UpdateMeshFeature - Alibaba Cloud Service Mesh - Alibaba Cloud Documentation Center

Updates the features of a service mesh.

Try it now

Try this API in OpenAPI Explorer, no manual signing needed. Successful calls auto-generate SDK code matching your parameters. Download it with built-in credential security for local usage.

Test

RAM authorization

The table below describes the authorization required to call this API. You can define it in a Resource Access Management (RAM) policy. The table's columns are detailed below:

Action: The actions can be used in the Action element of RAM permission policy statements to grant permissions to perform the operation.
API: The API that you can call to perform the action.
Access level: The predefined level of access granted for each API. Valid values: create, list, get, update, and delete.
Resource type: The type of the resource that supports authorization to perform the action. It indicates if the action supports resource-level permission. The specified resource must be compatible with the action. Otherwise, the policy will be ineffective.
- For APIs with resource-level permissions, required resource types are marked with an asterisk (*). Specify the corresponding Alibaba Cloud Resource Name (ARN) in the Resource element of the policy.
- For APIs without resource-level permissions, it is shown as All Resources. Use an asterisk (*) in the Resource element of the policy.
Condition key: The condition keys defined by the service. The key allows for granular control, applying to either actions alone or actions associated with specific resources. In addition to service-specific condition keys, Alibaba Cloud provides a set of common condition keys applicable across all RAM-supported services.
Dependent action: The dependent actions required to run the action. To complete the action, the RAM user or the RAM role must have the permissions to perform all dependent actions.

