ASMMeshConfig CRD description - Alibaba Cloud Service Mesh

ASMMeshConfig is a custom resource from Alibaba Cloud Service Mesh (ASM) that enables global configuration of essential parameters in the service mesh. It provides similar functionality to Istio's MeshConfig, allowing centralized management of mesh-level settings such as connection timeouts, protocol detection, path normalization, and retry policies.

Sample configuration

The following code provides an example of configurations for an ASM instance, including connection settings, path normalization, and HTTP retry policies.

apiVersion: istio.alibabacloud.com/v1beta1
kind: ASMMeshConfig
metadata:
  name: default
spec:
  connectTimeout: 30s
  tcpKeepalive:
    probes: 5
    time: 7200s
    interval: 72s
  pathNormalization:
    normalization: MERGE_SLASHES
  defaultHttpRetryPolicy:
    attempts: 3
    perTryTimeout: 1s
    retryOn: gateway-error,connect-failure,refused-stream
  enablePrometheusMerge: true

Important

To utilize all fields of the ASMMeshConfig CRD, the ASM instance must be version 1.24 or later. The name field of the ASMMeshConfig CRD must be set to default. Other names are invalid.

Field description

Basic configurations

Field path	Data type	Description	Example	Scope of impact
`.spec.connectTimeout`	Duration	Defines the maximum wait time for the Envoy proxy to establish a connection over TCP. The `upstream connect timeout` error message is returned if the connection times out. Units including `ns`/`ms`/`s`/`m`/`h` are supported.	`30s`	Mesh-level outbound TCP connections.
`.spec.protocolDetectionTimeout`	Duration	The timeout period for automatic protocol detection to identify HTTP/HTTPS traffic. After timeout, traffic is processed according to the original protocol. Important This field is configurable only in ASM 1.19 and earlier.	`30s`	Mesh-level protocol sniffing.

TCP keepalive configurations

Field path	Data type	Description	Example	Scope of impact
`.spec.tcpKeepalive.probes`	Uint32	The maximum number of TCP keepalive probe packets sent. The value `0` indicates that the keepalive mechanism is disabled.	`9`	Outbound persistent connections over TCP.
`.spec.tcpKeepalive.time`	Duration	The maximum amount of time for which TCP can remain in the idle state. Keepalive probe packets are sent upon timeout.	`7200s`
`.spec.tcpKeepalive.interval`	Duration	Interval between sending keepalive probe packets. It must be less than the value of the `time` parameter.	`75s`

Path normalization

Field path

Data type

Description

Example

Scope of impact

.spec.pathNormalization.normalization

Enum

URI path processing policy:

NONE: Disable normalization.
BASE: Merge slashes and retain path parameters (such as ;).
MERGE_SLASHES: Only merge consecutive slashes.

NONE

Mesh-level HTTP routing.

HTTP retry policies

Field path	Data type	Description	Example	Scope of impact
`.spec.defaultHttpRetryPolicy.attempts`	Int32	Maximum number of the retries of all HTTP requests (including the initial request). It is effective only when VirtualService is not explicitly configured.	`2`	HTTP routing policy.
`.spec.defaultHttpRetryPolicy.perTryTimeout`	Duration	Timeout for a single retry, which must be shorter than the total timeout defined in VirtualService.	`0s` (unlimited)
`.spec.defaultHttpRetryPolicy.retryOn`	String	Conditions that trigger retries. Supports standard error types: `5xx`/`gateway-error`/`connect-failure`/`reset`, etc. Multiple values are separated by commas.	`gateway-error`, `connect-failure`, `refused-stream`

Monitoring integration

Field path	Data type	Description	Example	Scope of impact
`.spec.enablePrometheusMerge`	Bool	Automatically merge the original `prometheus.io` annotations of the pod with ASM monitoring configuration to avoid duplicate metric collection.	`true`	Prometheus monitoring configuration.