UpdateNamespaceScopeSidecarConfig - Alibaba Cloud Service Mesh

You can call the UpdateNamespaceScopeSidecarConfig operation to update the sidecar configurations for a namespace.

Try it now

Try this API in OpenAPI Explorer, no manual signing needed. Successful calls auto-generate SDK code matching your parameters. Download it with built-in credential security for local usage.

Test

RAM authorization

The table below describes the authorization required to call this API. You can define it in a Resource Access Management (RAM) policy. The table's columns are detailed below:

Action: The actions can be used in the Action element of RAM permission policy statements to grant permissions to perform the operation.
API: The API that you can call to perform the action.
Access level: The predefined level of access granted for each API. Valid values: create, list, get, update, and delete.
Resource type: The type of the resource that supports authorization to perform the action. It indicates if the action supports resource-level permission. The specified resource must be compatible with the action. Otherwise, the policy will be ineffective.
- For APIs with resource-level permissions, required resource types are marked with an asterisk (*). Specify the corresponding Alibaba Cloud Resource Name (ARN) in the Resource element of the policy.
- For APIs without resource-level permissions, it is shown as All Resources. Use an asterisk (*) in the Resource element of the policy.
Condition key: The condition keys defined by the service. The key allows for granular control, applying to either actions alone or actions associated with specific resources. In addition to service-specific condition keys, Alibaba Cloud provides a set of common condition keys applicable across all RAM-supported services.
Dependent action: The dependent actions required to run the action. To complete the action, the RAM user or the RAM role must have the permissions to perform all dependent actions.

