DescribeNamespaceScopeSidecarConfig - Alibaba Cloud Service Mesh

Queries the sidecar configuration settings for a namespace.

Try it now

Try this API in OpenAPI Explorer, no manual signing needed. Successful calls auto-generate SDK code matching your parameters. Download it with built-in credential security for local usage.

Test

RAM authorization

The table below describes the authorization required to call this API. You can define it in a Resource Access Management (RAM) policy. The table's columns are detailed below:

Action: The actions can be used in the Action element of RAM permission policy statements to grant permissions to perform the operation.
API: The API that you can call to perform the action.
Access level: The predefined level of access granted for each API. Valid values: create, list, get, update, and delete.
Resource type: The type of the resource that supports authorization to perform the action. It indicates if the action supports resource-level permission. The specified resource must be compatible with the action. Otherwise, the policy will be ineffective.
- For APIs with resource-level permissions, required resource types are marked with an asterisk (*). Specify the corresponding Alibaba Cloud Resource Name (ARN) in the Resource element of the policy.
- For APIs without resource-level permissions, it is shown as All Resources. Use an asterisk (*) in the Resource element of the policy.
Condition key: The condition keys defined by the service. The key allows for granular control, applying to either actions alone or actions associated with specific resources. In addition to service-specific condition keys, Alibaba Cloud provides a set of common condition keys applicable across all RAM-supported services.
Dependent action: The dependent actions required to run the action. To complete the action, the RAM user or the RAM role must have the permissions to perform all dependent actions.

Action

Access level

Resource type

Condition key

Dependent action

servicemesh:DescribeNamespaceScopeSidecarConfig

get

*All Resource

*

None

Request parameters

Parameter	Type	Required	Description	Example
ServiceMeshId	string	Yes	The ID of the ASM instance.	c7120e75a202d4fd8acb028a86b6a****
Namespace	string	No	The namespace.	default

