UpdateMeshFeature - Alibaba Cloud Service Mesh - Alibaba Cloud Documentation Center

Updates the configuration of a Service Mesh (ASM) instance.

Debugging

OpenAPI Explorer automatically calculates the signature value. For your convenience, we recommend that you call this operation in OpenAPI Explorer.

Debug

Authorization information

The following table shows the authorization information corresponding to the API. The authorization information can be used in the Action policy element to grant a RAM user or RAM role the permissions to call this API operation. Description:

Operation: the value that you can use in the Action element to specify the operation on a resource.
Access level: the access level of each operation. The levels are read, write, and list.
Resource type: the type of the resource on which you can authorize the RAM user or the RAM role to perform the operation. Take note of the following items:
- The required resource types are displayed in bold characters.
- If the permissions cannot be granted at the resource level, All Resources is used in the Resource type column of the operation.
Condition Key: the condition key that is defined by the cloud service.
Associated operation: other operations that the RAM user or the RAM role must have permissions to perform to complete the operation. To complete the operation, the RAM user or the RAM role must have the permissions to perform the associated operations.

Operation	Access level	Resource type	Condition key	Associated operation
servicemesh:UpdateMeshFeature	update	All Resources *	none	none

Request parameters

Parameter	Type	Required	Description	Example
ServiceMeshId	string	Yes	The ID of the ASM instance.	cb8963379255149cb98c8686f274x****
Tracing	boolean	No	Specifies whether to enable Managed Service for OpenTelemetry. (Before you enable Managed Service for OpenTelemetry, make sure that you have activated it.) Valid values: `true` `false` Default value: `false`.	false
TraceSampling	float	No	The sampling percentage of Tracing Analysis.	100
TraceCustomTags	string	No	The custom tag of Tracing Analysis. Specify this parameter in the JSON format. `{ "name1": CustomTag, "name2": CustomTag }` Tag key: literal, header, or environment. `{ "literal": { "value": "Fixed value" } "header": { "name": "Header name" "defaultValue": "Default value that is used if the specified header does not exist" } "environment": { "name": "Environment variable name" "defaultValue": "Default value that is used if the specified environment variable does not exist" } }`	{"mytag": {"literal":{"value":"test"}}}
TraceMaxPathTagLength	string	No	The maximum length of the request path contained in the HttpUrl span tag. Default value: `256`.	256
LocalityLoadBalancing	boolean	No	Specifies whether to enable cross-region load balancing. Valid values: `true`: enables cross-region load balancing. `false`: disables cross-region load balancing. Default value: `false`.	true
LocalityLBConf	string	No	The configurations of cross-region load balancing. Valid values: `failover`: the configurations of cross-region failover. Example: `failover: [// Cross-region failover configurations of the struct type. { // If a service fails in the China (Beijing) region, the traffic is redirected to the same service in the China (Hangzhou) region. from: "cn-beijing", to: "cn-hangzhou", } ]` `distribute`: the configurations of cross-region traffic distribution. Example: `distribute: [// Cross-region traffic distribution configurations of the struct type. { // For traffic that is routed to the China (Beijing) region, 70% of the traffic is allocated to the China (Beijing) region and the rest of the traffic is redirected to the China (Hangzhou) region. "from": "cn-beijing", "to": { "cn-beijing": 70, "cn-hangzhou": 30, } } ]`	{"failover":[{"from":"cn-hangzhou","to":"cn-shanghai"}]}
