This topic describes how to modify the configurations of an ingress gateway service in Alibaba Cloud Service Mesh (ASM).
Prerequisites
Procedure
- Log on to the ASM console.
- In the left-side navigation pane, choose Service Mesh > Mesh Management.
- On the Mesh Management page, find the ASM instance that you want to configure. Click the name of the ASM instance or click Manage in the Actions column.
- On the details page of the ASM instance, click ASM Gateways in the left-side navigation pane.
- On the ASM Gateways page, click YAML in the Actions column of the ingress gateway service that you want to modify.
- In the Edit panel, modify the parameters as required and click OK. The following table describes the parameters.
Table 1. Parameters Parameter Description Default value metadata.name The name of the ingress gateway service. The generated Kubernetes service and deployment are both named istio-{The value of the metadata.name parameter}. N/A metadata.namespace The namespace of the generated Kubernetes service and deployment. Notice To ensure that the generated Kubernetes service and deployment are available in Istio 1.6 and later, the namespace must be istio-system.istio-system clusterIds The IDs of the clusters in which you want to deploy the ingress gateway service. The value is an array. The clusters must be managed in the current ASM instance. N/A cpu.targetAverageUtilization The maximum CPU utilization that is supported by Horizontal Pod Autoscaler (HPA). 80 env The environment variables of the pod of the ingress gateway service. The value is an array. N/A externalTrafficPolicy Specifies whether the ingress gateway service routes inbound traffic to node-local or cluster-wide endpoints. Valid values: Cluster
andLocal
.Local ports The ports and protocols that are defined for the pod of the ingress gateway service. The value is an array. Example: name: http2 port: 80 targetPort: 80 protocol: HTTP2
name: https port: 443 targetPort: 443 protocol: HTTPS
Note In versions earlier than 1.9.7.107, the protocol attribute field is not specified and must be uniformly set to TCP.N/A replicaCount The number of replicas. 1 configVolumes The information about the ConfigMap volume that is mounted to the pod of the ingress gateway service. Example: - name: config-volume-lua configMapName: lua-libs mountPath: /var/lib/lua
resources The resource configurations of the pod of the ingress gateway service. - limits:
- cpu: '2'
- memory: 2G
- requests:
- cpu: 200m
- memory: 256Mi
sds.enabled Specifies whether to enable software-defined storage (SDS). false sds.resources The resource configurations of the pod that is used for SDS, provided that SDS is enabled. - requests:
- cpu: 100m
- memory: 128Mi
- requests:
- cpu: 2000m
- memory: 1024Mi
secretVolumes The information about the secret volume that is mounted to the pod of the ingress gateway service. Example: - name: myexample-customingressgateway-certs secretName: istio-myexample-customingressgateway-certs mountPath: /etc/istio/myexample-customingressgateway-certs
N/A serviceType The type of the ingress gateway service. Valid values: LoadBalancer
,Nodeport
, andClusterIP
.LoadBalancer serviceAnnotations The annotations of the ingress gateway service. Example: service.beta.kubernetes.io/alibaba-cloud-loadbalancer-connection-drain: 'on' service.beta.kubernetes.io/alibaba-cloud-loadbalancer-connection-drain-timeout: '20'
.Note For more information about common annotations, see Use annotations to configure load balancing.N/A serviceLabels The labels of the ingress gateway service. N/A podAnnotations The annotations of the pod of the ingress gateway service. N/A rollingMaxSurge The maximum number of pods that are scheduled above the expected number of replicas during a rolling upgrade. The value can be an absolute value or a percentage. "100%" rollingMaxUnavailable The maximum number of unavailable pods during a rolling upgrade. The value can be an absolute value or a percentage. "25%" overrides Configures distinct settings for specific clusters. This parameter is available when the clusterIds
parameter specifies two or more clusters. You can use this parameter when you want to configure specific clusters with settings that are different from the preceding cluster settings. The value is of the MAP type that contains key-value pairs.Notekey
: a cluster ID that is specified in theclusterIds
parameter.value
: assignments of theserviceAnnotations
,resources
, andreplicaCount
parameters.
