Updates the configurations of an Alibaba Cloud Service Mesh (ASM) instance.
Debugging
Request parameters
Parameter | Type | Required | Example | Description |
---|---|---|---|---|
Action | String | Yes | UpdateMeshFeature |
The operation that you want to perform. Set the value to UpdateMeshFeature. |
ServiceMeshId | String | Yes | cb8963379255149cb98c8686f274x**** |
The ID of the ASM instance. |
Tracing | Boolean | No | false |
Specifies whether to enable the tracing feature. To enable this feature, make sure that you have activated Tracing Analysis. Valid values:
Default value: |
TraceSampling | Float | No | 100 |
The sampling percentage of tracing. |
LocalityLoadBalancing | Boolean | No | true |
Specifies whether cross-region load balancing is enabled. Valid values:
Default value: |
LocalityLBConf | String | No | null |
The configurations of cross-region load balancing. Valid values:
|
Telemetry | Boolean | No | false |
Specifies whether to enable Prometheus monitoring. We recommend that you use Prometheus Service of Application Real-Time Monitoring Service (ARMS). Valid values:
Default value: |
OpenAgentPolicy | Boolean | No | false |
Specifies whether to install the Open Policy Agent (OPA) plug-in. Valid values:
Default value: |
OPALogLevel | String | No | info |
The log level of OPA.
|
OPARequestCPU | String | No | 1 |
The number of CPU cores that are requested by OPA. |
OPARequestMemory | String | No | 512Mi |
The size of the memory that is requested by OPA. |
OPALimitCPU | String | No | 2 |
The maximum number of CPU cores that are available to OPA. |
OPALimitMemory | String | No | 1024Mi |
The maximum size of the memory that is available to OPA. |
EnableAudit | Boolean | No | false |
Specifies whether to enable the mesh audit feature. To enable this feature, make sure that you have activated Log Service. Valid values:
Default value: |
AuditProject | String | No | mesh-log-c08ba3fd1e64xxb0f8cc1ad8**** |
The name of the Log Service project that is used for mesh audit. Default value: |
CustomizedZipkin | Boolean | No | false |
Specifies whether to enable custom Zipkin system. Valid values:
Default value: |
OutboundTrafficPolicy | String | No | ALLOW_ANY |
The policy of handling outbound traffic. Valid values:
|
ProxyRequestCPU | String | No | 100m |
The number of CPU cores that are requested. |
ProxyRequestMemory | String | No | 128Mi |
The size of the memory that is requested. |
ProxyLimitCPU | String | No | 2000m |
The maximum number of CPU cores. |
ProxyLimitMemory | String | No | 1024Mi |
The maximum size of the memory. |
IncludeIPRanges | String | No | * |
The IP addresses that are denied to access external services. |
ExcludeIPRanges | String | No | 100.100.100.100 |
The IP addresses that are allowed to access external services. |
ExcludeOutboundPorts | String | No | 80,81 |
The outbound ports. Separate multiple port numbers with commas (,). |
IncludeInboundPorts | String | No | 80,81 |
The inbound ports that allow all inbound traffic to bypass the sidecar proxy. |
ExcludeInboundPorts | String | No | 80,81 |
The inbound ports. Separate multiple port numbers with commas (,). |
EnableNamespacesByDefault | Boolean | No | false |
Specifies whether to enable automatic sidecar injection for all namespaces. Valid values:
Default value: |
AutoInjectionPolicyEnabled | Boolean | No | false |
Specifies whether automatic sidecar injection can be enabled by using annotations. Valid values:
Default value: |
SidecarInjectorRequestCPU | String | No | 1000m |
The number of CPU cores that are requested by the sidecar injector pod. |