Telemetry	boolean	No	Specifies whether to enable Prometheus monitoring. We recommend that you enable ARMS Prometheus. Valid values: `true`: enables Prometheus monitoring. `false`: disables Prometheus monitoring. Default value: `false`.	false
OpenAgentPolicy	boolean	No	Specifies whether to install the Open Policy Agent (OPA) plug-in. Valid values: `true`: installs the OPA plug-in. `false`: does not install the OPA plug-in. Default value: `false`.	false
OPALogLevel	string	No	The log level of the OPA proxy container. `info`: outputs all information. `debug`: outputs debugging and error information. `error`: outputs only error information.	info
OPARequestCPU	string	No	The number of CPU cores that are requested by the OPA proxy container.	1
OPARequestMemory	string	No	The size of the memory that is requested by the OPA proxy container.	512Mi
OPALimitCPU	string	No	The maximum number of CPU cores that are available to the OPA proxy container.	2
OPALimitMemory	string	No	The maximum size of the memory that is available to the OPA proxy container.	1024Mi
EnableAudit	boolean	No	Specifies whether to enable the mesh audit feature. To enable this feature, make sure that you have activated Log Service. Valid values: `true`: enables the mesh audit feature. `false`: disables the mesh audit feature. Default value: `false`.	false
AuditProject	string	No	The name of the Log Service project that is used for mesh audit. Default value: `mesh-log-{ASM instance ID}`.	mesh-log-c08ba3fd1e64xxb0f8cc1ad8****
CustomizedZipkin	boolean	No	Specifies whether to use a self-managed Zipkin system to collect tracing data. Valid values: `true`: uses a self-managed Zipkin system. `false`: does not use a self-managed Zipkin system. Default value: `false`.	false
OutboundTrafficPolicy	string	No	The policy for accessing external services. Valid values: `ALLOW_ANY`: allows access to all external services. `REGISTRY_ONLY`: allows access to only the external services that are defined in the ServiceEntry of the ASM instance.	ALLOW_ANY
ProxyRequestCPU	string	No	The number of CPU cores that are requested by the sidecar proxy container.	100m
ProxyRequestMemory	string	No	The size of the memory that is requested by the sidecar proxy container.	128Mi
ProxyLimitCPU	string	No	The maximum number of CPU cores that are available to the sidecar proxy container.	2000m
ProxyLimitMemory	string	No	The maximum size of the memory that is available to the sidecar proxy container.	1024Mi
IncludeIPRanges	string	No	The IP addresses of external services to which traffic is intercepted.	*
ExcludeIPRanges	string	No	The IP addresses of external services to which traffic is not intercepted.	100.100.XXX.XXX
ExcludeOutboundPorts	string	No	The ports for which outbound traffic is not redirected to the sidecar proxy. Separate multiple ports with commas (,).	80,81
IncludeInboundPorts	string	No	The ports for which inbound traffic is redirected to the sidecar proxy.	80,81
ExcludeInboundPorts	string	No	The ports for which inbound traffic is not redirected to the sidecar proxy. Separate multiple ports with commas (,).	80,81
EnableNamespacesByDefault	boolean	No	Specifies whether to enable automatic sidecar proxy injection for all namespaces. Valid values: `true`: enables automatic sidecar proxy injection for all namespaces. `false`: disables automatic sidecar proxy injection for all namespaces. Default value: `false`.	false
AutoInjectionPolicyEnabled	boolean	No	Specifies whether to enable automatic sidecar proxy injection by using pod annotations. Valid values: `true`: enables automatic sidecar proxy injection by using pod annotations. `false`: disables automatic sidecar proxy injection by using pod annotations. Default value: `false`.	false
SidecarInjectorRequestCPU	string	No	The number of CPU cores that are requested by the pod where a sidecar proxy injector resides.	1000m
SidecarInjectorRequestMemory	string	No	The size of the memory that is requested by the pod where a sidecar proxy injector resides.	512Mi
