Updates the sidecar proxy configurations of a namespace.

Debugging

OpenAPI Explorer automatically calculates the signature value. For your convenience, we recommend that you call this operation in OpenAPI Explorer. OpenAPI Explorer dynamically generates the sample code of the operation for different SDKs.

Request parameters

Parameter Type Required Example Description
Action String Yes UpdateNamespaceScopeSidecarConfig

The operation that you want to perform. Set the value to UpdateNamespaceScopeSidecarConfig.
ServiceMeshId String Yes ca04bc38979214bf2882be79d39b4****

The ID of the ASM instance.

Namespace String No default

The namespace for which you want to update the sidecar proxy configurations.

IncludeIPRanges String No *

The range of IP addresses that are denied to access external services. (global.proxy.includelPRanges)

ExcludeIPRanges String No 172.16.0.0/12

The range of IP addresses that are allowed to access external services. (global.proxy.excludelPRanges)

IncludeInboundPorts String No 83

The port that the inbound traffic of the sidecar proxy passes through.

ExcludeOutboundPorts String No 81

The port that the outbound traffic of the sidecar proxy does not pass through.

ExcludeInboundPorts String No 82

The port that the inbound traffic of the sidecar proxy does not pass through.

IncludeOutboundPorts String No 84

The port that the outbound traffic of the sidecar proxy passes through.

TerminationDrainDuration String No 6s

The maximum period of time that the sidecar proxy waits for a request to end.

ProxyInitCPUResourceLimit String No 2000 m

The maximum number of CPU cores that are available to the sidecar proxy init container.

ProxyInitMemoryResourceLimit String No 50 Mi

The maximum size of memory that is available to the sidecar proxy init container.

ProxyInitCPUResourceRequest String No 60 m

The minimum number of CPU cores that are requested by the sidecar proxy init container.

ProxyInitMemoryResourceRequest String No 30 Mi

The minimum size of memory that is requested by the sidecar proxy init container.

SidecarProxyCPUResourceLimit String No 2000 m

The maximum number of CPU cores that are available to the sidecar proxy container.

SidecarProxyMemoryResourceLimit String No 50 Mi

The maximum size of memory that is available to the sidecar proxy container.

SidecarProxyCPUResourceRequest String No 60 m

The minimum number of CPU cores that are requested by the sidecar proxy container.

SidecarProxyMemoryResourceRequest String No 30 Mi

The minimum size of memory that is requested by the sidecar proxy container.

Lifecycle String No {"postStart":{"exec":{"command":["pilot-agent","wait"]}},"preStop":{"exec":{"command":["/bin/sh","-c","sleep 15"]}}}

The lifecycle of the sidecar proxy.

IstioDNSProxyEnabled Boolean No true

Specifies whether to enable the Domain Name System (DNS) proxy feature. Valid values:

  • true: The DNS proxy feature is enabled.
  • false: The DNS proxy feature is disabled.
PostStart String No {"exec":{"command":["pilot-agent","wait"]}}

The post-start parameters of Istio Proxy.

PreStop String No {"exec":{"command":["/bin/sh","-c","sleep 15"]}}

The pre-close parameters of Istio Proxy.

Concurrency Integer No 2

The number of worker threads to run in Istio Proxy.

ProxyStatsMatcher String No { "inclusionPrefixes": [ "cluster.outbound", "cluster_manager", "listener_manager", "server", "cluster.xds-grpc" ], "inclusionRegexps": [ "listener.*.downstream_cx_total", "listener.*.downstream_cx_active" ] }

The monitoring metrics for data collected by Envoy proxies. The value is in the JSON format.

HoldApplicationUntilProxyStarts Boolean No true

Specifies whether applications can be started only after Istio Proxy starts. Valid values:

  • true: Applications can be started only after Istio Proxy starts.
  • false: Applications can be started before Istio Proxy starts.
LogLevel String No info

The log level. Valid values: info, debug, tracing, and error.