Action

Access level

Resource type

Condition key

Dependent action

servicemesh:UpdateMeshFeature

update

*All Resource

*

None

Request parameters

Parameter	Type	Required	Description	Example
ServiceMeshId	string	Yes	The ID of the service mesh.	cb8963379255149cb98c8686f274x****
Tracing	boolean	No	Specifies whether to enable Tracing Analysis. To enable this feature, you must activate Managed Service for OpenTelemetry. Valid values: `true`: enables Tracing Analysis. `false`: disables Tracing Analysis. Default value: `false`.	false
TraceSampling	number	No	The sampling percentage for Tracing Analysis.	100
TraceCustomTags	string	No	The custom tags for Tracing Analysis. The value must be a JSON string. The structure is as follows: `{ "name1": CustomTag, "name2": CustomTag }` The CustomTag structure can be literal, header, or environment. Select one of them. `{ "literal": { "value": "static field" } "header": { "name": "HEADER name", "defaultValue": "The default value to use if the specified header does not exist." } "environment": { "name": "Environment variable name", "defaultValue": "The default value to use if the specified environment variable does not exist." } }`	{"mytag": {"literal":{"value":"test"}}}
TraceMaxPathTagLength	string	No	The maximum length of the URI of the request that is contained in the `HttpUrl` span tag. Default value: `256`.	256
LocalityLoadBalancing	boolean	No	Specifies whether to enable locality-based load balancing. Valid values: `true`: enables locality-based load balancing. `false`: disables locality-based load balancing. Default value: `false`.	true
LocalityLBConf	string	No	The configurations of locality-based load balancing. Valid values: `failover`: the configurations of cross-region failover. Example: `failover: [// struct, the configurations of cross-region failover. { // When a service in the China (Beijing) region fails, traffic is transferred to the same service in the China (Hangzhou) region. from: "cn-beijing", to: "cn-hangzhou", } ]` `distribute`: the configurations of cross-region traffic distribution. Example: `distribute: [ // struct, the configurations of cross-region traffic distribution. { // For traffic that is routed to the China (Beijing) region, 70% of the traffic is allocated to the China (Beijing) region and 30% is allocated to the China (Hangzhou) region. "from": "cn-beijing", "to": { "cn-beijing": 70, "cn-hangzhou": 30, } } ]`	{"failover":[{"from":"cn-hangzhou","to":"cn-shanghai"}]}
Telemetry	boolean	No	Specifies whether to enable Prometheus to collect metrics. We recommend that you use Managed Service for Prometheus. Valid values: `true`: enables Prometheus to collect metrics. `false`: disables Prometheus to collect metrics. Default value: `false`.	false
OpenAgentPolicy	boolean	No	Specifies whether to integrate with the Open Policy Agent (OPA) plug-in. Valid values: `true`: integrates with the OPA plug-in. `false`: does not integrate with the OPA plug-in. Default value: `false`.	false
OPALogLevel	string	No	The log level of the OPA proxy container. Valid values: `info`: outputs all information. `debug`: outputs debugging information and error messages. `error`: outputs only error messages.	info
OPARequestCPU	string	No	The CPU resource request of the OPA proxy container.	1
OPARequestMemory	string	No	The memory resource request of the OPA proxy container.	512Mi
OPALimitCPU	string	No	The CPU resource limit of the OPA proxy container.	2
OPALimitMemory	string	No	The memory resource limit of the OPA proxy container.	1024Mi
EnableAudit	boolean	No	Specifies whether to enable mesh audit. To enable this feature, you must activate Simple Log Service. Valid values: `true`: enables mesh audit. `false`: disables mesh audit. Default value: `false`.	false
AuditProject	string	No	The SLS project that is used for mesh audit. Default value: `mesh-log-{meshId}`.	mesh-log-c08ba3fd1e64xxb0f8cc1ad8****
CustomizedZipkin	boolean	No	Specifies whether to use a self-managed Zipkin system. Valid values: `true`: uses a self-managed Zipkin system. `false`: does not use a self-managed Zipkin system. Default value: `false`.	false
OutboundTrafficPolicy	string	No	The policy for accessing external services. Valid values: `ALLOW_ANY`: allows access to all external services. `REGISTRY_ONLY`: allows access to only the services that are registered with the service mesh.	ALLOW_ANY
