Updates the configurations of an Alibaba Cloud Service Mesh (ASM) instance.

Debugging

OpenAPI Explorer automatically calculates the signature value. For your convenience, we recommend that you call this operation in OpenAPI Explorer. OpenAPI Explorer dynamically generates the sample code of the operation for different SDKs.

Request parameters

Parameter Type Required Example Description
Action String Yes UpdateMeshFeature

The operation that you want to perform. Set the value to UpdateMeshFeature.

ServiceMeshId String Yes cb8963379255149cb98c8686f274x****

The ID of the ASM instance.

Tracing Boolean No false

Specifies whether to enable the tracing feature. To enable this feature, make sure that you have activated Tracing Analysis. Valid values:

  • true: enables the tracing feature.
  • false: disables the tracing feature.

Default value: false

TraceSampling Float No 100

The sampling percentage of tracing.

LocalityLoadBalancing Boolean No true

Specifies whether to enable the feature of routing traffic to the nearest instance. Valid values:

  • true: enables the feature.
  • false: disables the feature.

Default value: false

LocalityLBConf String No null

The configurations for the access to the nearest instance.

Telemetry Boolean No false

Specifies whether to enable Prometheus monitoring. We recommend that you use Prometheus Service of Application Real-Time Monitoring Service (ARMS). Valid values:

  • true: enables Prometheus monitoring.
  • false: disables Prometheus monitoring.

Default value: false

OpenAgentPolicy Boolean No false

Specifies whether to install the Open Policy Agent (OPA) plug-in. Valid values:

  • true: installs the OPA plug-in.
  • false: does not install the OPA plug-in.

Default value: false

OPALogLevel String No info

The log level of OPA.

  • info: logs all information.
  • debug: logs debugging and error information.
  • error: logs only error information.
OPARequestCPU String No 1

The number of CPU cores that are requested by OPA.

OPARequestMemory String No 512Mi

The size of the memory that is requested by OPA.

OPALimitCPU String No 2

The maximum number of CPU cores that are available to OPA.

OPALimitMemory String No 1024Mi

The maximum size of the memory that is available to OPA.

EnableAudit Boolean No false

Specifies whether to enable the mesh audit feature. To enable this feature, make sure that you have activated Log Service. Valid values:

  • true: enables the mesh audit feature.
  • false: disables the mesh audit feature.

Default value: false

AuditProject String No mesh-log-c08ba3fd1e64xxb0f8cc1ad8****

The name of the Log Service project that is used for mesh audit.

Default value: mesh-log-{meshId}

CustomizedZipkin Boolean No false

Specifies whether to enable custom Zipkin system. Valid values:

  • true: enables custom Zipkin system.
  • false: disables custom Zipkin system.

Default value: false

OutboundTrafficPolicy String No ALLOW_ANY

The policy of handling outbound traffic. Valid values:

  • ALLOW_ANY: allows outbound traffic to external services.
  • REGISTRY_ONLY: allows outbound traffic to only external services defined in the service registry of the ASM instance.
ProxyRequestCPU String No 100m

The number of CPU cores that are requested.

ProxyRequestMemory String No 128Mi

The size of the memory that is requested.

ProxyLimitCPU String No 2000m

The maximum number of CPU cores.

ProxyLimitMemory String No 1024Mi

The maximum size of the memory.

IncludeIPRanges String No *

The IP addresses that are denied to access external services.

ExcludeIPRanges String No 100.100.100.100

The IP addresses that are allowed to access external services.

ExcludeOutboundPorts String No 80,81

The outbound ports. Separate multiple port numbers with commas (,).

IncludeInboundPorts String No 80,81

The inbound ports that allow all inbound traffic to bypass the sidecar proxy.

ExcludeInboundPorts String No 80,81

The inbound ports. Separate multiple port numbers with commas (,).

EnableNamespacesByDefault Boolean No false

Specifies whether to enable automatic sidecar injection for all namespaces. Valid values:

  • true: enables automatic sidecar injection for all namespaces.
  • false: disables automatic sidecar injection for all namespaces.

Default value: false

AutoInjectionPolicyEnabled Boolean No false

Specifies whether automatic sidecar injection can be enabled by using annotations. Valid values:

  • true: specifies that automatic sidecar injection can be enabled by using annotations.
  • false: specifies that automatic sidecar injection cannot be enabled by using annotations.