SidecarInjectorLimitCPU	string	No	The maximum number of CPU cores that are available to the pod where a sidecar proxy injector resides.	4000m
SidecarInjectorLimitMemory	string	No	The maximum size of the memory that is available to the pod where a sidecar proxy injector resides.	2048Mi
SidecarInjectorWebhookAsYaml	string	No	Other configurations of automatic sidecar proxy injection, in the YAML format.	{"injectedAnnotations":{"test/istio-init":"runtime/default2","test/istio-proxy":"runtime/default"},"replicaCount":2,"nodeSelector":{"beta.kubernetes.io/os":"linux"}}
CniEnabled	boolean	No	Specifies whether to enable the Container Network Interface (CNI) plug-in. Valid values: `true`: enables the CNI plug-in. `false`: disables the CNI plug-in. Default value: `false`.	false
CniExcludeNamespaces	string	No	The namespaces to be excluded for the CNI plug-in.	kube-system
OpaEnabled	boolean	No	Specifies whether to enable the OPA plug-in. Valid values: `true`: enables the OPA plug-in. `false`: disables the OPA plug-in. Default value: `false`.	false
Http10Enabled	boolean	No	Specifies whether to support HTTP 1.0. Valid values: `true`: supports HTTP 1.0. `false`: does not support HTTP 1.0. Default value: `false`.	false
KialiEnabled	boolean	No	Specifies whether to enable the Mesh Topology feature. To enable this feature, make sure that you have enabled Prometheus monitoring. If Prometheus monitoring is disabled, the Mesh Topology feature must be disabled. Valid values:```` `true`: enables the Mesh Topology feature. `false`: disables the Mesh Topology feature. Default value: `false`.	false
CustomizedPrometheus	boolean	No	Specifies whether to use a custom Prometheus instance. Valid values: `true`: uses a custom Prometheus instance. `false`: does not use a custom Prometheus instance. Default value: `false`.	false
PrometheusUrl	string	No	The endpoint of Prometheus monitoring. If you use ARMS Prometheus, set this parameter to the endpoint of Prometheus provided by ARMS.	http://prometheus:9090
AccessLogEnabled	boolean	No	Specifies whether to enable access log collection. Valid values: `true`: enables access log collection. `false`: disables access log collection. Default value: `false`.	false
MSEEnabled`deprecated`	boolean	No	Specifies whether to enable Microservices Engine (MSE). Valid values: `true` `false` Default value: `false`.	false
RedisFilterEnabled	boolean	No	Specifies whether to enable Redis Filter. Valid values: `true`: enables Redis Filter. `false`: disables Redis Filter. Default value: `false`.	false
MysqlFilterEnabled	boolean	No	Specifies whether to enable MySQL Filter. Valid values: `true`: enables MySQL Filter. `false`: disables MySQL Filter. Default value: `false`.	false
ThriftFilterEnabled	boolean	No	Specifies whether to enable Thrift Filter. Valid values: `true`: enables Thrift Filter. `false`: disables Thrift Filter. Default value: `false`.	false
WebAssemblyFilterEnabled	boolean	No	Specifies whether to enable WebAssembly Filter. Valid values: `true`: enables WebAssembly Filter. `false`: disables WebAssembly Filter. Default value: `false`.	false
DNSProxyingEnabled	boolean	No	Specifies whether to enable DNS proxy. Valid values: `true`: enables the DNS proxy feature. `false`: disables the DNS proxy feature. Default value: `false`.	false
DubboFilterEnabled	boolean	No	Specifies whether to enable Dubbo Filter. Valid values: `true`: enables Dubbo Filter. `false`: disables Dubbo Filter. Default value: `false`.	false
FilterGatewayClusterConfig	boolean	No	Specifies whether to enable gateway configuration filtering. Valid values: `true`: enables gateway configuration filtering. `false`: disables gateway configuration filtering. Default value: `false`.	false
EnableSDSServer	boolean	No	Specifies whether to enable Secret Discovery Service (SDS). Valid values: `true`: enables SDS. `false`: disables SDS. Default value: `false`.	false