ProxyRequestCPU	string	No	The CPU resources required by the proxy.	100m
ProxyRequestMemory	string	No	The memory resources required by the proxy.	128Mi
ProxyLimitCPU	string	No	The CPU resource limit.	2000m
ProxyLimitMemory	string	No	The memory resource limit.	1024Mi
IncludeIPRanges	string	No	The IP address ranges for which outbound traffic is intercepted.	*
ExcludeIPRanges	string	No	The IP address ranges for which outbound traffic is not intercepted.	100.100.XXX.XXX
ExcludeOutboundPorts	string	No	A comma-separated list of outbound ports that are excluded from redirection.	80,81
IncludeInboundPorts	string	No	The inbound ports for which traffic is redirected to the sidecar proxy.	80,81
ExcludeInboundPorts	string	No	A comma-separated list of inbound ports that are excluded from redirection.	80,81
EnableNamespacesByDefault	boolean	No	Specifies whether to enable automatic sidecar proxy injection for all namespaces. Valid values: `true`: enables automatic sidecar proxy injection for all namespaces. `false`: disables automatic sidecar proxy injection for all namespaces. Default value: `false`.	false
AutoInjectionPolicyEnabled	boolean	No	Specifies whether to enable automatic sidecar proxy injection using pod annotations. Valid values: `true`: enables automatic sidecar proxy injection using pod annotations. `false`: disables automatic sidecar proxy injection using pod annotations. Default value: `false`.	false
SidecarInjectorRequestCPU	string	No	The CPU resource request of the sidecar injector pod.	1000m
SidecarInjectorRequestMemory	string	No	The memory resource request of the sidecar injector pod.	512Mi
SidecarInjectorLimitCPU	string	No	The CPU resource limit of the sidecar injector pod.	4000m
SidecarInjectorLimitMemory	string	No	The memory resource limit of the sidecar injector pod.	2048Mi
SidecarInjectorWebhookAsYaml	string	No	Other configurations for automatic sidecar proxy injection. The value must be in the YAML format.	{"injectedAnnotations":{"test/istio-init":"runtime/default2","test/istio-proxy":"runtime/default"},"replicaCount":2,"nodeSelector":{"beta.kubernetes.io/os":"linux"}}
CniEnabled	boolean	No	Specifies whether to enable Container Network Interface (CNI). Valid values: `true`: enables CNI. `false`: disables CNI. Default value: `false`.	false
CniExcludeNamespaces	string	No	The namespaces that are excluded from CNI.	kube-system
OpaEnabled	boolean	No	Specifies whether to enable OPA. Valid values: `true`: enables OPA. `false`: disables OPA. Default value: `false`.	false
Http10Enabled	boolean	No	Specifies whether to enable support for HTTP 1.0. Valid values: `true`: enables support for HTTP 1.0. `false`: disables support for HTTP 1.0. Default value: `false`.	false
KialiEnabled	boolean	No	Specifies whether to enable the mesh topology feature. To enable this feature, you must first enable Prometheus to collect metrics. If you disable Prometheus to collect metrics, this feature is forcibly disabled. Valid values: `true`: enables the mesh topology feature. `false`: disables the mesh topology feature. Default value: `false`.	false
CustomizedPrometheus	boolean	No	Specifies whether to use a self-managed Prometheus instance. Valid values: `true`: uses a self-managed Prometheus instance. `false`: does not use a self-managed Prometheus instance. Default value: `false`.	false
PrometheusUrl	string	No	The endpoint of the Prometheus service. If you do not use a self-managed Prometheus instance, use the endpoint of an ARMS Prometheus instance.	http://prometheus:9090
AccessLogEnabled	boolean	No	Specifies whether to enable access log collection. Valid values: `true`: enables access log collection. `false`: disables access log collection. Default value: `false`.	false
MSEEnabled `deprecated`	boolean	No	Specifies whether to enable Microservices Engine (MSE). Valid values: `true`: enables MSE. `false`: disables MSE. Default value: `false`.	false
RedisFilterEnabled	boolean	No	Specifies whether to enable the Redis filter. Valid values: `true`: enables the Redis filter. `false`: disables the Redis filter. Default value: `false`.	false
MysqlFilterEnabled	boolean	No	Specifies whether to enable the MySQL filter. Valid values: `true`: enables the MySQL filter. `false`: disables the MySQL filter. Default value: `false`.	false