SidecarInjectorRequestMemory | String | No | 512Mi |
The size of the memory that is requested by the sidecar injector pod. |
SidecarInjectorLimitCPU | String | No | 4000m |
The maximum number of CPU cores that are available to the sidecar injector pod. |
SidecarInjectorLimitMemory | String | No | 2048Mi |
The maximum size of the memory that is available to the sidecar injector pod. |
SidecarInjectorWebhookAsYaml | String | No | null |
Other configurations of automatic sidecar injection, in the YAML format. |
CniEnabled | Boolean | No | false |
Specifies whether to enable the Container Network Interface (CNI) plug-in. Valid values:
Default value: |
CniExcludeNamespaces | String | No | kube-system |
The namespaces to be excluded for the CNI plug-in. |
OpaEnabled | Boolean | No | false |
Specifies whether to enable the OPA plug-in. Valid values:
Default value: |
Http10Enabled | Boolean | No | false |
Specifies whether to enable the support for HTTP 1.0. Valid values:
Default value: |
KialiEnabled | Boolean | No | false |
Specifies whether to enable Kiali. To enable this feature, make sure that you have enabled Prometheus monitoring. If Prometheus monitoring is disabled, the value of this parameter must be false. Valid values:
Default value: |
CustomizedPrometheus | Boolean | No | false |
Specifies whether to use a custom Prometheus instance. Valid values:
Default value: |
PrometheusUrl | String | No | http://prometheus:9090 |
The endpoint of Prometheus monitoring. If you use ARMS Prometheus, set this parameter to the endpoint of ARMS. |
AccessLogEnabled | Boolean | No | false |
Specifies whether to enable access log collection. Valid values:
Default value: |
MSEEnabled | Boolean | Yes | false |
Specifies whether to enable Microservice Engine (MSE). Valid values:
Default value: |
RedisFilterEnabled | Boolean | No | false |
Specifies whether to enable Redis Filter. Valid values:
Default value: |
MysqlFilterEnabled | Boolean | No | false |
Specifies whether to enable MySQL Filter. Valid values:
Default value: |
ThriftFilterEnabled | Boolean | No | false |
Specifies whether to enable Thrift Filter. Valid values:
Default value: |
WebAssemblyFilterEnabled | Boolean | No | false |
Specifies whether to enable WebAssembly Filter. Valid values:
Default value: |
DNSProxyingEnabled | Boolean | No | false |
Specifies whether to enable DNS Proxying. Valid values:
Default value: |
DubboFilterEnabled | Boolean | No | false |
Specifies whether to enable Dubbo Filter. Valid values:
Default value: |
FilterGatewayClusterConfig | Boolean | No | false |
Specifies whether to enable gateway configuration filtering. Valid values:
Default value: |
EnableSDSServer | Boolean | No | false |
Specifies whether to enable Secret Discovery Service (SDS). Valid values:
Default value: |
AccessLogServiceEnabled | Boolean | No | false |
Specifies whether to enable gRPC Access Log Service (ALS) for Envoy. Valid values:
Default value: |
AccessLogServiceHost | String | No | 0.0.0.0 |
The endpoint of gRPC ALS for Envoy. |
AccessLogServicePort | Integer | No | 9999 |
The port of gRPC ALS for Envoy. |
GatewayAPIEnabled | Boolean | No | false |
Specifies whether to enable Gateway API. Valid values:
Default value: |
ConfigSourceEnabled | Boolean | No | false |
Specifies whether to enable service registry. Valid values:
Default value: |
ConfigSourceNacosID | String | No | mse-cn-tl326****** |
The instance ID of the Nacos registry. |
AccessLogFormat | String | No | null |
