Updates the configurations of an Alibaba Cloud Service Mesh (ASM) instance.

Debugging

OpenAPI Explorer automatically calculates the signature value. For your convenience, we recommend that you call this operation in OpenAPI Explorer. OpenAPI Explorer dynamically generates the sample code of the operation for different SDKs.

Request parameters

Parameter Type Required Example Description
Action String Yes UpdateMeshFeature

The operation that you want to perform. Set the value to UpdateMeshFeature.

ServiceMeshId String Yes cb8963379255149cb98c8686f274x****

The ID of the ASM instance.
Tracing Boolean No false

Specifies whether to enable the tracing feature. To enable this feature, make sure that you have activated Tracing Analysis. Valid values:

  • true: enables the tracing feature.
  • false: disables the tracing feature.

Default value: false
TraceSampling Float No 100

The sampling percentage of tracing.
LocalityLoadBalancing Boolean No true

Specifies whether cross-region load balancing is enabled. Valid values:

  • true: enables cross-region load balancing.
  • false: disables cross-region load balancing.

Default value: false
LocalityLBConf String No null

The configurations of cross-region load balancing. Valid values:

  • failover: the configurations of cross-region failover. Example:
    
    failover: [// The struct that indicates the configurations of cross-region failover.
        {
            // If a service fails in the China (Beijing) region, the traffic is redirected to the same service in the China (Hangzhou) region.
            from: "cn-beijing", 
            to: "cn-hangzhou",
        }
    ]
  • distribute: the configurations of cross-region traffic distribution. Example: 

distribute: [ // The struct that indicates the configurations of cross-region traffic distribution. 
        {
            // For traffic that is routed to the China (Beijing) region, 70% of the traffic is allocated to the China (Beijing) region and the rest of the traffic is redirected to the China (Hangzhou) region.
            "from": "cn-beijing",
            "to": {
                "cn-beijing": 70,
                "cn-hangzhou": 30,
            }
        }
    ]
Telemetry Boolean No false

Specifies whether to enable Prometheus monitoring. We recommend that you use Prometheus Service of Application Real-Time Monitoring Service (ARMS). Valid values:

  • true: enables Prometheus monitoring.
  • false: disables Prometheus monitoring.

Default value: false
OpenAgentPolicy Boolean No false

Specifies whether to install the Open Policy Agent (OPA) plug-in. Valid values:

  • true: installs the OPA plug-in.
  • false: does not install the OPA plug-in.

Default value: false
OPALogLevel String No info

The log level of OPA.

  • info: logs all information.
  • debug: logs debugging and error information.
  • error: logs only error information.
OPARequestCPU String No 1

The number of CPU cores that are requested by OPA.
OPARequestMemory String No 512Mi

The size of the memory that is requested by OPA.
OPALimitCPU String No 2

The maximum number of CPU cores that are available to OPA.
OPALimitMemory String No 1024Mi

The maximum size of the memory that is available to OPA.
EnableAudit Boolean No false

Specifies whether to enable the mesh audit feature. To enable this feature, make sure that you have activated Log Service. Valid values:

  • true: enables the mesh audit feature.
  • false: disables the mesh audit feature.

Default value: false
AuditProject String No mesh-log-c08ba3fd1e64xxb0f8cc1ad8****

The name of the Log Service project that is used for mesh audit.

Default value: mesh-log-{meshId}
CustomizedZipkin Boolean No false

Specifies whether to enable custom Zipkin system. Valid values:

  • true: enables custom Zipkin system.
  • false: disables custom Zipkin system.

Default value: false
OutboundTrafficPolicy String No ALLOW_ANY

The policy of handling outbound traffic. Valid values:

  • ALLOW_ANY: allows outbound traffic to external services.
  • REGISTRY_ONLY: allows outbound traffic to only external services defined in the service registry of the ASM instance.
ProxyRequestCPU String No 100m

The number of CPU cores that are requested.
ProxyRequestMemory String No 128Mi

The size of the memory that is requested.
ProxyLimitCPU String No 2000m

The maximum number of CPU cores.
ProxyLimitMemory String No 1024Mi

The maximum size of the memory.
IncludeIPRanges String No *

The IP addresses that are denied to access external services.
ExcludeIPRanges String No 100.100.100.100

The IP addresses that are allowed to access external services.
ExcludeOutboundPorts String No 80,81

The outbound ports. Separate multiple port numbers with commas (,).
IncludeInboundPorts String No 80,81

The inbound ports that allow all inbound traffic to bypass the sidecar proxy.
ExcludeInboundPorts String No 80,81

The inbound ports. Separate multiple port numbers with commas (,).
EnableNamespacesByDefault Boolean No false

Specifies whether to enable automatic sidecar injection for all namespaces. Valid values:

  • true: enables automatic sidecar injection for all namespaces.
  • false: disables automatic sidecar injection for all namespaces.

