CreateServiceMesh - - Alibaba Cloud ドキュメントセンター

Creates an Alibaba Cloud Service Mesh (ASM) instance.

Debugging

OpenAPI Explorer automatically calculates the signature value. For your convenience, we recommend that you call this operation in OpenAPI Explorer. OpenAPI Explorer dynamically generates the sample code of the operation for different SDKs.

Request parameters


Parameter	Type	Required	Example	Description
Action	String	Yes	CreateServiceMesh	The operation that you want to perform. Set the value to CreateServiceMesh.
RegionId	String	Yes	cn-hangzhou	The ID of the region in which the ASM instance resides.
IstioVersion	String	No	v1.5.4.1-g5960ec40-aliyun	The Istio version of the ASM instance.
VpcId	String	Yes	vpc-xzelac2tw4ic7wz31****	The ID of the virtual private cloud (VPC).
ApiServerPublicEip	Boolean	No	false	Specifies whether to expose the API server to the Internet. Valid values: `true`: exposes the API server to the Internet. `false`: does not expose the API server to the Internet. Default value: `false`. Note If you set this parameter to `false`, the API server cannot be accessed over the Internet.
Tracing	Boolean	No	false	Specifies whether to enable the Tracing Analysis feature. Valid values: `true`: enables the Tracing Analysis feature. `false`: disables the Tracing Analysis feature. Default value: `false`.
Name	String	No	mesh1	The name of the ASM instance.
VSwitches	String	Yes	["vsw-xzegf5dndkbf4m6eg****"]	The ID of the vSwitch to which the ASM instance is connected.
TraceSampling	Float	No	100	The sampling percentage of tracing analysis.
CustomizedZipkin	Boolean	No	false	Specifies whether to use a self-managed Zipkin system to collect tracing data. Valid values: `true`: uses a self-managed Zipkin system to collect tracing data. `false`: uses Alibaba Cloud Tracing Analysis to collect tracing data. Default value: `false`.
LocalityLoadBalancing	Boolean	No	false	Specifies whether to route traffic to the nearest instance. Valid values: `true`: routes traffic to the nearest instance. `false`: does not route traffic to the nearest instance. Default value: `false`.
LocalityLBConf	String	No	{"failover":[{"from":"cn-hangzhou","to":"cn-shanghai"}]}	The configurations for the access to the nearest instance.
Telemetry	Boolean	No	false	Specifies whether to enable Prometheus monitoring. We recommend that you use Prometheus Service of Application Real-Time Monitoring Service (ARMS). Valid values: `true`: enables Prometheus monitoring. `false`: does not enable Prometheus monitoring. Default value: `false`.
OpenAgentPolicy	Boolean	No	false	Specifies whether to install the Open Policy Agent (OPA) plug-in. Valid values: `true`: installs the OPA plug-in. `false`: does not install the OPA plug-in. Default value: `false`.
OPALogLevel	String	No	info	The log level of OPA.
OPARequestCPU	String	No	1	The number of CPU cores that are requested by OPA. You can specify the parameter value in the standard representation form of CPUs in Kubernetes. For example, a value of 1 represents one CPU core.
OPARequestMemory	String	No	512Mi	The size of the memory that is requested by OPA. You can specify the parameter value in the standard quantity representation used by Kubernetes. For example, a value of 1 Mi represents a memory size of 1,024 KB.
OPALimitCPU	String	No	2	The maximum number of CPU cores that are available for OPA.
OPALimitMemory	String	No	1024Mi	The maximum size of the memory that is available for OPA. You can specify the parameter value in the standard quantity representation used by Kubernetes. For example, a value of 1 Mi represents a memory size of 1,024 KB.
EnableAudit	Boolean	No	false	Specifies whether to enable the mesh audit feature. To enable this feature, make sure that you have activated Log Service. Valid values: `true`: enables the mesh audit feature. `false`: disables the mesh audit feature. Default value: `false`.