The custom format of access logs. To set this parameter, you must enable access log collection. Otherwise, you cannot set this parameter. The value must be a JSON string. The following key values must be contained: authority_for, bytes_received, bytes_sent, downstream_local_address, downstream_remote_address, duration, istio_policy_status, method, path, protocol, requested_server_name, response_code, response_flags, route_name, start_time, trace_id, upstream_cluster, upstream_host, upstream_local_address, upstream_service_time, upstream_transport_failure_reason, user_agent, and x_forwarded_for. |
AccessLogFile | String | No | "" |
Specifies whether to enable access logging. Valid values:
|
AccessLogProject | String | No | mesh-log-cf245a429b6ff4b6e97f20797758eefd4 |
The custom project on which the Log Service collects logs. |
EnableCRHistory | Boolean | No | false |
Specifies whether to enable the rollback feature for Istio resources. |
CRAggregationEnabled | Boolean | No | false |
Specifies whether to use the Kubernetes API of clusters on the data plane to access Istio resources. The version of the ASM instance must be V1.9.7.93 or later. |
TerminationDrainDuration | String | No | 5s |
The maximum period of time that Istio Proxy waits for a request to end. For example, if you want to specify a period of 5 seconds, set this parameter to 5s. |
ProxyInitCPUResourceLimit | String | No | 2000m |
The maximum number of CPU cores that are available to the istio-init container. |
ProxyInitMemoryResourceLimit | String | No | 1024Mi |
The maximum size of the memory that is available to the istio-init container. |
ProxyInitCPUResourceRequest | String | No | 10m |
The number of CPU cores that are required by the istio-init container. |
ProxyInitMemoryResourceRequest | String | No | 10Mi |
The size of the memory that is required by the istio-init container. |
Lifecycle | String | No | null |
The lifecycle of Istio Proxy. |
MultiBufferEnabled | Boolean | No | false |
Enables Transport Layer Security (TLS) acceleration based on MultiBuffer. |
MultiBufferPollDelay | String | No | 0.02s |
The pull-request latency. By default, this parameter is left empty. |
DiscoverySelectors | String | No | [{"matchExpressions":[{"key":"asm-discovery","operator":"Exists"}]}] |
The label selectors used to specify the namespaces of the clusters on the data plane for selective service discovery. |
GlobalRateLimitEnabled | Boolean | No | false |
Specifies whether to enable the AHAS throttling feature. Valid values:
Default value: |
ClusterSpec | String | No | standard |
The edition of the ASM instance. Valid values:
|
OPAScopeInjected | Boolean | No | false |
Specifies whether to enable the feature of controlling the OPA injection scope. Valid values:
|
OPAInjectorCPURequirement | String | No | 80m |
The minimum number of CPU cores requested by the pod to which OPA is injected. A value of 1000m indicates one CPU core. |
OPAInjectorMemoryRequirement | String | No | 50Mi |
The minimum size of the memory requested by the pod to which OPA is injected. A value of 80Mi indicates 80 MB. |
OPAInjectorCPULimit | String | No | 1000m |
The maximum number of CPU cores requested by the pod to which OPA is injected. A value of 1000m indicates one CPU core. |
OPAInjectorMemoryLimit | String | No | 1024Mi |
The maximum size of the memory requested by the pod to which OPA is injected. A value of 1024Mi indicates 1,024 MB. |
Response parameters
Parameter | Type | Example | Description |
---|---|---|---|
RequestId | String | BD65C0AD-D3C6-48D3-8D93-38D2015C**** |
The ID of the request. |
Examples
Sample requests
http(s)://[Endpoint]/?Action=UpdateMeshFeature
&ServiceMeshId=cb8963379255149cb98c8686f274x****
&Tracing=false