ThriftFilterEnabled	boolean	No	Specifies whether to enable the Thrift filter. Valid values: `true`: enables the Thrift filter. `false`: disables the Thrift filter. Default value: `false`.	false
WebAssemblyFilterEnabled	boolean	No	Specifies whether to enable the WebAssembly filter. Valid values: `true`: enables the WebAssembly filter. `false`: disables the WebAssembly filter. Default value: `false`.	false
DNSProxyingEnabled	boolean	No	Specifies whether to enable DNS proxying. Valid values: `true`: enables DNS proxying. `false`: disables DNS proxying. Default value: `false`.	false
DubboFilterEnabled	boolean	No	Specifies whether to enable the Dubbo filter. Valid values: `true`: enables the Dubbo filter. `false`: disables the Dubbo filter. Default value: `false`.	false
FilterGatewayClusterConfig	boolean	No	Specifies whether to enable gateway configuration filtering. Valid values: `true`: enables gateway configuration filtering. `false`: disables gateway configuration filtering. Default value: `false`.	false
EnableSDSServer	boolean	No	Specifies whether to enable the Secret Discovery Service (SDS). Valid values: `true`: enables the SDS. `false`: disables the SDS. Default value: `false`.	false
AccessLogServiceEnabled	boolean	No	Specifies whether to enable the gRPC Access Log Service (ALS) of Envoy. Valid values: `true`: enables the gRPC ALS of Envoy. `false`: disables the gRPC ALS of Envoy. Default value: `false`.	false
AccessLogServiceHost	string	No	The endpoint of the gRPC ALS of Envoy.	0.0.0.0
AccessLogServicePort	integer	No	The port of the gRPC ALS of Envoy.	9999
GatewayAPIEnabled	boolean	No	Specifies whether to enable Gateway API. Valid values: `true`: enables Gateway API. `false`: disables Gateway API. Default value: `false`.	false
ConfigSourceEnabled	boolean	No	Specifies whether to use an external service registry. Valid values: `true`: uses an external service registry. `false`: does not use an external service registry. Default value: `false`.	false
ConfigSourceNacosID	string	No	The ID of the Nacos instance.	mse-cn-tl326******
AccessLogFormat	string	No	The custom format of access logs. This parameter is ignored if access log collection is disabled. The value must be a JSON string. The JSON string must contain the following keys: authority_for, bytes_received, bytes_sent, downstream_local_address, downstream_remote_address, duration, istio_policy_status, method, path, protocol, requested_server_name, response_code, response_flags, route_name, start_time, trace_id, upstream_cluster, upstream_host, upstream_local_address, upstream_service_time, upstream_transport_failure_reason, user_agent, and x_forwarded_for.	{"authority_for":"%REQ(:AUTHORITY)%","bytes_received":"%BYTES_RECEIVED%","bytes_sent":"%BYTES_SENT%","downstream_local_address":"%DOWNSTREAM_LOCAL_ADDRESS%","downstream_remote_address":"%DOWNSTREAM_REMOTE_ADDRESS%","duration":"%DURATION%","istio_policy_status":"%DYNAMIC_METADATA(istio.mixer:status)%","method":"%REQ(:METHOD)%","path":"%REQ(X-ENVOY-ORIGINAL-PATH?:PATH)%","protocol":"%PROTOCOL%","request_id":"%REQ(X-REQUEST-ID)%","requested_server_name":"%REQUESTED_SERVER_NAME%","response_code":"%RESPONSE_CODE%","response_flags":"%RESPONSE_FLAGS%","route_name":"%ROUTE_NAME%","start_time":"%START_TIME%","trace_id":"%REQ(X-B3-TRACEID)%","upstream_cluster":"%UPSTREAM_CLUSTER%","upstream_host":"%UPSTREAM_HOST%","upstream_local_address":"%UPSTREAM_LOCAL_ADDRESS%","upstream_service_time":"%RESP(X-ENVOY-UPSTREAM-SERVICE-TIME)%","upstream_transport_failure_reason":"%UPSTREAM_TRANSPORT_FAILURE_REASON%","user_agent":"%REQ(USER-AGENT)%","x_forwarded_for":"%REQ(X-FORWARDED-FOR)%"}
AccessLogFile	string	No	Specifies whether to enable access logs. Valid values: `""`: disables access logs. `/dev/stdout`: enables access logs.	“”
AccessLogProject	string	No	The custom SLS project to which access logs are collected.	mesh-log-cf245a429b6ff4b6e97f20797758e****
EnableCRHistory	boolean	No	Specifies whether to enable the history revision management feature for Istio resources in Service Mesh (ASM).	false
CRAggregationEnabled	boolean	No	Specifies whether to enable data plane clusters to access Istio resources using the Kubernetes API. This feature is available only for ASM instances of v1.9.7.93 or later.	false
TerminationDrainDuration	string	No	The duration for which the istio-proxy container waits for connections to drain before termination. For example, a value of 5s indicates 5 seconds.	5s