AuditProject	String	No	mesh-log-xxxx	The name of the Log Service project that is used for mesh audit. Default value: mesh-log-{ASM instance ID}.
ProxyRequestCPU	String	No	100m	The number of CPU cores that are requested by the proxy container.
ProxyRequestMemory	String	No	128Mi	The size of the memory that is requested by the proxy container.
ProxyLimitCPU	String	No	2000m	The maximum number of CPU cores that are available for the proxy container.
ProxyLimitMemory	String	No	1024Mi	The maximum size of the memory that is available for the proxy container.
IncludeIPRanges	String	No	*	The IP ranges in CIDR form to redirect to sidecar proxies in the ASM instance.
ExcludeIPRanges	String	No	100.100.10.**	The IP ranges in CIDR form to be excluded from redirection to sidecar proxies in the ASM instance.
ExcludeOutboundPorts	String	No	80,81	The outbound ports to be excluded from redirection to the sidecar proxies in the ASM instance. Separate multiple port numbers with commas (,).
ExcludeInboundPorts	String	No	80,81	The inbound ports to be excluded from redirection to the sidecar proxies in the ASM instance. Separate multiple port numbers with commas (,).
OpaEnabled	Boolean	No	false	Specifies whether to enable the OPA plug-in. Valid values: `true`: enables the OPA plug-in. `false`: disables the OPA plug-in. Default value: `false`.
KialiEnabled	Boolean	No	false	Specifies whether to enable the mesh topology feature. To enable this feature, make sure that you have enabled Prometheus monitoring. If Prometheus monitoring is disabled, you must set this parameter to `false`. Valid values: `true`: enables the mesh topology feature. `false`: disables the mesh topology feature. Default value: `false`.
AccessLogEnabled	Boolean	No	false	Specifies whether to enable access log collection. Valid values: `true`: enables access log collection. `false`: disables access log collection. Default value: `false`.
CustomizedPrometheus	Boolean	No	false	Specifies whether to use a custom Prometheus instance. Valid values: `true`: uses a custom Prometheus instance. `false`: does not use a custom Prometheus instance. Default value: `false`.
PrometheusUrl	String	No	http://prometheus:9090	The endpoint of the custom Prometheus instance.
RedisFilterEnabled	Boolean	No	true	Specifies whether to enable Redis Filter. Valid values: `true`: enables Redis Filter. `false`: disables Redis Filter. Default value: `false`.
MysqlFilterEnabled	Boolean	No	false	Specifies whether to enable MySQL Filter. Valid values: `true`: enables MySQL Filter. `false`: disables MySQL Filter. Default value: `false`.
ThriftFilterEnabled	Boolean	No	false	Specifies whether to enable Thrift Filter. Valid values: `true`: enables Thrift Filter. `false`: disables Thrift Filter. Default value: `false`.
WebAssemblyFilterEnabled	Boolean	No	false	Specifies whether to enable WebAssembly Filter. Valid values: `true`: enables WebAssembly Filter. `false`: disables WebAssembly Filter. Default value: `false`.
MSEEnabled	Boolean	No	false	Specifies whether to enable Microservices Engine (MSE). Valid values: `true`: enables MSE. `false`: disables MSE. Default value: `false`.
DNSProxyingEnabled	Boolean	No	false	Specifies whether to enable the DNS proxy feature. Valid values: `true`: enables the DNS proxy feature. `false`: disables the DNS proxy feature. Default value: `false`.
Edition	String	No	Pro	The edition of the ASM instance.
ConfigSourceEnabled	Boolean	No	false	Specifies whether to enable the external service registry. Valid values: `true`: enables the external service registry. `false`: disables the external service registry. Default value: `false`.
ConfigSourceNacosID	String	No	mse-cn-tl326******	The instance ID of the Nacos registry.
DubboFilterEnabled	Boolean	No	false	Specifies whether to enable Dubbo Filter. Valid values: `true`: enables Dubbo Filter. `false`: disables Dubbo Filter. Default value: `false`.