Default value: false

SidecarInjectorRequestCPU String No 1000m

The number of CPU cores that are requested by the sidecar injector pod.

SidecarInjectorRequestMemory String No 512Mi

The size of the memory that is requested by the sidecar injector pod.

SidecarInjectorLimitCPU String No 4000m

The maximum number of CPU cores that are available to the sidecar injector pod.

SidecarInjectorLimitMemory String No 2048Mi

The maximum size of the memory that is available to the sidecar injector pod.

SidecarInjectorWebhookAsYaml String No null

Other configurations of automatic sidecar injection, in the YAML format.

CniEnabled Boolean No false

Specifies whether to enable the Container Network Interface (CNI) plug-in. Valid values:

  • true: enables the CNI plug-in.
  • false: disables the CNI plug-in.

Default value: false

CniExcludeNamespaces String No kube-system

The namespaces to be excluded for the CNI plug-in.

OpaEnabled Boolean No false

Specifies whether to enable the OPA plug-in. Valid values:

  • true: enables the OPA plug-in.
  • false: disables the OPA plug-in.

Default value: false

Http10Enabled Boolean No false

Specifies whether to enable the support for HTTP 1.0. Valid values:

  • true: enables the support for HTTP 1.0.
  • false: disables the support for HTTP 1.0.

Default value: false

KialiEnabled Boolean No false

Specifies whether to enable Kiali. To enable this feature, make sure that you have enabled Prometheus monitoring. If Prometheus monitoring is disabled, the value of this parameter must be false. Valid values:

  • true: enables Kiali.
  • false: disables Kiali.

Default value: false

CustomizedPrometheus Boolean No false

Specifies whether to use a custom Prometheus instance. Valid values:

  • true: uses a custom Prometheus instance.
  • false: does not use a custom Prometheus instance.

Default value: false

PrometheusUrl String No http://prometheus:9090

The endpoint of Prometheus monitoring. If you use ARMS Prometheus, set this parameter to the endpoint of ARMS.

AccessLogEnabled Boolean No false

Specifies whether to enable access log collection. Valid values:

  • true: enables access log collection.
  • false: disables access log collection.

Default value: false

MSEEnabled Boolean Yes false

Specifies whether to enable Microservice Engine (MSE). Valid values:

  • true: enables MSE.
  • false: disables MSE.

Default value: false

RedisFilterEnabled Boolean No false

Specifies whether to enable Redis Filter. Valid values:

  • true: enables Redis Filter.
  • false: disables Redis Filter.

Default value: false

MysqlFilterEnabled Boolean No false

Specifies whether to enable MySQL Filter. Valid values:

  • true: enables MySQL Filter.
  • false: disables MySQL Filter.

Default value: false

ThriftFilterEnabled Boolean No false

Specifies whether to enable Thrift Filter. Valid values:

  • true: enables Thrift Filter.
  • false: disables Thrift Filter.

Default value: false

WebAssemblyFilterEnabled Boolean No false

Specifies whether to enable WebAssembly Filter. Valid values:

  • true: enables WebAssembly Filter.
  • false: disables WebAssembly Filter.

Default value: false

DNSProxyingEnabled Boolean No false

Specifies whether to enable DNS Proxying. Valid values:

  • true: enables DNS Proxying.
  • false: disables DNS Proxying.

Default value: false

DubboFilterEnabled Boolean No false

Specifies whether to enable Dubbo Filter. Valid values:

  • true: enables Dubbo Filter.
  • false: disables Dubbo Filter.

Default value: false

FilterGatewayClusterConfig Boolean No false

Specifies whether to enable gateway configuration filtering. Valid values:

  • true: enables gateway configuration filtering.
  • false: disables gateway configuration filtering.

Default value: false

EnableSDSServer Boolean No false

Specifies whether to enable Secret Discovery Service (SDS). Valid values:

  • true: enables SDS.
  • false: disables SDS.

Default value: false

AccessLogServiceEnabled Boolean No false

Specifies whether to enable gRPC Access Log Service (ALS) for Envoy. Valid values:

  • true: enables gRPC ALS.
  • false: disables gRPC ALS.