ProxyInitCPUResourceLimit	string	No	The CPU resource limit of the istio-init container.	2000m
ProxyInitMemoryResourceLimit	string	No	The memory resource limit of the istio-init container.	1024Mi
ProxyInitCPUResourceRequest	string	No	The CPU resource request of the istio-init container.	10m
ProxyInitMemoryResourceRequest	string	No	The memory resource request of the istio-init container.	10Mi
Lifecycle	string	No	The lifecycle of the istio-proxy container.	{"postStart":{"exec":{"command":["pilot-agent","wait"]}},"preStop":{"exec":{"command":["/bin/sh","-c","sleep 15"]}}}
MultiBufferEnabled	boolean	No	Specifies whether to enable the MultiBuffer-based acceleration feature.	false
MultiBufferPollDelay	string	No	The polling delay for the MultiBuffer feature. The default value is empty.	0.02s
DiscoverySelectors	string	No	The label selectors for the namespaces of the data plane. The selectors are used for selective service discovery.	[{"matchExpressions":[{"key":"asm-discovery","operator":"Exists"}]}]
ClusterSpec	string	No	The instance type of the service mesh. Valid values: `standard`: Standard Edition. `enterprise`: Enterprise Edition. `ultimate`: Ultimate Edition.	standard
OPAScopeInjected	boolean	No	Specifies whether to enable OPA injection scope control. Valid values: `true`: enables OPA injection scope control. `false`: disables OPA injection scope control.	false
OPAInjectorCPURequirement	string	No	The minimum number of CPU cores that are requested by the pod responsible for OPA proxy injection. For example, `1000m` indicates one CPU core.	80m
OPAInjectorMemoryRequirement	string	No	The minimum memory that is requested by the pod responsible for OPA proxy injection. For example, `50Mi` indicates 50 MB.	50Mi
OPAInjectorCPULimit	string	No	The maximum number of CPU cores that are allowed for the pod responsible for OPA proxy injection. For example, `1000m` indicates one CPU core.	1000m
OPAInjectorMemoryLimit	string	No	The maximum memory that is allowed for the pod responsible for OPA proxy injection. For example, `1024Mi` indicates 1024 MB.	1024Mi
IntegrateKiali	boolean	No	Specifies whether to create a Classic Load Balancer (CLB) instance for accessing the ASM mesh topology.	false
NFDEnabled	boolean	No	Specifies whether to enable automatic node feature discovery.	false
NFDLabelPruned	boolean	No	Specifies whether to remove the feature labels from nodes when you disable automatic node feature discovery. This parameter is required only when you set `NFDEnabled` to `false`.	false
TracingOnExtZipkinRequestCPU	string	No	The minimum number of CPU cores that are requested by the proxy service for exporting Tracing Analysis data. For example, `1000m` indicates one CPU core.	200m
TracingOnExtZipkinRequestMemory	string	No	The minimum memory that is requested by the proxy service for exporting Tracing Analysis data. For example, `1Mi` indicates 1 MB.	200Mi
TracingOnExtZipkinLimitCPU	string	No	The maximum number of CPU cores that are allowed for the proxy service for exporting Tracing Analysis data. For example, `1000m` indicates one CPU core.	1000Mi
TracingOnExtZipkinLimitMemory	string	No	The maximum memory that is allowed for the proxy service for exporting Tracing Analysis data. For example, `1Mi` indicates 1 MB.	1024Mi
TracingOnExtZipkinReplicaCount	string	No	The number of replicas for the proxy service that exports Tracing Analysis data.	2
AccessLogGatewayLifecycle	integer	No	The retention period of the access logs of the ingress gateway that are collected in SLS. Unit: days. For example, `30` indicates 30 days.	30
AccessLogSidecarLifecycle	integer	No	The retention period of the access logs of the sidecar proxy that are collected in SLS. Unit: days. For example, `30` indicates 30 days.	30
EnableAutoDiagnosis	boolean	No	Specifies whether to enable automatic diagnostics for the service mesh. If you enable this feature, the service mesh is automatically diagnosed when you modify an Istio resource in the service mesh.	true
IncludeOutboundPorts	string	No	The outbound ports for which traffic is redirected to the sidecar proxy.	8000,8001
LogLevel	string	No	The log level of the sidecar proxy on the data plane. The log levels are sorted in ascending order of the log verbosity: `none`, `error`, `warn`, `info`, and `debug`.	info
Concurrency	integer	No	The degree of parallelism for the sidecar proxy on the data plane.	2