Default value: false
AutoInjectionPolicyEnabled Boolean No false

Specifies whether automatic sidecar injection can be enabled by using annotations. Valid values:

  • true: specifies that automatic sidecar injection can be enabled by using annotations.
  • false: specifies that automatic sidecar injection cannot be enabled by using annotations.

Default value: false
SidecarInjectorRequestCPU String No 1000m

The number of CPU cores that are requested by the sidecar injector pod.
SidecarInjectorRequestMemory String No 512Mi

The size of the memory that is requested by the sidecar injector pod.
SidecarInjectorLimitCPU String No 4000m

The maximum number of CPU cores that are available to the sidecar injector pod.
SidecarInjectorLimitMemory String No 2048Mi

The maximum size of the memory that is available to the sidecar injector pod.
SidecarInjectorWebhookAsYaml String No null

Other configurations of automatic sidecar injection, in the YAML format.
CniEnabled Boolean No false

Specifies whether to enable the Container Network Interface (CNI) plug-in. Valid values:

  • true: enables the CNI plug-in.
  • false: disables the CNI plug-in.

Default value: false
CniExcludeNamespaces String No kube-system

The namespaces to be excluded for the CNI plug-in.
OpaEnabled Boolean No false

Specifies whether to enable the OPA plug-in. Valid values:

  • true: enables the OPA plug-in.
  • false: disables the OPA plug-in.

Default value: false
Http10Enabled Boolean No false

Specifies whether to enable the support for HTTP 1.0. Valid values:

  • true: enables the support for HTTP 1.0.
  • false: disables the support for HTTP 1.0.

Default value: false
KialiEnabled Boolean No false

Specifies whether to enable Kiali. To enable this feature, make sure that you have enabled Prometheus monitoring. If Prometheus monitoring is disabled, the value of this parameter must be false. Valid values:

  • true: enables Kiali.
  • false: disables Kiali.

Default value: false
CustomizedPrometheus Boolean No false

Specifies whether to use a custom Prometheus instance. Valid values:

  • true: uses a custom Prometheus instance.
  • false: does not use a custom Prometheus instance.

Default value: false
PrometheusUrl String No http://prometheus:9090

The endpoint of Prometheus monitoring. If you use ARMS Prometheus, set this parameter to the endpoint of ARMS.

AccessLogEnabled Boolean No false

Specifies whether to enable access log collection. Valid values:

  • true: enables access log collection.
  • false: disables access log collection.

Default value: false
MSEEnabled Boolean Yes false

Specifies whether to enable Microservice Engine (MSE). Valid values:

  • true: enables MSE.
  • false: disables MSE.

Default value: false
RedisFilterEnabled Boolean No false

Specifies whether to enable Redis Filter. Valid values:

  • true: enables Redis Filter.
  • false: disables Redis Filter.

Default value: false
MysqlFilterEnabled Boolean No false

Specifies whether to enable MySQL Filter. Valid values:

  • true: enables MySQL Filter.
  • false: disables MySQL Filter.

Default value: false
ThriftFilterEnabled Boolean No false

Specifies whether to enable Thrift Filter. Valid values:

  • true: enables Thrift Filter.
  • false: disables Thrift Filter.

Default value: false
WebAssemblyFilterEnabled Boolean No false

Specifies whether to enable WebAssembly Filter. Valid values:

  • true: enables WebAssembly Filter.
  • false: disables WebAssembly Filter.

Default value: false
DNSProxyingEnabled Boolean No false

Specifies whether to enable DNS Proxying. Valid values:

  • true: enables DNS Proxying.
  • false: disables DNS Proxying.

Default value: false
DubboFilterEnabled Boolean No false

Specifies whether to enable Dubbo Filter. Valid values:

  • true: enables Dubbo Filter.
  • false: disables Dubbo Filter.

Default value: false
FilterGatewayClusterConfig Boolean No false

Specifies whether to enable gateway configuration filtering. Valid values:

  • true: enables Gateway configuration filtering.
  • false: disables Gateway configuration filtering.

Default value: false
EnableSDSServer Boolean No false

Specifies whether to enable Secret Discovery Service (SDS). Valid values:

  • true: enables SDS.
  • false: disables SDS.

Default value: false
AccessLogServiceEnabled Boolean No false

Specifies whether to enable gRPC Access Log Service (ALS) for Envoy. Valid values:

  • true: enables gRPC ALS.
  • false: disables gRPC ALS.

Default value: false
AccessLogServiceHost String No 0.0.0.0

The endpoint of gRPC ALS for Envoy.
AccessLogServicePort Integer No 9999

The port of gRPC ALS for Envoy.
GatewayAPIEnabled Boolean No false

Specifies whether to enable Gateway API. Valid values:

  • true: enables Gateway API.
  • false: disables Gateway API.