Tracing String No {"sampling":99.8,"custom_tags":{"test":{"literal":{"value":"testnamespace"}}}}

The custom configurations of Tracing Analysis. The configurations must be serialized into JSON strings. The configurations contain the following parameters:

  • sampling: The sampling rate, which is of the DOUBLE type.
  • custom_tags: The custom tags added to reported spans, which are of the MAP type. The key of a tag is of the string type. The value of a tag is in the JSON format. A custom tag can belong to one of the following types:
    • literal: The tag value is a fixed value in the JSON format. This tag must contain the value field that specifies a literal. Example: {"value":"test"}.
    • header: The tag value is a request header in the JSON format. This tag must contain the name field and defaultValue field.The name field indicates the name of the request header. The defaultValue field indicates the default value that is used when no request header is available. Example: {"name":"test","defaultValue":"test"}.
    • environment: The tag value is an environment variable in the JSON format. This tag must contain the name field and defaultValue field. The name field indicates the name of the environment variable. The defaultValue field indicates the environment variable that is used when no environment variable is available. Example: {"name":"test","defaultValue":"test"}.
InterceptionMode String No TPROXY

The mode in which the sidecar proxy intercepts inbound traffic. Valid values:

  • REDIRECT: The sidecar proxy intercepts inbound traffic in the REDIRECT mode.
  • TPROXY: The sidecar proxy intercepts inbound traffic in the TPROXY mode.

Response parameters

Parameter Type Example Description
RequestId String 31d3a0f0-07ed-4f6e-9004-1804498c****

The ID of the request.

Examples

Sample requests

http(s)://[Endpoint]/?Action=UpdateNamespaceScopeSidecarConfig
&ServiceMeshId=ca04bc38979214bf2882be79d39b4****
&Namespace=default
&IncludeIPRanges=*
&ExcludeIPRanges=172.16.0.0/12
&IncludeInboundPorts=83
&ExcludeOutboundPorts=81
&ExcludeInboundPorts=82
&IncludeOutboundPorts=84
&TerminationDrainDuration=6s
&ProxyInitCPUResourceLimit=2000 m
&ProxyInitMemoryResourceLimit=50 Mi
&ProxyInitCPUResourceRequest=60 m
&ProxyInitMemoryResourceRequest=30 Mi
&SidecarProxyCPUResourceLimit=2000 m
&SidecarProxyMemoryResourceLimit=50 Mi
&SidecarProxyCPUResourceRequest=60 m
&SidecarProxyMemoryResourceRequest=30 Mi
&Lifecycle={"postStart":{"exec":{"command":["pilot-agent","wait"]}},"preStop":{"exec":{"command":["/bin/sh","-c","sleep 15"]}}}
&IstioDNSProxyEnabled=true
&PostStart={"exec":{"command":["pilot-agent","wait"]}}
&PreStop={"exec":{"command":["/bin/sh","-c","sleep 15"]}}
&Concurrency=2
&ProxyStatsMatcher={ "inclusionPrefixes": [ "cluster.outbound", "cluster_manager", "listener_manager", "server", "cluster.xds-grpc" ], "inclusionRegexps": [ "listener.*.downstream_cx_total", "listener.*.downstream_cx_active" ] }
&HoldApplicationUntilProxyStarts=true
&LogLevel=info
&Tracing={"sampling":99.8,"custom_tags":{"test":{"literal":{"value":"testnamespace"}}}}
&InterceptionMode=TPROXY
&<Common request parameters>

Sample success responses

XML format

HTTP/1.1 200 OK
Content-Type:application/xml

<UpdateNamespaceScopeSidecarConfigResponse>
    <RequestId>31d3a0f0-07ed-4f6e-9004-1804498c****</RequestId>
</UpdateNamespaceScopeSidecarConfigResponse>

JSON format

HTTP/1.1 200 OK
Content-Type:application/json

{
  "RequestId" : "31d3a0f0-07ed-4f6e-9004-1804498c****"
}

Error codes

For a list of error codes, see Service error codes.