Response elements

Element	Type	Description	Example
	object	The response body.
RequestId	string	The request ID.	31d3a0f0-07ed-4f6e-9004-1804498c****
ConfigPatches	object	The configurations at the namespace level.
TerminationDrainDuration	string	The waiting time for the sidecar proxy to stop.	6s
SidecarProxyInitResourceLimit	object	The resource limits for the sidecar proxy init container.
ResourceCPULimit	string	The CPU resource limit.	2000 m
ResourceMemoryLimit	string	The memory resource limit.	50 Mi
SidecarProxyInitResourceRequest	object	The minimum resource requirements for the sidecar proxy init container.
ResourceCPURequest	string	The minimum CPU resource requirements.	60 m
ResourceMemoryRequest	string	The minimum memory resource requirements.	30 Mi
SidecarProxyResourceLimit	object	The resource limits for the sidecar proxy container.
ResourceCPULimit	string	The CPU resource limit.	2000 m
ResourceMemoryLimit	string	The memory resource limit.	50 Mi
SidecarProxyResourceRequest	object	The minimum resource requirements for the sidecar proxy container.
ResourceCPURequest	string	The minimum CPU resource requirements.	60 m
ResourceMemoryRequest	string	The memory resource limit.	30 Mi
ExcludeOutboundPorts	string	The outbound traffic ports that are exempted from the sidecar proxy.	81
ExcludeOutboundIPRanges	string	The outbound traffic IP address ranges that are exempted from the sidecar proxy.	192.168.1.3/31
IncludeOutboundIPRanges	string	The outbound traffic IP address ranges that are routed to the sidecar proxy.	192.168.1.4/31
ExcludeInboundPorts	string	The inbound traffic ports that are exempted from the sidecar proxy.	82
IncludeInboundPorts	string	The inbound traffic ports that are routed to the sidecar proxy.	83
IncludeOutboundPorts	string	The outbound traffic ports that are routed to the sidecar proxy.	84
IstioDNSProxyEnabled	boolean	Indicates whether the DNS proxy feature is enabled. Valid values: `true`: The DNS proxy feature is enabled. `false`: The DNS proxy feature is disabled.	true
LifecycleStr	string	The lifecycle of the sidecar proxy in a JSON string.	{"postStart":{"exec":{"command":["pilot-agent","wait"]}},"preStop":{"exec":{"command":["/bin/sh","-c","sleep 15"]}}}
Concurrency	integer	The number of concurrent threads for the istio-proxy.	2
LogLevel	string	The log level. Valid values: `info`, `debug`, `trace`, and `error`.	info
HoldApplicationUntilProxyStarts	boolean	Indicates whether to wait for the istio-proxy to start before the application starts. Valid values: `true`: Wait for the istio-proxy to start before the application starts. `false`: Do not wait for the istio-proxy to start before the application starts.	true
ProxyStatsMatcher	object	The metrics that are used for Envoy monitoring.
InclusionPrefixes	array	The list of metric prefixes for Envoy monitoring.
	string	The metric prefix for Envoy monitoring.	server
InclusionSuffixes	array	The list of metric suffixes for Envoy monitoring.
	string	The metric suffix for Envoy monitoring.	cluster.outbound
InclusionRegexps	array	The list of metric regular expressions for Envoy monitoring.
	string	The metric regular expression for Envoy monitoring.	listener.*.downstream_cx_total
Tracing	object	The custom tracing configurations.
Sampling	number	The sample rate for Tracing Analysis.	99.8
CustomTags	object	The custom tags for Tracing Analysis. The key of a tag is a string. The value of a tag is a JSON object that can be one of the following fields: `literal`: The tag value is a static field. This is a JSON object that must contain the `value` field. The value field specifies a literal value. Example: `{"value":"test"}`. `header`: The tag value is obtained from a specified request header. This is a JSON object that must contain the `name` and `defaultValue` fields. The fields specify the name of the request header and the default value that is used when the request header is not found. Example: `{"name":"test","defaultValue":"test"}`. `environment`: The tag value is obtained from a specified environment variable. This is a JSON object that must contain the `name` and `defaultValue` fields. The fields specify the name of the environment variable and the default value that is used when the environment variable is not found. Example: `{"name":"test","defaultValue":"test"}`.	{"test":{"literal":{"value":"test"}}}
MaxPathTagLength	integer	The maximum length of a tag in Tracing Analysis.	10
InterceptionMode	string	The policy used by the sidecar to intercept inbound traffic. Valid values: `REDIRECT`: The default interception policy. The sidecar intercepts inbound traffic using redirection. `TPROXY`: The transparent proxy policy. The sidecar intercepts inbound traffic using a transparent proxy.	TPROXY
ProxyMetadata	object	The environment variables that are added to the sidecar proxy. The keys and values in the object are the keys and values of the environment variables that are added to the sidecar proxy.
	string	The value of the environment variable that is added to the sidecar proxy.	"true"
SidecarProxyInitAckSloResource	object	The resource settings for the sidecar proxy init container, which are specified in the format of ACK dynamic overcommitment resources. If a pod has the `labelkoordinator.sh/qosClass` label, this parameter is used to set the resources for the sidecar proxy init container.
Requests	object	The minimum resource requirements for the sidecar proxy init container, which are specified in the format of ACK dynamic overcommitment resources. If a pod has the `labelkoordinator.sh/qosClass` label, this parameter is used to set the minimum resource requirements for the sidecar proxy init container. The object can contain the following keys that correspond to two types of resources: `kubernetes.io/batch-cpu`: The CPU resources of the ACK overcommitment type. Unit: 1/1000 core. `kubernetes.io/batch-memory`: The memory resources of the ACK overcommitment type.
	string	The value of the minimum resource requirements for the sidecar proxy init container.	128Mi
Limits	object	The resource limits for the sidecar proxy init container, which are specified in the format of ACK dynamic overcommitment resources. If a pod has the `labelkoordinator.sh/qosClass` label, this parameter is used to set the resource limits for the sidecar proxy init container. The object can contain the following keys that correspond to two types of resources: `kubernetes.io/batch-cpu`: The CPU resources of the ACK overcommitment type. Unit: 1/1000 core. `kubernetes.io/batch-memory`: The memory resources of the ACK overcommitment type.
	string	The value of the resource limits for the sidecar proxy init container.	2048Mi
SidecarProxyAckSloResource	object	The resource settings for the sidecar proxy container, which are specified in the format of ACK dynamic overcommitment resources. If a pod has the `labelkoordinator.sh/qosClass` label, this parameter is used to set the resources for the sidecar proxy container.
Requests	object	The minimum resource requirements for the sidecar proxy container, which are specified in the format of ACK dynamic overcommitment resources. If a pod has the `labelkoordinator.sh/qosClass` label, this parameter is used to set the minimum resource requirements for the sidecar proxy container. The object can contain the following keys that correspond to two types of resources: `kubernetes.io/batch-cpu`: The CPU resources of the ACK overcommitment type. Unit: 1/1000 core. `kubernetes.io/batch-memory`: The memory resources of the ACK overcommitment type.
	string	The value of the minimum resource requirements for the sidecar proxy container.	128Mi
Limits	object	The resource limits for the sidecar proxy container, which are specified in the format of ACK dynamic overcommitment resources. If a pod has the `labelkoordinator.sh/qosClass` label, this parameter is used to set the resource limits for the sidecar proxy container. The object can contain the following keys that correspond to two types of resources: `kubernetes.io/batch-cpu`: The CPU resources of the ACK overcommitment type. Unit: 1/1000 core. `kubernetes.io/batch-memory`: The memory resources of the ACK overcommitment type.
	string	The value of the resource limits for the sidecar proxy container.	2048Mi
Privileged	boolean	Indicates whether to enable the privileged mode for the sidecar proxy container in the security context of the container. Valid values: `true`: The sidecar proxy container is a privileged container. `false`: The sidecar proxy container is not a privileged container.	false
EnableCoreDump	boolean	Indicates whether to enable core dump for the sidecar proxy container. A core dump file is a file that stores the memory state of a program when the program crashes. Valid values: `true`: Enable core dump for the sidecar proxy container. `false`: Disable core dump for the sidecar proxy container.	false
ReadinessInitialDelaySeconds	integer	The amount of time to wait before the readiness probe is initiated for the sidecar proxy container. Unit: seconds.	2
ReadinessPeriodSeconds	integer	The interval at which the readiness probe is performed for the sidecar proxy container. Unit: seconds.	3
ReadinessFailureThreshold	integer	The minimum number of consecutive failures for the readiness probe to be considered failed.	5
SMCConfiguration	object	The configurations of SMC-R optimization.
Enabled	boolean	Indicates whether to enable SMC-R optimization. SMC-R can optimize the performance of cross-node communication. This feature is available only for Alibaba Cloud Linux 3 and elastic Remote Direct Memory Access (eRDMA) devices.	true
RuntimeValues	object	The runtime parameters of Envoy in the sidecar proxy.
	string	The value of an Envoy runtime parameter.	"65536"
ScaledSidecarResource	object
ResourceCalculationStrategy	string
ContainerRef	string
ResourcePercentage	integer