HoldApplicationUntilProxyStarts	boolean	No	Specifies whether to wait for the sidecar proxy container to start before the application container starts when a pod is being started.	true
ProxyStatsMatcher	string	No	The additional metrics that are reported by the sidecar proxy on the data plane.	{"inclusionRegexps":".adaptive_concurrency."}
InterceptionMode	string	No	The mode of inbound traffic interception by the sidecar proxy. Valid values: `REDIRECT`: the default interception mode. The sidecar proxy intercepts inbound traffic using redirection. `TPROXY`: the transparent proxy mode. The sidecar proxy intercepts inbound traffic using a transparent proxy.	TPROXY
EnableBootstrapXdsAgent	boolean	No	Specifies whether to load the bootstrap configurations before the sidecar proxy starts.	true
KialiArmsAuthTokens	string	No	If you enable the mesh topology feature and use ARMS Prometheus to collect metrics, and the ARMS Prometheus instance has a token-based authentication configuration, you can use this parameter to specify the authentication token. This authorizes the mesh topology to access the ARMS Prometheus instance. The value is a JSON-encoded string. The key in the JSON object is the ID of the data plane cluster, and the value is the authentication token of the ARMS Prometheus instance that is installed in the data plane cluster.	{"c31e3b******5634b":"token_example"}
DefaultComponentsScheduleConfig	string	No	The default scheduling configurations that ASM delivers to the data plane components. You can configure `nodeSelector` and `tolerations` in the JSON format. Note Modifying this parameter is a high-risk operation. This operation restarts all data plane components in the ASM instance. Proceed with caution. These configurations do not apply to ASM gateways. To configure scheduling for an ASM gateway, specify the scheduling configurations in the gateway settings.	{"tolerations":[{"key":"test-taints", "operator":"Exists", "effect":"NoSchedule"}], "nodeSelector":{"kubernetes.io/hostname":"test-nodes"}}
KialiServiceAnnotations	string	No	If you enable the mesh topology feature and create a CLB instance to access the mesh topology, you can use this parameter to configure the CLB instance for the mesh topology service in different clusters using annotations. The value is a JSON-encoded string. The key in the JSON object is the ID of the data plane cluster, and the value is the annotation of the mesh topology service in the data plane cluster. For more information about how to configure a CLB instance using annotations, see Use annotations to configure a Classic Load Balancer (CLB) instance.	{"c31e3b******5634b":{"service.beta.kubernetes.io/alibaba-cloud-loadbalancer-address-type":"intranet"}}
AccessLogGatewayEnabled	boolean	No	Specifies whether to collect the access logs of the ASM gateway to Simple Log Service.	false
AccessLogSidecarEnabled	boolean	No	Specifies whether to collect the access logs of the sidecar proxy to Simple Log Service.	false
LabelsForOffloadedWorkloads	string	No	The labels of the workloads that are offloaded.	name=xx,region=xx
ExistingRootCaCert	string	No	The new root certificate. You can modify this parameter only if you used a custom certificate when you created the service mesh.	Base64 encoded PEM certificate.
ExistingCaCert	string	No	The new CA certificate. You can modify this parameter only if you used a custom certificate when you created the service mesh.	Base64 encoded PEM certificate.
ExistingCaKey	string	No	The new CA key. You can modify this parameter only if you used a custom certificate when you created the service mesh.	Base64 encoded PEM private key.
CertChain	string	No	The certificate chain from the CA certificate to the root certificate. The certificate chain must contain at least two certificates.	Base64 encoded PEM cert chain.
SMCEnabled	boolean	No	Specifies whether to install SMC acceleration.	false
PilotEnableQuicListeners	boolean	No	Specifies whether to enable HTTP/3 support.	false

Response elements

Element	Type	Description	Example
	object
RequestId	string	The request ID.	BD65C0AD-D3C6-48D3-8D93-38D2015C****

Examples

Success response

JSON format

{
  "RequestId": "BD65C0AD-D3C6-48D3-8D93-38D2015C****"
}

Error codes

See Error Codes for a complete list.

Release notes

See Release Notes for a complete list.