Default value: false

AccessLogServiceHost String No 0.0.0.0

The endpoint of gRPC ALS for Envoy.

AccessLogServicePort Integer No 9999

The port of gRPC ALS for Envoy.

GatewayAPIEnabled Boolean No false

Specifies whether to enable Gateway API. Valid values:

  • true: enables Gateway API.
  • false: disables Gateway API.

Default value: false

ConfigSourceEnabled Boolean No false

Specifies whether to enable service registry. Valid values:

  • true: enables service registry.
  • false: disables service registry.

Default value: false

ConfigSourceNacosID String No mse-cn-tl326******

The instance ID of the Nacos registry.

AccessLogFormat String No null

The custom format of access logs. To set this parameter, you must enable access log collection. Otherwise, you cannot set this parameter. The value must be a JSON string. The following key values must be contained: authority_for, bytes_received, bytes_sent, downstream_local_address, downstream_remote_address, duration, istio_policy_status, method, path, protocol, requested_server_name, response_code, response_flags, route_name, start_time, trace_id, upstream_cluster, upstream_host, upstream_local_address, upstream_service_time, upstream_transport_failure_reason, user_agent, and x_forwarded_for.

AccessLogFile String No ""

Specifies whether to enable access logging. Valid values:

  • "": disables access logging.
  • /dev/stdout: enables access logging. /dev/stdout indicates the file address for the access log.
AccessLogProject String No mesh-log-cf245a429b6ff4b6e97f20797758eefd4

The custom project on which the Log Service collects logs.

EnableCRHistory Boolean No false

Specifies whether to enable the rollback feature for Istio resources.

CRAggregationEnabled Boolean No false

Specifies whether to use the Kubernetes API of clusters on the data plane to access Istio resources. The version of the ASM instance must be v1.9.7.93-g7910a454-aliyun or later.

TerminationDrainDuration String No 5s

The maximum period of time that Istio Proxy waits for a request to end.

ProxyInitCPUResourceLimit String No 2000m

The maximum number of CPU cores that are available to the istio-init container.

ProxyInitMemoryResourceLimit String No 1024Mi

The maximum size of the memory that is available to the istio-init container.

ProxyInitCPUResourceRequest String No 10m

The number of CPU cores that are required by the istio-init container.

ProxyInitMemoryResourceRequest String No 10Mi

The size of the memory that is required by the istio-init container.

Lifecycle String No null

The lifecycle of Istio Proxy.

MultiBufferEnabled Boolean No false

Enables Transport Layer Security (TLS) acceleration based on MultiBuffer.

MultiBufferPollDelay String No 0.02s

The pull-request latency. By default, this parameter is left empty.

DiscoverySelectors String No [{"matchExpressions":[{"key":"asm-discovery","operator":"Exists"}]}]

The label selectors used to specify the namespaces of the clusters on the data plane for selective service discovery.

Response parameters

Parameter Type Example Description
RequestId String BD65C0AD-D3C6-48D3-8D93-38D2015C****

The ID of the request.

