metadata.name |
The name of the ingress gateway service. The generated Kubernetes service and deployment
are both named istio-{The value of the metadata.name parameter}.
|
N/A |
metadata.namespace |
The namespace of the generated Kubernetes service and deployment.
Notice To ensure that the generated Kubernetes service and deployment are available in Istio
1.6 and later, the namespace must be istio-system.
|
istio-system |
clusterIds |
The IDs of the clusters in which you want to deploy the ingress gateway service. The
value is an array. The clusters must be managed in the current ASM instance.
|
N/A |
cpu.targetAverageUtilization |
The maximum CPU utilization that is supported by Horizontal Pod Autoscaler (HPA).
|
80 |
env |
The environment variables of the pod of the ingress gateway service. The value is
an array.
|
N/A |
externalTrafficPolicy |
Specifies whether the ingress gateway service routes inbound traffic to node-local
or cluster-wide endpoints. Valid values: Cluster and Local .
|
Local |
ports |
The ports and protocols that are defined for the pod of the ingress gateway service.
The value is an array. Example:
name: http2 port: 80 targetPort: 80 protocol: HTTP2
name: https port: 443 targetPort: 443 protocol: HTTPS
Note In versions earlier than 1.9.7.107, the protocol attribute field is not specified
and must be uniformly set to TCP.
|
N/A |
replicaCount |
The number of replicas. |
1 |
configVolumes |
The information about the ConfigMap volume that is mounted to the pod of the ingress
gateway service. Example:- name: config-volume-lua
configMapName: lua-libs
mountPath: /var/lib/lua
|
|
resources |
The resource configurations of the pod of the ingress gateway service. |
|
sds.enabled |
Specifies whether to enable software-defined storage (SDS). |
false |
sds.resources |
The resource configurations of the pod that is used for SDS, provided that SDS is
enabled.
|
- requests:
- requests:
- cpu: 2000m
- memory: 1024Mi
|
secretVolumes |
The information about the secret volume that is mounted to the pod of the ingress
gateway service. Example:- name: myexample-customingressgateway-certs
secretName: istio-myexample-customingressgateway-certs
mountPath: /etc/istio/myexample-customingressgateway-certs
|
N/A |
serviceType |
The type of the ingress gateway service. Valid values: LoadBalancer , Nodeport , and ClusterIP .
|
LoadBalancer |
serviceAnnotations |
The annotations of the ingress gateway service. Example: service.beta.kubernetes.io/alibaba-cloud-loadbalancer-connection-drain: 'on' service.beta.kubernetes.io/alibaba-cloud-loadbalancer-connection-drain-timeout:
'20' .
|
N/A |
serviceLabels |
The labels of the ingress gateway service. |
N/A |
podAnnotations |
The annotations of the pod of the ingress gateway service. |
N/A |
rollingMaxSurge |
The maximum number of pods that are scheduled above the expected number of replicas
during a rolling upgrade. The value can be an absolute value or a percentage.
|
"100%" |
rollingMaxUnavailable |
The maximum number of unavailable pods during a rolling upgrade. The value can be
an absolute value or a percentage.
|
"25%" |
overrides |
Configures distinct settings for specific clusters. This parameter is available when
the clusterIds parameter specifies two or more clusters. You can use this parameter when you want
to configure specific clusters with settings that are different from the preceding
cluster settings. The value is of the MAP type that contains key-value pairs.
Note
key : a cluster ID that is specified in the clusterIds parameter.
value : assignments of the serviceAnnotations , resources , and replicaCount parameters.
|
N/A |
kernel.enabled |
Specifies whether to enable custom kernel parameters. |
false |
kernel.parameters |
The kernel parameters. The following kernel parameters are supported:
Notice
Specific kernel parameters that are supported by ASM may become invalid due to the
kernel version of the host. If the situation occurs, the pod of the ingress gateway
service may report errors.
You can run the kubectl describe pod command to view the errors that are reported by the pod of the ingress gateway service.
After you delete invalid parameters, containers can start as expected.