FilterGatewayClusterConfig	Boolean	No	false	Specifies whether to enable gateway configuration filtering. Valid values: `true`: enables gateway configuration filtering. `false`: disables gateway configuration filtering. Default value: `false`.
EnableSDSServer	Boolean	No	false	Specifies whether to enable Secret Discovery Service (SDS). Valid values: `true`: enables SDS. `false`: disables SDS. Default value: `false`.
AccessLogServiceEnabled	Boolean	No	false	Specifies whether to enable gRPC Access Log Service (ALS) for Envoy. Valid values: `true`: enables gRPC ALS. `false`: disables gRPC ALS. Default value: `false`.
AccessLogServiceHost	String	No	0.0.0.0	The endpoint of gRPC ALS for Envoy.
AccessLogServicePort	Integer	No	9999	The port of gRPC ALS for Envoy.
GatewayAPIEnabled	Boolean	No	false	Specifies whether to enable Gateway API. Valid values: `true`: enables Gateway API. `false`: disables Gateway API. Default value: `false`.
ControlPlaneLogEnabled	Boolean	No	false	Specifies whether to enable the collection of control-plane logs. Valid values: `true`: enables the collection of control-plane logs. `false`: disables the collection of control-plane logs. Default value: `false`.
ControlPlaneLogProject	String	No	mesh-log-cf245a429b6ff4b6e97f20797758*****	The name of the Log Service project that is used to collect the logs of the control plane.
AccessLogFormat	String	No	{"authority_for":"%REQ(:AUTHORITY)%","bytes_received":"%BYTES_RECEIVED%","bytes_sent":"%BYTES_SENT%","downstream_local_address":"%DOWNSTREAM_LOCAL_ADDRESS%","downstream_remote_address":"%DOWNSTREAM_REMOTE_ADDRESS%","duration":"%DURATION%","istio_policy_status":"%DYNAMIC_METADATA(istio.mixer:status)%","method":"%REQ(:METHOD)%","path":"%REQ(X-ENVOY-ORIGINAL-PATH?:PATH)%","protocol":"%PROTOCOL%","request_id":"%REQ(X-REQUEST-ID)%","requested_server_name":"%REQUESTED_SERVER_NAME%","response_code":"%RESPONSE_CODE%","response_flags":"%RESPONSE_FLAGS%","route_name":"%ROUTE_NAME%","start_time":"%START_TIME%","trace_id":"%REQ(X-B3-TRACEID)%","upstream_cluster":"%UPSTREAM_CLUSTER%","upstream_host":"%UPSTREAM_HOST%","upstream_local_address":"%UPSTREAM_LOCAL_ADDRESS%","upstream_service_time":"%RESP(X-ENVOY-UPSTREAM-SERVICE-TIME)%","upstream_transport_failure_reason":"%UPSTREAM_TRANSPORT_FAILURE_REASON%","user_agent":"%REQ(USER-AGENT)%","x_forwarded_for":"%REQ(X-FORWARDED-FOR)%"}	The custom format of access logs. To set this parameter, you must enable access log collection. Otherwise, you cannot set this parameter. The value must be a JSON string. The following key names must be contained: authority_for, bytes_received, bytes_sent, downstream_local_address, downstream_remote_address, duration, istio_policy_status, method, path, protocol, requested_server_name, response_code, response_flags, route_name, start_time, trace_id, upstream_cluster, upstream_host, upstream_local_address, upstream_service_time, upstream_transport_failure_reason, user_agent, and x_forwarded_for.
AccessLogFile	String	No	/dev/stdout	Specifies whether to enable access logging. Valid values: "": disables access logging. `/dev/stdout`: enables access logging. Access logs are written to /dev/stdout.
AccessLogProject	String	No	mesh-log-cf245a429b6ff4b6e97f20797758*****	The name of the Log Service project that is used to collect access logs.
EnableCRHistory	Boolean	No	false	Specifies whether to enable the rollback feature for Istio resources. Valid values: `true`: enables the rollback feature for Istio resources. `false`: disables the rollback feature for Istio resources. Default value: `false`.
CRAggregationEnabled	Boolean	No	false	Specifies whether to allow the Kubernetes API of clusters on the data plane to access Istio resources. To use this feature, the version of the ASM instance must be V1.9.7.93 or later. Valid values: `true`: allows the Kubernetes API of clusters on the data plane to access Istio resources. `false`: does not allow the Kubernetes API of clusters on the data plane to access Istio resources. Default value: `false`.
