilterEnabled=true
&MysqlFilterEnabled=false
&ThriftFilterEnabled=false
&WebAssemblyFilterEnabled=false
&MSEEnabled=false
&DNSProxyingEnabled=false
&Edition=Pro
&ConfigSourceEnabled=false
&ConfigSourceNacosID=mse-cn-tl326******
&DubboFilterEnabled=false
&FilterGatewayClusterConfig=false
&EnableSDSServer=false
&AccessLogServiceEnabled=false
&AccessLogServiceHost=0.0.0.0
&AccessLogServicePort=9999
&GatewayAPIEnabled=false
&ControlPlaneLogEnabled=false
&ControlPlaneLogProject=mesh-log-cf245a429b6ff4b6e97f20797758*****
&AccessLogFormat={"authority_for":"%REQ(:AUTHORITY)%","bytes_received":"%BYTES_RECEIVED%","bytes_sent":"%BYTES_SENT%","downstream_local_address":"%DOWNSTREAM_LOCAL_ADDRESS%","downstream_remote_address":"%DOWNSTREAM_REMOTE_ADDRESS%","duration":"%DURATION%","istio_policy_status":"%DYNAMIC_METADATA(istio.mixer:status)%","method":"%REQ(:METHOD)%","path":"%REQ(X-ENVOY-ORIGINAL-PATH?:PATH)%","protocol":"%PROTOCOL%","request_id":"%REQ(X-REQUEST-ID)%","requested_server_name":"%REQUESTED_SERVER_NAME%","response_code":"%RESPONSE_CODE%","response_flags":"%RESPONSE_FLAGS%","route_name":"%ROUTE_NAME%","start_time":"%START_TIME%","trace_id":"%REQ(X-B3-TRACEID)%","upstream_cluster":"%UPSTREAM_CLUSTER%","upstream_host":"%UPSTREAM_HOST%","upstream_local_address":"%UPSTREAM_LOCAL_ADDRESS%","upstream_service_time":"%RESP(X-ENVOY-UPSTREAM-SERVICE-TIME)%","upstream_transport_failure_reason":"%UPSTREAM_TRANSPORT_FAILURE_REASON%","user_agent":"%REQ(USER-AGENT)%","x_forwarded_for":"%REQ(X-FORWARDED-FOR)%"}
&AccessLogFile=/dev/stdout
&AccessLogProject=mesh-log-cf245a429b6ff4b6e97f20797758*****
&EnableCRHistory=false
&CRAggregationEnabled=false
&<Common request parameters>

Sample success responses

XML format

HTTP/1.1 200 OK
Content-Type:application/xml

<CreateServiceMeshResponse>
    <RequestId>BD65C0AD-D3C6-48D3-8D93-38D2015C****</RequestId>
    <ServiceMeshId>c08ba3fd1e6484b0f8cc1ad8fe10d****</ServiceMeshId>
</CreateServiceMeshResponse>

JSON format

HTTP/1.1 200 OK
Content-Type:application/json

{
  "RequestId" : "BD65C0AD-D3C6-48D3-8D93-38D2015C****",
  "ServiceMeshId" : "c08ba3fd1e6484b0f8cc1ad8fe10d****"
}

Error codes

HttpCode Error code Error message Description
404 ERR404 Not found The error message returned because the requested resource does not exist.

For a list of error codes, visit the API Error Center.