Default value: false
ConfigSourceEnabled Boolean No false

Specifies whether to enable service registry. Valid values:

  • true: enables service registry.
  • false: disables service registry.

Default value: false
ConfigSourceNacosID String No mse-cn-tl326******

The instance ID of the Nacos registry.
AccessLogFormat String No null

The custom format of access logs. To set this parameter, you must enable access log collection. Otherwise, you cannot set this parameter. The value must be a JSON string. The following key values must be contained: authority_for, bytes_received, bytes_sent, downstream_local_address, downstream_remote_address, duration, istio_policy_status, method, path, protocol, requested_server_name, response_code, response_flags, route_name, start_time, trace_id, upstream_cluster, upstream_host, upstream_local_address, upstream_service_time, upstream_transport_failure_reason, user_agent, and x_forwarded_for.

AccessLogFile String No ""

Specifies whether to enable access logging. Valid values:

  • "": disables access logging.
  • /dev/stdout: enables access logging. /dev/stdout indicates the file address for the access log.
AccessLogProject String No mesh-log-cf245a429b6ff4b6e97f20797758eefd4

The custom project on which the Log Service collects logs.
EnableCRHistory Boolean No false

Specifies whether to enable the rollback feature for Istio resources.
CRAggregationEnabled Boolean No false

Specifies whether to use the Kubernetes API of clusters on the data plane to access Istio resources. The version of the ASM instance must be V1.9.7.93 or later.

TerminationDrainDuration String No 5s

The maximum period of time that Istio Proxy waits for a request to end. For example, if you want to specify a period of 5 seconds, set this parameter to 5s.

ProxyInitCPUResourceLimit String No 2000m

The maximum number of CPU cores that are available to the istio-init container.
ProxyInitMemoryResourceLimit String No 1024Mi

The maximum size of the memory that is available to the istio-init container.
ProxyInitCPUResourceRequest String No 10m

The number of CPU cores that are required by the istio-init container.
ProxyInitMemoryResourceRequest String No 10Mi

The size of the memory that is required by the istio-init container.
Lifecycle String No null

The lifecycle of Istio Proxy.
MultiBufferEnabled Boolean No false

Enables Transport Layer Security (TLS) acceleration based on MultiBuffer.
MultiBufferPollDelay String No 0.02s

The pull-request latency. By default, this parameter is left empty.

DiscoverySelectors String No [{"matchExpressions":[{"key":"asm-discovery","operator":"Exists"}]}]

The label selectors used to specify the namespaces of the clusters on the data plane for selective service discovery.

GlobalRateLimitEnabled Boolean No false

Specifies whether to enable the AHAS throttling feature. Valid values:

  • true: enables the feature.
  • false: disables the feature.

Default value: false

ClusterSpec String No standard

The edition of the ASM instance. Valid values:

  • standard: Standard Edition
  • enterprise: Enterprise Edition
  • ultimate: Ultimate Edition
OPAScopeInjected Boolean No false

Specifies whether to enable the feature of controlling the OPA injection scope. Valid values:

  • true: enables the feature of controlling the OPA injection scope.
  • false: disables the feature of controlling the OPA injection scope.
OPAInjectorCPURequirement String No 80m

The minimum number of CPU cores requested by the pod to which OPA is injected. A value of 1000m indicates one CPU core.

OPAInjectorMemoryRequirement String No 50Mi

The minimum size of the memory requested by the pod to which OPA is injected. A value of 80Mi indicates 80 MB.

OPAInjectorCPULimit String No 1000m

The maximum number of CPU cores requested by the pod to which OPA is injected. A value of 1000m indicates one CPU core.

OPAInjectorMemoryLimit String No 1024Mi

The maximum size of the memory requested by the pod to which OPA is injected. A value of 1024Mi indicates 1,024 MB.

Response parameters

Parameter Type Example Description
RequestId String BD65C0AD-D3C6-48D3-8D93-38D2015C****

The ID of the request.

