Default settings of features and parameters of ASM - Alibaba Cloud Service Mesh

Service Mesh (ASM) provides a fully managed platform that is compatible with the open source Istio service. When you install Istio or use ASM, the default settings of some features and parameters are used. This topic compares the default settings of some features and parameters of ASM with those of Istio.

Background information

The following sample command is used to install Istio. profile=demo indicates that the configuration file named demo is used. You can find the corresponding profile file, such as demo.yaml, in the manifests/profiles directory of a released version of Istio.

./istioctl install --set profile=demo -y

Parameters and their default values of each component

In this topic, Istio version 1.17 is used for comparison.

Proxy

Parameter	Default value of Istio	Default value of ASM	Description
clusterDomain	cluster.local	Specified when you create the instance	The local domain name of the cluster. The local domain name of the ASM instance must be the same as that of the Kubernetes cluster on the data plane.
enableCoreDump	false	Same as that of the open source Istio version	Enables the Core Dump option for the injected sidecar proxy, which is used to debug the sidecar proxy in the ASM instance.
excludeInboundPorts	""	Same as that of the open source Istio version	Sets inbound ports to be excluded from redirection to the sidecar proxy in the ASM instance.
includeInboundPorts	"*"	Same as that of the open source Istio version	Sets inbound ports for which traffic is to be redirected to the sidecar proxy in the ASM instance.
includeIPRanges	"*"	Same as that of the open source Istio version	Sets IP ranges in CIDR form for which traffic is to be redirected to the sidecar proxy in the ASM instance.
excludeIPRanges	""	Same as that of the open source Istio version	Sets IP ranges in CIDR form to be excluded from redirection to the sidecar proxy in the ASM instance.
includeOutboundPorts	""	Same as that of the open source Istio version	Sets outbound ports for which traffic is to be redirected to the sidecar proxy in the ASM instance.
excludeOutboundPorts	""	Same as that of the open source Istio version	Sets outbound ports to be excluded from redirection to the sidecar proxy in the ASM instance.
logLevel	warning	Same as that of the open source Istio version	Sets the log level of the sidecar proxy.
readinessFailureThreshold	30	Same as that of the open source Istio version	The number of consecutive detection failures before the sidecar proxy is determined to be unready.
readinessInitialDelaySeconds	1	Same as that of the open source Istio version	The number of seconds before the first readiness detection of a sidecar proxy.
readinessPeriodSeconds	2	Same as that of the open source Istio version	The interval in seconds between two readiness detections of a sidecar proxy.
resources	`requests: cpu: 100m memory: 128Mi limits: cpu: 2000m memory: 1024Mi`	Same as that of the open source Istio version	The default resource settings of the sidecar proxy container.
holdApplicationUntilProxyStarts	false	true	Specifies whether the sidecar proxy container must be started before the service container can be started during the start of a pod.
concurrency	2	Same as that of the open source Istio version	The number of worker threads started by Envoy.
interceptionMode	REDIRECT	Same as that of the open source Istio version	The mode in which the sidecar proxy intercepts traffic.
tracing	`zipkin: address: zipkin.istio-system:9411`	N/A. ASM does not enable Tracing Analysis by default.	The configurations of Tracing Analysis.
proxyMetadata	{}	`{ EXIT_ON_ZERO_ACTIVE_CONNECTIONS: "true" }`	The environment variable that is added to the sidecar proxy container.
terminationDrainDuration	5s	Same as that of the open source Istio version	The amount of time allowed for connections to complete on sidecar proxy termination.
proxyStatsMatcher	N/A	`proxyStatsMatcher: inclusionRegexps: - .adaptive_concurrency.`	The custom Envoy metrics to be reported.
Resources of the sidecar proxy init container	`resources: limits: cpu: '2' memory: 1Gi requests: cpu: 100m memory: 128Mi`	`resources: limits: cpu: '2' memory: 1Gi requests: cpu: 10m memory: 10Mi`	The resource settings of the sidecar proxy init container.
OutboundTrafficPolicy	ALLOW_ANY	Same as that of the open source Istio version	The policies for accessing external services of the sidecar proxy.

Pilot (control plane)

Parameter

Default value of Istio

Default value of ASM

Description

jwtPolicy

third-party-jwt

Same as that of the open source Istio version

Specifies the JSON Web Token (JWT)-based authentication policy. Valid values:

third-party-jwt
first-party-jwt

MeshConfig

Parameter	Sub-field	Default value of Istio	Default value of ASM	Description
proxyMetadata	ISTIO_META_DNS_CAPTURE	true	false	Specifies whether to enable DNS proxy.
proxyMetadata	BOOTSTRAP_XDS_AGENT	true	false	Specifies whether to enable the pilot-agent process to dynamically obtain the BOOTSTRAP configuration before it starts the Envoy proxy.
accessLogFile		/dev/stdout	Same as that of the open source Istio version	The file address for access logs.
enablePrometheusMerge		true	false	Specifies whether Istio Agent combines the public metrics of an application with the metrics of Envoy and Istio Agent.
extensionProviders		You need to configure extension providers based on the addons that you installed.	You can configure extension providers in the ASM console, such as the providers of Log Service, Tracing Analysis, and metric monitoring.	N/A

Telemetry

Parameter	Sub-field	Default value of Istio	Default value of ASM	Description
prometheus	wasmEnabled	false	Same as that of the open source Istio version	Specifies whether to enable WebAssembly runtimes for stats filters.
metadataExchange	wasmEnabled	false	Same as that of the open source Istio version	Specifies whether to enable WebAssembly runtimes for metadata exchange filters.