N/A kernel.enabled Specifies whether to enable custom kernel parameters. false kernel.parameters The kernel parameters. The following kernel parameters are supported: NoticeSpecific kernel parameters that are supported by ASM may become invalid due to the kernel version of the host. If the situation occurs, the pod of the ingress gateway service may report errors.
You can run the
kubectl describe pod
command to view the errors that are reported by the pod of the ingress gateway service. After you delete invalid parameters, containers can start as expected.The values of all the kernel parameters must be of the STRING type. YAML recognizes numbers as numeric values. Therefore, you must enclose each value in double quotation marks ("). Example: net.core.somaxconn: "65535".
net.core.somaxconn
net.core.netdev_max_backlog
net.ipv4.tcp_rmem
net.ipv4.tcp_wmem
net.ipv4.ip_local_port_range
net.ipv4.tcp_fin_timeout
net.ipv4.tcp_tw_timeout
net.ipv4.tcp_tw_reuse
net.ipv4.tcp_tw_recycle
net.ipv4.tcp_timestamps
net.ipv4.tcp_retries2
net.ipv4.tcp_slow_start_after_idle
net.ipv4.tcp_max_orphans
net.ipv4.tcp_max_syn_backlog
net.ipv4.tcp_no_metrics_save
net.ipv4.tcp_autocorking
kernel.printk
vm.swappiness
N/A compression.enabled Specifies whether to enable the compression feature for the ingress gateway service. false compression.content_type The Content-Type headers to be compressed. Examples: text/html
application/json
N/A compression.disable_on_etag_header Specifies whether to disable the compression feature when an HTTP response includes the ETag header. If the parameter is set to
true
, the compression feature is disabled when the ETag header is included in an HTTP response.false compression.min_content_length The threshold at which compression is triggered. The parameter value indicates the size of the Content-Length header. 30 compression.remove_accept_encoding_header - Specifies whether to remove the Accept-Encoding header from an HTTP request that is
sent by a client before the ingress gateway service forwards the HTTP request to an
upstream server. If the parameter is set to
true
, the Accept-Encoding header is removed from the HTTP request. - If the parameter is set to
false
, the Accept-Encoding header is retained in the HTTP request.
false compression.gzip The compression format. Only the GZIP format is supported. If you want to enable the compression feature, this parameter is required. If the default values are used for all the other parameters, you must specify an empty value for this parameter. Example: gzip: {}
.N/A compression.gzip.memory_level The memory usage level of the zlib library. Valid values: 1 to 9. A larger value of this parameter results in higher memory usage but a higher compression speed and better compression quality. 5 compression.gzip.compression_level The compression level that is used by the zlib library. Valid values: Note DEFAULT_COMPRESSION is the default compression level. BEST_COMPRESSION indicates the highest compression quality. BEST_SPEED indicates the highest compression speed.- COMPRESSION_LEVEL_1 is equivalent to BEST_SPEED.
- COMPRESSION_LEVEL_9 is equivalent to BEST_COMPRESSION.
- COMPRESSION_LEVEL_6 is equivalent to DEFAULT_COMPRESSION.
COMPRESSION_LEVEL_1
COMPRESSION_LEVEL_2
COMPRESSION_LEVEL_3
COMPRESSION_LEVEL_4
COMPRESSION_LEVEL_5
COMPRESSION_LEVEL_6
COMPRESSION_LEVEL_7
COMPRESSION_LEVEL_8
COMPRESSION_LEVEL_9
DEFAULT_COMPRESSION
BEST_COMPRESSION
BEST_SPEED
DEFAULT_COMPRESSION compression.gzip.compression_strategy The compression policy that is used by the zlib library. Valid values: FILTERED
FIXED
HUFFMAN_ONLY
RLE
DEFAULT_STRATEGY compression.gzip.window_bits The window size of the zlib library. Valid values: 9 to 15. 12 compression.gzip.chunk_size The output buffer size of the zlib library. 4096 hostNetwork Specifies whether to allow the pod of the ingress gateway service to access the network namespace of the host. If you set the hostNetwork
parameter totrue
, the pod of the ingress gateway service is allowed to access the network namespace of the host.false dnsPolicy The Domain Name System (DNS) policy set for the pod of the ingress gateway service. For more information about DNS policies, see DNS for Services and Pods. ClusterFirst