GlobalRateLimitEnabled	Boolean	No	false	Specifies whether to enable Application High Availability Service (AHAS)-based throttling. Valid values: `true`: enables AHAS-based throttling. `false`: disables AHAS-based throttling. Default value: `false`.
ApiServerLoadBalancerSpec	String	No	slb.s1.small	The instance type of the Server Load Balancer (SLB) instance bound to the API server. Valid values: `slb.s1.small`, `slb.s2.small`, `slb.s2.medium`, `slb.s3.small`, `slb.s3.medium`, and `slb.s3.large`.
PilotLoadBalancerSpec	String	No	slb.s1.small	The instance type of the SLB instance bound to Istio Pilot. Valid values: `slb.s1.small`, `slb.s2.small`, `slb.s2.medium`, `slb.s3.small`, `slb.s3.medium`, and `slb.s3.large`.
ChargeType	String	No	PostPaid	The billing method of the SLB instance. Valid values: `PayOnDemand`: pay-as-you-go. `PrePaid`: subscription.
Period	Integer	No	3	The subscription period of the SLB instance. Unit: month. This parameter is valid only if the ChargeType parameter is set to PrePaid. For example, if the subscription period is one year, set this parameter to 12.
AutoRenew	Boolean	No	true	Specifies whether to enable auto-renewal for the SLB instance if the SLB instance uses the subscription billing method. Valid values: `true`: enables auto-renewal. `false`: disables auto-renewal.
AutoRenewPeriod	Integer	No	3	The auto-renewal period of the SLB instance. This parameter is valid only if the `ChargeType` parameter is set to `PrePaid`. If the subscription period of the SLB instance is less than one year, the value of this parameter indicates the number of months for auto-renewal. If the subscription period of the SLB instance is more than one year, the value of this parameter indicates the number of years for auto-renewal.
ClusterSpec	String	No	standard	The specification of the ASM instance. Valid values: `standard`: Standard Edition `enterprise`: Enterprise Edition `ultimate`: Ultimate Edition
MultiBufferEnabled	Boolean	No	true	Specifies whether to enable MultiBuffer-based Transport Layer Security (TLS) acceleration. Valid values: `true`: enables MultiBuffer-based TLS acceleration. `false`: disables MultiBuffer-based TLS acceleration. Default value: `true`
MultiBufferPollDelay	String	No	30s	The pull-request latency. Default value: `30`. Unit: seconds.
UseExistingCA	Boolean	No	false	Specifies whether to use an existing CA certificate and private key.
ExistingCaCert	String	No	N/A	The existing CA certificate, which is encoded in Base64. This parameter is used in scenarios where you migrate open source Istio to ASM. It specifies the content of the ca-cert.pem file in the istio-ca-secret secret. The secret is in the istio-system namespace of the Kubernetes cluster where the open source Istio is installed.
ExistingCaKey	String	No	N/A	The existing CA key, which is encoded in Base64. This parameter is used in scenarios where you migrate open source Istio to ASM. It specifies the content of the ca-key.pem file in the istio-ca-secret secret. The secret is in the istio-system namespace of the Kubernetes cluster where the open source Istio is installed.
ExistingCaType	String	No	1	The type of the existing CA certificate. Valid values: 1: Self-signed certificate generated by Istiod. The certificate corresponds to the secret named istio-ca-secret in the istio-system namespace. If you use this type of certificate, you must set `ExistingCaCert` and `ExsitingCaKey` parameters. 2: Administrator-specified certificate. For more information, see plugin ca cert. In most cases, the certificate corresponds to the secret named cacerts in the istio-system namespace. If you use this type of certificate, you must set `ExisingRootCaCert` and `ExisingRootCaKey` parameters.
ExistingRootCaCert	String	No	N/A	The existing root certificate, which is encoded in Base64.
ExistingRootCaKey	String	No	N/A	The private key that corresponds to the root certificate, which is encoded in Base64.

