This topic describes how to modify the configurations of an ingress gateway service in Alibaba Cloud Service Mesh (ASM).

Prerequisites

An ingress gateway service is deployed in an ASM instance. For more information, see Deploy an ingress gateway service.

Procedure

  1. Log on to the ASM console.
  2. In the left-side navigation pane, choose Service Mesh > Mesh Management.
  3. On the Mesh Management page, find the ASM instance that you want to configure. Click the name of the ASM instance or click Manage in the Actions column.
  4. On the details page of the ASM instance, click ASM Gateways in the left-side navigation pane.
  5. On the ASM Gateways page, click YAML in the Actions column of the ingress gateway service that you want to modify.
  6. In the Edit panel, modify the parameters as required and click OK. The following table describes the parameters.
    Table 1. Parameters
    Parameter Description Default value
    metadata.name The name of the ingress gateway service. The generated Kubernetes service and deployment are both named istio-{The value of the metadata.name parameter}. N/A
    metadata.namespace The namespace of the generated Kubernetes service and deployment.
    Notice To ensure that the generated Kubernetes service and deployment are available in Istio 1.6 and later, the namespace must be istio-system.
    		istio-system
    clusterIds The IDs of the clusters in which you want to deploy the ingress gateway service. The value is an array. The clusters must be managed in the current ASM instance. N/A
    cpu.targetAverageUtilization The maximum CPU utilization that is supported by Horizontal Pod Autoscaler (HPA). 80
    env The environment variables of the pod of the ingress gateway service. The value is an array. N/A
    externalTrafficPolicy Specifies whether the ingress gateway service routes inbound traffic to node-local or cluster-wide endpoints. Valid values: Cluster and Local. Local
    ports The ports and protocols that are defined for the pod of the ingress gateway service. The value is an array. Example:
    • name: http2 port: 80 targetPort: 80 protocol: HTTP2
    • name: https port: 443 targetPort: 443 protocol: HTTPS
    Note In versions earlier than 1.9.7.107, the protocol attribute field is not specified and must be uniformly set to TCP.
    		N/A
    replicaCount The number of replicas. 1
    configVolumes The information about the ConfigMap volume that is mounted to the pod of the ingress gateway service. Example:
    - name: config-volume-lua
  configMapName: lua-libs
  mountPath: /var/lib/lua
    resources The resource configurations of the pod of the ingress gateway service.
    • limits:
      • cpu: '2'
      • memory: 2G
    • requests:
      • cpu: 200m
      • memory: 256Mi
    sds.enabled Specifies whether to enable software-defined storage (SDS). false
    sds.resources The resource configurations of the pod that is used for SDS, provided that SDS is enabled.
    • requests:
      • cpu: 100m
      • memory: 128Mi
    • requests:
      • cpu: 2000m
      • memory: 1024Mi
    secretVolumes The information about the secret volume that is mounted to the pod of the ingress gateway service. Example:
    - name: myexample-customingressgateway-certs 
  secretName: istio-myexample-customingressgateway-certs
  mountPath: /etc/istio/myexample-customingressgateway-certs
    		 N/A
    serviceType The type of the ingress gateway service. Valid values: LoadBalancer, Nodeport, and ClusterIP. LoadBalancer
    serviceAnnotations The annotations of the ingress gateway service. Example: service.beta.kubernetes.io/alibaba-cloud-loadbalancer-connection-drain: 'on' service.beta.kubernetes.io/alibaba-cloud-loadbalancer-connection-drain-timeout: '20'.
    Note For more information about common annotations, see Use annotations to configure load balancing.
    		N/A
    serviceLabels The labels of the ingress gateway service. N/A
    podAnnotations The annotations of the pod of the ingress gateway service. N/A
    rollingMaxSurge The maximum number of pods that are scheduled above the expected number of replicas during a rolling upgrade. The value can be an absolute value or a percentage. "100%"
    rollingMaxUnavailable The maximum number of unavailable pods during a rolling upgrade. The value can be an absolute value or a percentage. "25%"
    overrides Configures distinct settings for specific clusters. This parameter is available when the clusterIds parameter specifies two or more clusters. You can use this parameter when you want to configure specific clusters with settings that are different from the preceding cluster settings. The value is of the MAP type that contains key-value pairs.
    Note
    • key: a cluster ID that is specified in the clusterIds parameter.
    • value: assignments of the serviceAnnotations, resources, and replicaCount parameters.
    		N/A
    kernel.enabled Specifies whether to enable custom kernel parameters. false
    kernel.parameters The kernel parameters. The following kernel parameters are supported:
    Notice

    Specific kernel parameters that are supported by ASM may become invalid due to the kernel version of the host. If the situation occurs, the pod of the ingress gateway service may report errors.