Examples

Sample requests

http(s)://[Endpoint]/?Action=UpdateMeshFeature
&ServiceMeshId=cb8963379255149cb98c8686f274x****
&Tracing=false
&TraceSampling=100.0
&LocalityLoadBalancing=true
&LocalityLBConf={"failover":[{"from":"cn-hangzhou","to":"cn-shanghai"}]}
&Telemetry=false
&OpenAgentPolicy=false
&OPALogLevel=info
&OPARequestCPU=1
&OPARequestMemory=512Mi
&OPALimitCPU=2
&OPALimitMemory=1024Mi
&EnableAudit=false
&AuditProject=mesh-log-c08ba3fd1e64xxb0f8cc1ad8****
&CustomizedZipkin=false
&OutboundTrafficPolicy=ALLOW_ANY
&ProxyRequestCPU=100m
&ProxyRequestMemory=128Mi
&ProxyLimitCPU=2000m
&ProxyLimitMemory=1024Mi
&IncludeIPRanges=*
&ExcludeIPRanges=100.100.100.100
&ExcludeOutboundPorts=80,81
&IncludeInboundPorts=80,81
&ExcludeInboundPorts=80,81
&EnableNamespacesByDefault=false
&AutoInjectionPolicyEnabled=false
&SidecarInjectorRequestCPU=1000m
&SidecarInjectorRequestMemory=512Mi
&SidecarInjectorLimitCPU=4000m
&SidecarInjectorLimitMemory=2048Mi
&SidecarInjectorWebhookAsYaml={"injectedAnnotations":{"test/istio-init":"runtime/default2","test/istio-proxy":"runtime/default"},"replicaCount":2,"nodeSelector":{"beta.kubernetes.io/os":"linux"}}
&CniEnabled=false
&CniExcludeNamespaces=kube-system
&OpaEnabled=false
&Http10Enabled=false
&KialiEnabled=false
&CustomizedPrometheus=false
&PrometheusUrl=http://prometheus:9090
&AccessLogEnabled=false
&MSEEnabled=false
&RedisFilterEnabled=false
&MysqlFilterEnabled=false
&ThriftFilterEnabled=false
&WebAssemblyFilterEnabled=false
&DNSProxyingEnabled=false
&DubboFilterEnabled=false
&FilterGatewayClusterConfig=false
&EnableSDSServer=false
&AccessLogServiceEnabled=false
&AccessLogServiceHost=0.0.0.0
&AccessLogServicePort=9999
&GatewayAPIEnabled=false
&ConfigSourceEnabled=false
&ConfigSourceNacosID=mse-cn-tl326******
&AccessLogFormat={"authority_for":"%REQ(:AUTHORITY)%","bytes_received":"%BYTES_RECEIVED%","bytes_sent":"%BYTES_SENT%","downstream_local_address":"%DOWNSTREAM_LOCAL_ADDRESS%","downstream_remote_address":"%DOWNSTREAM_REMOTE_ADDRESS%","duration":"%DURATION%","istio_policy_status":"%DYNAMIC_METADATA(istio.mixer:status)%","method":"%REQ(:METHOD)%","path":"%REQ(X-ENVOY-ORIGINAL-PATH?:PATH)%","protocol":"%PROTOCOL%","request_id":"%REQ(X-REQUEST-ID)%","requested_server_name":"%REQUESTED_SERVER_NAME%","response_code":"%RESPONSE_CODE%","response_flags":"%RESPONSE_FLAGS%","route_name":"%ROUTE_NAME%","start_time":"%START_TIME%","trace_id":"%REQ(X-B3-TRACEID)%","upstream_cluster":"%UPSTREAM_CLUSTER%","upstream_host":"%UPSTREAM_HOST%","upstream_local_address":"%UPSTREAM_LOCAL_ADDRESS%","upstream_service_time":"%RESP(X-ENVOY-UPSTREAM-SERVICE-TIME)%","upstream_transport_failure_reason":"%UPSTREAM_TRANSPORT_FAILURE_REASON%","user_agent":"%REQ(USER-AGENT)%","x_forwarded_for":"%REQ(X-FORWARDED-FOR)%"}
&AccessLogFile=""
&AccessLogProject=mesh-log-cf245a429b6ff4b6e97f20797758eefd4
&EnableCRHistory=false
&CRAggregationEnabled=false
&TerminationDrainDuration=5s
&ProxyInitCPUResourceLimit=2000m
&ProxyInitMemoryResourceLimit=1024Mi
&ProxyInitCPUResourceRequest=10m
&ProxyInitMemoryResourceRequest=10Mi
&Lifecycle={"postStart":{"exec":{"command":["pilot-agent","wait"]}},"preStop":{"exec":{"command":["/bin/sh","-c","sleep 15"]}}}
&MultiBufferEnabled=false
&MultiBufferPollDelay=0.02s
&DiscoverySelectors=[{"matchExpressions":[{"key":"asm-discovery","operator":"Exists"}]}]
&<Common request parameters>

Sample success responses

XML format

HTTP/1.1 200 OK
Content-Type:application/xml

<UpdateMeshFeatureResponse>
    <RequestId>BD65C0AD-D3C6-48D3-8D93-38D2015C****</RequestId>
</UpdateMeshFeatureResponse>

JSON format

HTTP/1.1 200 OK
Content-Type:application/json

{
  "RequestId" : "BD65C0AD-D3C6-48D3-8D93-38D2015C****"
}

Error codes

For a list of error codes, visit the API Error Center.