The values of all the kernel parameters must be of the STRING type. YAML recognizes
numbers as numeric values. Therefore, you must enclose each value in double quotation
marks ("). Example: net.core.somaxconn: "65535".
net.core.somaxconn
net.core.netdev_max_backlog
net.ipv4.tcp_rmem
net.ipv4.tcp_wmem
net.ipv4.ip_local_port_range
net.ipv4.tcp_fin_timeout
net.ipv4.tcp_tw_timeout
net.ipv4.tcp_tw_reuse
net.ipv4.tcp_tw_recycle
net.ipv4.tcp_timestamps
net.ipv4.tcp_retries2
net.ipv4.tcp_slow_start_after_idle
net.ipv4.tcp_max_orphans
net.ipv4.tcp_max_syn_backlog
net.ipv4.tcp_no_metrics_save
net.ipv4.tcp_autocorking
kernel.printk
vm.swappiness
|
N/A |
compression.enabled |
Specifies whether to enable the compression feature for the ingress gateway service.
|
false |
compression.content_type |
The Content-Type headers to be compressed. Examples:
text/html
application/json
|
N/A |
compression.disable_on_etag_header |
Specifies whether to disable the compression feature when an HTTP response includes
the ETag header. If the parameter is set to true , the compression feature is disabled when the ETag header is included in an HTTP
response.
|
false |
compression.min_content_length |
The threshold at which compression is triggered. The parameter value indicates the
size of the Content-Length header.
|
30 |
compression.remove_accept_encoding_header |
- Specifies whether to remove the Accept-Encoding header from an HTTP request that is
sent by a client before the ingress gateway service forwards the HTTP request to an
upstream server. If the parameter is set to
true , the Accept-Encoding header is removed from the HTTP request.
- If the parameter is set to
false , the Accept-Encoding header is retained in the HTTP request.
|
false |
compression.gzip |
The compression format. Only the GZIP format is supported. If you want to enable the
compression feature, this parameter is required. If the default values are used for
all the other parameters, you must specify an empty value for this parameter. Example:
gzip: {} .
|
N/A |
compression.gzip.memory_level |
The memory usage level of the zlib library. Valid values: 1 to 9. A larger value of
this parameter results in higher memory usage but a higher compression speed and better
compression quality.
|
5 |
compression.gzip.compression_level |
The compression level that is used by the zlib library. Valid values:
Note DEFAULT_COMPRESSION is the default compression level. BEST_COMPRESSION indicates the
highest compression quality. BEST_SPEED indicates the highest compression speed.
- COMPRESSION_LEVEL_1 is equivalent to BEST_SPEED.
- COMPRESSION_LEVEL_9 is equivalent to BEST_COMPRESSION.
- COMPRESSION_LEVEL_6 is equivalent to DEFAULT_COMPRESSION.
COMPRESSION_LEVEL_1
COMPRESSION_LEVEL_2
COMPRESSION_LEVEL_3
COMPRESSION_LEVEL_4
COMPRESSION_LEVEL_5
COMPRESSION_LEVEL_6
COMPRESSION_LEVEL_7
COMPRESSION_LEVEL_8
COMPRESSION_LEVEL_9
DEFAULT_COMPRESSION
BEST_COMPRESSION
BEST_SPEED
|
DEFAULT_COMPRESSION |
compression.gzip.compression_strategy |
The compression policy that is used by the zlib library. Valid values:
FILTERED
FIXED
HUFFMAN_ONLY
RLE
|
DEFAULT_STRATEGY |
compression.gzip.window_bits |
The window size of the zlib library. Valid values: 9 to 15. |
12 |
compression.gzip.chunk_size |
The output buffer size of the zlib library. |
4096 |
hostNetwork |
Specifies whether to allow the pod of the ingress gateway service to access the network
namespace of the host. If you set the hostNetwork parameter to true , the pod of the ingress gateway service is allowed to access the network namespace
of the host.
|
false |
dnsPolicy |
The Domain Name System (DNS) policy set for the pod of the ingress gateway service.
For more information about DNS policies, see DNS for Services and Pods.
|
ClusterFirst |