Examples

Sample requests

http(s)://[Endpoint]/?Action=UpdateMeshFeature
&ServiceMeshId=cb8963379255149cb98c8686f274x****
&Tracing=false
&TraceSampling=100.0
&LocalityLoadBalancing=true
&LocalityLBConf={"failover":[{"from":"cn-hangzhou","to":"cn-shanghai"}]}
&Telemetry=false
&OpenAgentPolicy=false
&OPALogLevel=info
&OPARequestCPU=1
&OPARequestMemory=512Mi
&OPALimitCPU=2
&OPALimitMemory=1024Mi
&EnableAudit=false
&AuditProject=mesh-log-c08ba3fd1e64xxb0f8cc1ad8****
&CustomizedZipkin=false
&OutboundTrafficPolicy=ALLOW_ANY
&ProxyRequestCPU=100m
&ProxyRequestMemory=128Mi
&ProxyLimitCPU=2000m
&ProxyLimitMemory=1024Mi
&IncludeIPRanges=*
&ExcludeIPRanges=100.100.100.100
&ExcludeOutboundPorts=80,81
&IncludeInboundPorts=80,81
&ExcludeInboundPorts=80,81
&EnableNamespacesByDefault=false
&AutoInjectionPolicyEnabled=false
&SidecarInjectorRequestCPU=1000m
&SidecarInjectorRequestMemory=512Mi
&SidecarInjectorLimitCPU=4000m
&SidecarInjectorLimitMemory=2048Mi
&SidecarInjectorWebhookAsYaml={"injectedAnnotations":{"test/istio-init":"runtime/default2","test/istio-proxy":"runtime/default"},"replicaCount":2,"nodeSelector":{"beta.kubernetes.io/os":"linux"}}
&CniEnabled=false
&CniExcludeNamespaces=kube-system
&OpaEnabled=false
&Http10Enabled=false
&KialiEnabled=false
&CustomizedPrometheus=false
&PrometheusUrl=http://prometheus:9090
&AccessLogEnabled=false
&MSEEnabled=false
&RedisFilterEnabled=false
&MysqlFilterEnabled=false
&ThriftFilterEnabled=false
&WebAssemblyFilterEnabled=false
&DNSProxyingEnabled=false
&DubboFilterEnabled=false
&FilterGatewayClusterConfig=false
&EnableSDSServer=false
&AccessLogServiceEnabled=false
&AccessLogServiceHost=0.0.0.0
&AccessLogServicePort=9999
&GatewayAPIEnabled=false
&ConfigSourceEnabled=false
&ConfigSourceNacosID=mse-cn-tl326******
&AccessLogFormat={"authority_for":"%REQ(:AUTHORITY)%","bytes_received":"%BYTES_RECEIVED%","bytes_sent":"%BYTES_SENT%","downstream_local_address":"%DOWNSTREAM_LOCAL_ADDRESS%","downstream_remote_address":"%DOWNSTREAM_REMOTE_ADDRESS%","duration":"%DURATION%","istio_policy_status":"%DYNAMIC_METADATA(istio.mixer:status)%","method":"%REQ(:METHOD)%","path":"%REQ(X-ENVOY-ORIGINAL-PATH?:PATH)%","protocol":"%PROTOCOL%","request_id":"%REQ(X-REQUEST-ID)%","requested_server_name":"%REQUESTED_SERVER_NAME%","response_code":"%RESPONSE_CODE%","response_flags":"%RESPONSE_FLAGS%","route_name":"%ROUTE_NAME%","start_time":"%START_TIME%","trace_id":"%REQ(X-B3-TRACEID)%","upstream_cluster":"%UPSTREAM_CLUSTER%","upstream_host":"%UPSTREAM_HOST%","upstream_local_address":"%UPSTREAM_LOCAL_ADDRESS%","upstream_service_time":"%RESP(X-ENVOY-UPSTREAM-SERVICE-TIME)%","upstream_transport_failure_reason":"%UPSTREAM_TRANSPORT_FAILURE_REASON%","user_agent":"%REQ(USER-AGENT)%","x_forwarded_for":"%REQ(X-FORWARDED-FOR)%"}
&AccessLogFile=""
&AccessLogProject=mesh-log-cf245a429b6ff4b6e97f20797758eefd4
&EnableCRHistory=false
&CRAggregationEnabled=false
&TerminationDrainDuration=5s
&ProxyInitCPUResourceLimit=2000m
&ProxyInitMemoryResourceLimit=1024Mi
&ProxyInitCPUResourceRequest=10m
&ProxyInitMemoryResourceRequest=10Mi
&Lifecycle={"postStart":{"exec":{"command":["pilot-agent","wait"]}},"preStop":{"exec":{"command":["/bin/sh","-c","sleep 15"]}}}
&MultiBufferEnabled=false
&MultiBufferPollDelay=0.02s
&DiscoverySelectors=[{"matchExpressions":[{"key":"asm-discovery","operator":"Exists"}]}]
&<Common request parameters>

Sample success responses

XML format 

HTTP/1.1 200 OK
Content-Type:application/xml

<UpdateMeshFeatureResponse>
    <RequestId>BD65C0AD-D3C6-48D3-8D93-38D2015C****</RequestId>
</UpdateMeshFeatureResponse>

JSON format 

HTTP/1.1 200 OK
Content-Type:application/json

{
  "RequestId" : "BD65C0AD-D3C6-48D3-8D93-38D2015C****"
}

Error codes

For a list of error codes, visit the API Error Center.