Examples

Success response

JSON format

{
  "RequestId": "31d3a0f0-07ed-4f6e-9004-1804498c****",
  "ConfigPatches": {
    "TerminationDrainDuration": "6s",
    "SidecarProxyInitResourceLimit": {
      "ResourceCPULimit": "2000 m",
      "ResourceMemoryLimit": "50 Mi"
    },
    "SidecarProxyInitResourceRequest": {
      "ResourceCPURequest": "60 m",
      "ResourceMemoryRequest": "30 Mi"
    },
    "SidecarProxyResourceLimit": {
      "ResourceCPULimit": "2000 m",
      "ResourceMemoryLimit": "50 Mi"
    },
    "SidecarProxyResourceRequest": {
      "ResourceCPURequest": "60 m",
      "ResourceMemoryRequest": "30 Mi"
    },
    "ExcludeOutboundPorts": "81",
    "ExcludeOutboundIPRanges": "192.168.1.3/31",
    "IncludeOutboundIPRanges": "192.168.1.4/31",
    "ExcludeInboundPorts": "82",
    "IncludeInboundPorts": "83",
    "IncludeOutboundPorts": "84",
    "IstioDNSProxyEnabled": true,
    "LifecycleStr": "{\"postStart\":{\"exec\":{\"command\":[\"pilot-agent\",\"wait\"]}},\"preStop\":{\"exec\":{\"command\":[\"/bin/sh\",\"-c\",\"sleep 15\"]}}}",
    "Concurrency": 2,
    "LogLevel": "info",
    "HoldApplicationUntilProxyStarts": true,
    "ProxyStatsMatcher": {
      "InclusionPrefixes": [
        "server"
      ],
      "InclusionSuffixes": [
        "cluster.outbound"
      ],
      "InclusionRegexps": [
        "listener.*.downstream_cx_total"
      ]
    },
    "Tracing": {
      "Sampling": 99.8,
      "CustomTags": {
        "test": {
          "literal": {
            "value": "test"
          }
        }
      },
      "MaxPathTagLength": 10
    },
    "InterceptionMode": "TPROXY",
    "ProxyMetadata": {
      "key": "\"true\""
    },
    "SidecarProxyInitAckSloResource": {
      "Requests": {
        "key": "128Mi"
      },
      "Limits": {
        "key": "2048Mi"
      }
    },
    "SidecarProxyAckSloResource": {
      "Requests": {
        "key": "128Mi"
      },
      "Limits": {
        "key": "2048Mi"
      }
    },
    "Privileged": false,
    "EnableCoreDump": false,
    "ReadinessInitialDelaySeconds": 2,
    "ReadinessPeriodSeconds": 3,
    "ReadinessFailureThreshold": 5,
    "SMCConfiguration": {
      "Enabled": true
    },
    "RuntimeValues": {
      "key": "\"65536\""
    },
    "ScaledSidecarResource": {
      "ResourceCalculationStrategy": "",
      "ContainerRef": "",
      "ResourcePercentage": 0
    }
  }
}

Error codes

See Error Codes for a complete list.

Release notes

See Release Notes for a complete list.