&TraceSampling=100.0
&LocalityLoadBalancing=true
&LocalityLBConf={"failover":[{"from":"cn-hangzhou","to":"cn-shanghai"}]}
&Telemetry=false
&OpenAgentPolicy=false
&OPALogLevel=info
&OPARequestCPU=1
&OPARequestMemory=512Mi
&OPALimitCPU=2
&OPALimitMemory=1024Mi
&EnableAudit=false
&AuditProject=mesh-log-c08ba3fd1e64xxb0f8cc1ad8****
&CustomizedZipkin=false
&OutboundTrafficPolicy=ALLOW_ANY
&ProxyRequestCPU=100m
&ProxyRequestMemory=128Mi
&ProxyLimitCPU=2000m
&ProxyLimitMemory=1024Mi
&IncludeIPRanges=*
&ExcludeIPRanges=100.100.100.100
&ExcludeOutboundPorts=80,81
&IncludeInboundPorts=80,81
&ExcludeInboundPorts=80,81
&EnableNamespacesByDefault=false
&AutoInjectionPolicyEnabled=false
&SidecarInjectorRequestCPU=1000m
&SidecarInjectorRequestMemory=512Mi
&SidecarInjectorLimitCPU=4000m
&SidecarInjectorLimitMemory=2048Mi
&SidecarInjectorWebhookAsYaml={"injectedAnnotations":{"test/istio-init":"runtime/default2","test/istio-proxy":"runtime/default"},"replicaCount":2,"nodeSelector":{"beta.kubernetes.io/os":"linux"}}
&CniEnabled=false
&CniExcludeNamespaces=kube-system
&OpaEnabled=false
&Http10Enabled=false
&KialiEnabled=false
&CustomizedPrometheus=false
&PrometheusUrl=http://prometheus:9090
&AccessLogEnabled=false
&MSEEnabled=false
&RedisFilterEnabled=false
&MysqlFilterEnabled=false
&ThriftFilterEnabled=false
&WebAssemblyFilterEnabled=false
&DNSProxyingEnabled=false
&DubboFilterEnabled=false
&FilterGatewayClusterConfig=false
&EnableSDSServer=false
&AccessLogServiceEnabled=false
&AccessLogServiceHost=0.0.0.0
&AccessLogServicePort=9999
&GatewayAPIEnabled=false
&ConfigSourceEnabled=false
&ConfigSourceNacosID=mse-cn-tl326******
&AccessLogFormat={"authority_for":"%REQ(:AUTHORITY)%","bytes_received":"%BYTES_RECEIVED%","bytes_sent":"%BYTES_SENT%","downstream_local_address":"%DOWNSTREAM_LOCAL_ADDRESS%","downstream_remote_address":"%DOWNSTREAM_REMOTE_ADDRESS%","duration":"%DURATION%","istio_policy_status":"%DYNAMIC_METADATA(istio.mixer:status)%","method":"%REQ(:METHOD)%","path":"%REQ(X-ENVOY-ORIGINAL-PATH?:PATH)%","protocol":"%PROTOCOL%","request_id":"%REQ(X-REQUEST-ID)%","requested_server_name":"%REQUESTED_SERVER_NAME%","response_code":"%RESPONSE_CODE%","response_flags":"%RESPONSE_FLAGS%","route_name":"%ROUTE_NAME%","start_time":"%START_TIME%","trace_id":"%REQ(X-B3-TRACEID)%","upstream_cluster":"%UPSTREAM_CLUSTER%","upstream_host":"%UPSTREAM_HOST%","upstream_local_address":"%UPSTREAM_LOCAL_ADDRESS%","upstream_service_time":"%RESP(X-ENVOY-UPSTREAM-SERVICE-TIME)%","upstream_transport_failure_reason":"%UPSTREAM_TRANSPORT_FAILURE_REASON%","user_agent":"%REQ(USER-AGENT)%","x_forwarded_for":"%REQ(X-FORWARDED-FOR)%"}
&AccessLogFile=""
&AccessLogProject=mesh-log-cf245a429b6ff4b6e97f20797758eefd4
&EnableCRHistory=false
&CRAggregationEnabled=false
&TerminationDrainDuration=5s
&ProxyInitCPUResourceLimit=2000m
&ProxyInitMemoryResourceLimit=1024Mi
&ProxyInitCPUResourceRequest=10m
&ProxyInitMemoryResourceRequest=10Mi
&Lifecycle={"postStart":{"exec":{"command":["pilot-agent","wait"]}},"preStop":{"exec":{"command":["/bin/sh","-c","sleep 15"]}}}
&MultiBufferEnabled=false
&MultiBufferPollDelay=0.02s
&DiscoverySelectors=[{"matchExpressions":[{"key":"asm-discovery","operator":"Exists"}]}]
&<Common request parameters>
Sample success responses
XML
format
HTTP/1.1 200 OK
Content-Type:application/xml
<UpdateMeshFeatureResponse>
<RequestId>BD65C0AD-D3C6-48D3-8D93-38D2015C****</RequestId>
</UpdateMeshFeatureResponse>
JSON
format
HTTP/1.1 200 OK
Content-Type:application/json
{
"RequestId" : "BD65C0AD-D3C6-48D3-8D93-38D2015C****"
}
Error codes
For a list of error codes, visit the API Error Center.