Response parameters


Parameter	Type	Example	Description
RequestId	String	BD65C0AD-D3C6-48D3-8D93-38D2015C****	The ID of the request.
ServiceMeshId	String	c08ba3fd1e6484b0f8cc1ad8fe10d****	The ID of the ASM instance.

Examples

Sample requests

http(s)://[Endpoint]/?Action=CreateServiceMesh
&RegionId=cn-hangzhou
&IstioVersion=v1.5.4.1-g5960ec40-aliyun
&VpcId=vpc-xzelac2tw4ic7wz31****
&ApiServerPublicEip=false
&Tracing=false
&Name=mesh1
&VSwitches=["vsw-xzegf5dndkbf4m6eg****"]
&TraceSampling=100.0
&CustomizedZipkin=false
&LocalityLoadBalancing=false
&LocalityLBConf={"failover":[{"from":"cn-hangzhou","to":"cn-shanghai"}]}
&Telemetry=false
&OpenAgentPolicy=false
&OPALogLevel=info
&OPARequestCPU=1
&OPARequestMemory=512Mi
&OPALimitCPU=2
&OPALimitMemory=1024Mi
&EnableAudit=false
&AuditProject=mesh-log-xxxx
&ProxyRequestCPU=100m
&ProxyRequestMemory=128Mi
&ProxyLimitCPU=2000m
&ProxyLimitMemory=1024Mi
&IncludeIPRanges=*
&ExcludeIPRanges=100.100.10*.***
&ExcludeOutboundPorts=80,81
&ExcludeInboundPorts=80,81
&OpaEnabled=false
&KialiEnabled=false
&AccessLogEnabled=false
&CustomizedPrometheus=false
&PrometheusUrl=http://prometheus:9090
&RedisFilterEnabled=true
&MysqlFilterEnabled=false
&ThriftFilterEnabled=false
&WebAssemblyFilterEnabled=false
&MSEEnabled=false
&DNSProxyingEnabled=false
&Edition=Pro
&ConfigSourceEnabled=false
&ConfigSourceNacosID=mse-cn-tl326******
&DubboFilterEnabled=false
&FilterGatewayClusterConfig=false
&EnableSDSServer=false
&AccessLogServiceEnabled=false
&AccessLogServiceHost=0.0.0.0
&AccessLogServicePort=9999
&GatewayAPIEnabled=false
&ControlPlaneLogEnabled=false
&ControlPlaneLogProject=mesh-log-cf245a429b6ff4b6e97f20797758*****
&AccessLogFormat={"authority_for":"%REQ(:AUTHORITY)%","bytes_received":"%BYTES_RECEIVED%","bytes_sent":"%BYTES_SENT%","downstream_local_address":"%DOWNSTREAM_LOCAL_ADDRESS%","downstream_remote_address":"%DOWNSTREAM_REMOTE_ADDRESS%","duration":"%DURATION%","istio_policy_status":"%DYNAMIC_METADATA(istio.mixer:status)%","method":"%REQ(:METHOD)%","path":"%REQ(X-ENVOY-ORIGINAL-PATH?:PATH)%","protocol":"%PROTOCOL%","request_id":"%REQ(X-REQUEST-ID)%","requested_server_name":"%REQUESTED_SERVER_NAME%","response_code":"%RESPONSE_CODE%","response_flags":"%RESPONSE_FLAGS%","route_name":"%ROUTE_NAME%","start_time":"%START_TIME%","trace_id":"%REQ(X-B3-TRACEID)%","upstream_cluster":"%UPSTREAM_CLUSTER%","upstream_host":"%UPSTREAM_HOST%","upstream_local_address":"%UPSTREAM_LOCAL_ADDRESS%","upstream_service_time":"%RESP(X-ENVOY-UPSTREAM-SERVICE-TIME)%","upstream_transport_failure_reason":"%UPSTREAM_TRANSPORT_FAILURE_REASON%","user_agent":"%REQ(USER-AGENT)%","x_forwarded_for":"%REQ(X-FORWARDED-FOR)%"}
&AccessLogFile=/dev/stdout
&AccessLogProject=mesh-log-cf245a429b6ff4b6e97f20797758*****
&EnableCRHistory=false
&CRAggregationEnabled=false
&GlobalRateLimitEnabled=false
&ApiServerLoadBalancerSpec=slb.s1.small
&PilotLoadBalancerSpec=slb.s1.small
&ChargeType=PostPaid
&Period=3
&AutoRenew=true
&AutoRenewPeriod=3
&ClusterSpec=standard
&MultiBufferEnabled=true
&MultiBufferPollDelay=30s
&UseExistingCA=false
&ExistingCaCert=Content of the CA certificate, which is encoded in Base64
&ExistingCaKey=Content of the CA key, which is encoded in Base64
&ExistingCaType=1
&ExistingRootCaCert=Content of the root certificate, which is encoded in Base64
&ExistingRootCaKey==Content of the private key that corresponds to the root certificate, which is encoded in Base64
&<Common request parameters>

Sample success responses

XML format

HTTP/1.1 200 OK
Content-Type:application/xml

<CreateServiceMeshResponse>
    <RequestId>BD65C0AD-D3C6-48D3-8D93-38D2015C****</RequestId>
    <ServiceMeshId>c08ba3fd1e6484b0f8cc1ad8fe10d****</ServiceMeshId>
</CreateServiceMeshResponse>

JSON format

HTTP/1.1 200 OK
Content-Type:application/json

{
  "RequestId" : "BD65C0AD-D3C6-48D3-8D93-38D2015C****",
  "ServiceMeshId" : "c08ba3fd1e6484b0f8cc1ad8fe10d****"
}

Error codes


HttpCode	Error code	Error message	Description
404	ERR404	Not found	The error message returned because the requested resource does not exist.

For a list of error codes, see Service error codes.