    You can run the kubectl describe pod command to view the errors that are reported by the pod of the ingress gateway service. After you delete invalid parameters, containers can start as expected.

    The values of all the kernel parameters must be of the STRING type. YAML recognizes numbers as numeric values. Therefore, you must enclose each value in double quotation marks ("). Example: net.core.somaxconn: "65535".

    • net.core.somaxconn
    • net.core.netdev_max_backlog
    • net.ipv4.tcp_rmem
    • net.ipv4.tcp_wmem
    • net.ipv4.ip_local_port_range
    • net.ipv4.tcp_fin_timeout
    • net.ipv4.tcp_tw_timeout
    • net.ipv4.tcp_tw_reuse
    • net.ipv4.tcp_tw_recycle
    • net.ipv4.tcp_timestamps
    • net.ipv4.tcp_retries2
    • net.ipv4.tcp_slow_start_after_idle
    • net.ipv4.tcp_max_orphans
    • net.ipv4.tcp_max_syn_backlog
    • net.ipv4.tcp_no_metrics_save
    • net.ipv4.tcp_autocorking
    • kernel.printk
    • vm.swappiness
    		 N/A
    compression.enabled Specifies whether to enable the compression feature for the ingress gateway service. false
    compression.content_type The Content-Type headers to be compressed. Examples:
    • text/html
    • application/json
    		 N/A
    compression.disable_on_etag_header

    Specifies whether to disable the compression feature when an HTTP response includes the ETag header. If the parameter is set to true, the compression feature is disabled when the ETag header is included in an HTTP response.

    		false
    compression.min_content_length The threshold at which compression is triggered. The parameter value indicates the size of the Content-Length header. 30
    compression.remove_accept_encoding_header
    • Specifies whether to remove the Accept-Encoding header from an HTTP request that is sent by a client before the ingress gateway service forwards the HTTP request to an upstream server. If the parameter is set to true, the Accept-Encoding header is removed from the HTTP request.
    • If the parameter is set to false, the Accept-Encoding header is retained in the HTTP request.
    		false
    compression.gzip The compression format. Only the GZIP format is supported. If you want to enable the compression feature, this parameter is required. If the default values are used for all the other parameters, you must specify an empty value for this parameter. Example: gzip: {}. N/A
    compression.gzip.memory_level The memory usage level of the zlib library. Valid values: 1 to 9. A larger value of this parameter results in higher memory usage but a higher compression speed and better compression quality. 5
    compression.gzip.compression_level The compression level that is used by the zlib library. Valid values:
    Note DEFAULT_COMPRESSION is the default compression level. BEST_COMPRESSION indicates the highest compression quality. BEST_SPEED indicates the highest compression speed.
    • COMPRESSION_LEVEL_1 is equivalent to BEST_SPEED.
    • COMPRESSION_LEVEL_9 is equivalent to BEST_COMPRESSION.
    • COMPRESSION_LEVEL_6 is equivalent to DEFAULT_COMPRESSION.
    • COMPRESSION_LEVEL_1
    • COMPRESSION_LEVEL_2
    • COMPRESSION_LEVEL_3
    • COMPRESSION_LEVEL_4
    • COMPRESSION_LEVEL_5
    • COMPRESSION_LEVEL_6
    • COMPRESSION_LEVEL_7
    • COMPRESSION_LEVEL_8
    • COMPRESSION_LEVEL_9
    • DEFAULT_COMPRESSION
    • BEST_COMPRESSION
    • BEST_SPEED
    		 DEFAULT_COMPRESSION
    compression.gzip.compression_strategy The compression policy that is used by the zlib library. Valid values:
    • FILTERED
    • FIXED
    • HUFFMAN_ONLY
    • RLE
    		 DEFAULT_STRATEGY
    compression.gzip.window_bits The window size of the zlib library. Valid values: 9 to 15. 12
    compression.gzip.chunk_size The output buffer size of the zlib library. 4096
    hostNetwork Specifies whether to allow the pod of the ingress gateway service to access the network namespace of the host. If you set the hostNetwork parameter to true, the pod of the ingress gateway service is allowed to access the network namespace of the host. false
    dnsPolicy The Domain Name System (DNS) policy set for the pod of the ingress gateway service. For more information about DNS policies, see DNS for Services and Pods. ClusterFirst