Action

Access level

Resource type

Condition key

Dependent action

servicemesh:UpdateNamespaceScopeSidecarConfig

update

*All Resource

*

None

Request parameters

Parameter	Type	Required	Description	Example
ServiceMeshId	string	Yes	The ASM instance ID.	ca04bc38979214bf2882be79d39b4****
Namespace	string	No	The namespace.	default
IncludeIPRanges	string	No	The IP address ranges for outbound traffic that is intercepted by the sidecar proxy. This corresponds to the `global.proxy.includeIPRanges` field.	*
ExcludeIPRanges	string	No	The IP address ranges for outbound traffic that is not intercepted by the sidecar proxy. This corresponds to the `global.proxy.excludeIPRanges` field.	172.16.0.0/12
IncludeInboundPorts	string	No	The inbound ports for which traffic is intercepted by the sidecar proxy.	83
ExcludeOutboundPorts	string	No	The outbound ports for which traffic is not intercepted by the sidecar proxy.	81
ExcludeInboundPorts	string	No	The inbound ports for which traffic is not intercepted by the sidecar proxy.	82
IncludeOutboundPorts	string	No	The outbound ports for which traffic is intercepted by the sidecar proxy.	84
TerminationDrainDuration	string	No	The duration for which the sidecar proxy waits for active connections to terminate.	6s
ProxyInitCPUResourceLimit	string	No	The CPU limit for the sidecar proxy init container.	2000 m
ProxyInitMemoryResourceLimit	string	No	The memory limit for the sidecar proxy init container.	50 Mi
ProxyInitCPUResourceRequest	string	No	The CPU resource request for the sidecar proxy init container.	60 m
ProxyInitMemoryResourceRequest	string	No	The memory resource request for the sidecar proxy init container.	30 Mi
SidecarProxyCPUResourceLimit	string	No	The CPU limit for the sidecar proxy container.	2000 m
SidecarProxyMemoryResourceLimit	string	No	The memory limit for the sidecar proxy container.	50 Mi
SidecarProxyCPUResourceRequest	string	No	The CPU resource request for the sidecar proxy container.	60 m
SidecarProxyMemoryResourceRequest	string	No	The memory resource request for the sidecar proxy container.	30 Mi
Lifecycle	string	No	The lifecycle of the sidecar proxy.	{"postStart":{"exec":{"command":["pilot-agent","wait"]}},"preStop":{"exec":{"command":["/bin/sh","-c","sleep 15"]}}}
IstioDNSProxyEnabled	boolean	No	Specifies whether to enable the DNS proxy feature. Valid values: `true`: enables the DNS proxy feature. `false`: disables the DNS proxy feature.	true
PostStart	string	No	The parameters that are executed after the istio-proxy container starts.	{"exec":{"command":["pilot-agent","wait"]}}
PreStop	string	No	The parameters that are executed before the istio-proxy container stops.	{"exec":{"command":["/bin/sh","-c","sleep 15"]}}
Concurrency	integer	No	The number of concurrent threads for the istio-proxy.	2
ProxyStatsMatcher	string	No	The metrics that are used for Envoy monitoring and statistics. The value is in the JSON format.	{ "inclusionPrefixes": [ "cluster.outbound", "cluster_manager", "listener_manager", "server", "cluster.xds-grpc" ], "inclusionRegexps": [ "listener..downstream_cx_total", "listener..downstream_cx_active" ] }
HoldApplicationUntilProxyStarts	boolean	No	Specifies whether to wait for the istio-proxy container to start before the application starts. Valid values: `true`: waits for the istio-proxy container to start before the application starts. `false`: does not wait for the istio-proxy container to start before the application starts.	true
LogLevel	string	No	The log level. Valid values: `info`, `debug`, `tracing`, and `error`.	info
Tracing	string	No	The custom configurations for Tracing Analysis. The configurations must be serialized into a JSON string. The Tracing Analysis configuration contains the following fields: `sampling`: The sample rate. This field is of the Double type. `custom_tags`: The custom tags. This field is of the Map type. The key of a tag is a string, and the value is a JSON object. You can specify one of the following fields for the value: `literal`: The tag value is a static field. This JSON object must contain a `value` field that specifies the literal value. Example: `{"value":"test"}`. header: The tag value is a request header. This JSON object must contain name and `defaultValue` fields. The `name` field specifies the name of the request header. The `defaultValue` field specifies the default value to use if the header is not found. Example: `{"name":"test","defaultValue":"test"}`. environment: The tag value is an environment variable. This JSON object must contain name and `defaultValue` fields. The `name` field specifies the name of the environment variable. The `defaultValue` field specifies the default value to use if the environment variable is not found. Example: `{"name":"test","defaultValue":"test"}`.	{"sampling":99.8,"custom_tags":{"test":{"literal":{"value":"testnamespace"}}}}
InterceptionMode	string	No	The policy used by the sidecar proxy to intercept inbound traffic. Valid values: `REDIRECT`: The default policy. The sidecar proxy intercepts inbound traffic in redirection mode. `TPROXY`: The sidecar proxy intercepts inbound traffic in transparent proxy mode.	TPROXY
ProxyMetadata	string	No	The environment variables that are added to the sidecar proxy. The value is a JSON object. The keys and values in the JSON object represent the keys and values of the environment variables that are added to the sidecar proxy.	{"EXIT_ON_ZERO_ACTIVE_CONNECTIONS":"true"}
ProxyInitAckSloCPUResourceLimit	string	No	The CPU limit for the sidecar proxy init container, which is specified in the ACK dynamic overcommitment resource format. This parameter is used to set the CPU limit for the sidecar proxy init container when the pod has the `koordinator.sh/qosClass` label. Unit: millicores.	2000
ProxyInitAckSloMemoryResourceLimit	string	No	The memory limit for the sidecar proxy init container, which is specified in the ACK dynamic overcommitment resource format. This parameter is used to set the memory limit for the sidecar proxy init container when the pod has the `koordinator.sh/qosClass` label.	2048Mi
ProxyInitAckSloCPUResourceRequest	string	No	The CPU resource request for the sidecar proxy init container, which is specified in the ACK dynamic overcommitment resource format. This parameter is used to set the CPU resource request for the sidecar proxy init container when the pod has the `koordinator.sh/qosClass` label. Unit: millicores.	100
ProxyInitAckSloMemoryResourceRequest	string	No	The memory resource request for the sidecar proxy init container, which is specified in the ACK dynamic overcommitment resource format. This parameter is used to set the memory resource request for the sidecar proxy init container when the pod has the `koordinator.sh/qosClass` label.	128Mi
SidecarProxyAckSloCPUResourceLimit	string	No	The CPU limit for the sidecar proxy container, which is specified in the ACK dynamic overcommitment resource format. This parameter is used to set the CPU limit for the sidecar proxy container when the pod has the `koordinator.sh/qosClass` label. Unit: millicores.	2000
SidecarProxyAckSloMemoryResourceLimit	string	No	The memory limit for the sidecar proxy container, which is specified in the ACK dynamic overcommitment resource format. This parameter is used to set the memory limit for the sidecar proxy container when the pod has the `koordinator.sh/qosClass` label.	2048Mi
SidecarProxyAckSloCPUResourceRequest	string	No	The CPU resource request for the sidecar proxy container, which is specified in the ACK dynamic overcommitment resource format. This parameter is used to set the CPU resource request for the sidecar proxy container when the pod has the `koordinator.sh/qosClass` label. Unit: millicores.	100
SidecarProxyAckSloMemoryResourceRequest	string	No	The memory resource request for the sidecar proxy container, which is specified in the ACK dynamic overcommitment resource format. This parameter is used to set the memory resource request for the sidecar proxy container when the pod has the `koordinator.sh/qosClass` label.	128Mi
Privileged	boolean	No	Specifies whether to enable the privileged mode for the sidecar proxy container in the security context. Valid values: `true`: The sidecar proxy container is a privileged container. `false`: The sidecar proxy container is not a privileged container.	false
EnableCoreDump	boolean	No	Specifies whether to enable core dump for the sidecar proxy container. A core dump file is generated when a program crashes. Valid values: `true`: enables core dump for the sidecar proxy container. `false`: disables core dump for the sidecar proxy container.	false
ReadinessInitialDelaySeconds	integer	No	The amount of time to wait before the readiness probe is initiated for the sidecar proxy container. Unit: seconds.	1
ReadinessPeriodSeconds	integer	No	The interval at which the readiness probe is performed for the sidecar proxy container. Unit: seconds.	2
ReadinessFailureThreshold	integer	No	The failure threshold for the readiness probe of the sidecar proxy container.	5
SMCEnabled	boolean	No	Specifies whether to enable Shared Memory Communications over Remote Direct Memory Access (SMC-R) optimization. SMC-R optimization improves the performance of cross-node communication. This feature requires Alibaba Cloud Linux 3 and the elastic Remote Direct Memory Access (eRDMA) network device on the node.	false
RuntimeValues	string	No	The runtime parameters for Envoy in the sidecar proxy. The value is a JSON-serialized string. The keys in the object are the Envoy runtime parameters, and the values are the parameter values. The following runtime parameter can be set: global_downstream_max_connections: the limit on the number of downstream connections for Envoy.	{"overload.global_downstream_max_connections":"65536"}
ScaledSidecarResource	object	No
ResourceCalculationStrategy	string	No
ContainerRef	string	No
ResourcePercentage	integer	No

Response elements

Element	Type	Description	Example
	object	The response body.
RequestId	string	The request ID.	31d3a0f0-07ed-4f6e-9004-1804498c****

Examples

Success response

JSON format

{
  "RequestId": "31d3a0f0-07ed-4f6e-9004-1804498c****"
}

Error codes

See Error Codes for a complete list.

Release notes

See Release Notes for a complete list.