AccessLogServiceEnabled	boolean	No	Specifies whether to enable gRPC Access Log Service (ALS) for Envoy. Valid values: `true`: enables gRPC ALS for Envoy. `false`: disables gRPC ALS for Envoy. Default value: `false`.	false
AccessLogServiceHost	string	No	The endpoint of gRPC ALS for Envoy.	0.0.0.0
AccessLogServicePort	integer	No	The port of gRPC ALS for Envoy.	9999
GatewayAPIEnabled	boolean	No	Specifies whether to enable Gateway API. Valid values: `true`: enables Gateway API. `false`: disables Gateway API. Default value: `false`.	false
ConfigSourceEnabled	boolean	No	Specifies whether to enable the external service registry. Valid values: `true`: enables the external service registry. `false`: disables the external service registry. Default value: `false`.	false
ConfigSourceNacosID	string	No	The instance ID of the Nacos registry.	mse-cn-tl326******
AccessLogFormat	string	No	The custom format of access logs. To set this parameter, make sure that you have enabled access log collection. The value must be a JSON string. The following key names must be contained: authority_for, bytes_received, bytes_sent, downstream_local_address, downstream_remote_address, duration, istio_policy_status, method, path, protocol, requested_server_name, response_code, response_flags, route_name, start_time, trace_id, upstream_cluster, upstream_host, upstream_local_address, upstream_service_time, upstream_transport_failure_reason, user_agent, and x_forwarded_for.	{"authority_for":"%REQ(:AUTHORITY)%","bytes_received":"%BYTES_RECEIVED%","bytes_sent":"%BYTES_SENT%","downstream_local_address":"%DOWNSTREAM_LOCAL_ADDRESS%","downstream_remote_address":"%DOWNSTREAM_REMOTE_ADDRESS%","duration":"%DURATION%","istio_policy_status":"%DYNAMIC_METADATA(istio.mixer:status)%","method":"%REQ(:METHOD)%","path":"%REQ(X-ENVOY-ORIGINAL-PATH?:PATH)%","protocol":"%PROTOCOL%","request_id":"%REQ(X-REQUEST-ID)%","requested_server_name":"%REQUESTED_SERVER_NAME%","response_code":"%RESPONSE_CODE%","response_flags":"%RESPONSE_FLAGS%","route_name":"%ROUTE_NAME%","start_time":"%START_TIME%","trace_id":"%REQ(X-B3-TRACEID)%","upstream_cluster":"%UPSTREAM_CLUSTER%","upstream_host":"%UPSTREAM_HOST%","upstream_local_address":"%UPSTREAM_LOCAL_ADDRESS%","upstream_service_time":"%RESP(X-ENVOY-UPSTREAM-SERVICE-TIME)%","upstream_transport_failure_reason":"%UPSTREAM_TRANSPORT_FAILURE_REASON%","user_agent":"%REQ(USER-AGENT)%","x_forwarded_for":"%REQ(X-FORWARDED-FOR)%"}
AccessLogFile	string	No	Specifies whether to enable access logging. Valid values: `""`: disables access logging. `/dev/stdout`: enables access logging. Access logs are written to /dev/stdout.	“”
AccessLogProject	string	No	The custom project on which the Log Service collects logs.	mesh-log-cf245a429b6ff4b6e97f20797758e****
EnableCRHistory	boolean	No	Specifies whether to enable the rollback feature for Istio resources.	false
CRAggregationEnabled	boolean	No	Specifies whether to use the Kubernetes API of clusters on the data plane to access Istio resources. To use this feature, the version of the ASM instance must be V1.9.7.93 or later.	false
TerminationDrainDuration	string	No	The maximum period of time that the sidecar proxy waits for requests to be processed before the proxy is stopped. For example, if you want to specify a period of 5 seconds, set this parameter to 5s.	5s
ProxyInitCPUResourceLimit	string	No	The maximum number of CPU cores that are available to the istio-init container.	2000m
ProxyInitMemoryResourceLimit	string	No	The maximum size of the memory that is available to the istio-init container.	1024Mi
ProxyInitCPUResourceRequest	string	No	The number of CPU cores that are requested by the istio-init container.	10m
ProxyInitMemoryResourceRequest	string	No	The size of the memory that is requested by the istio-init container.	10Mi
Lifecycle	string	No	The lifecycle of the sidecar proxy.	{"postStart":{"exec":{"command":["pilot-agent","wait"]}},"preStop":{"exec":{"command":["/bin/sh","-c","sleep 15"]}}}
MultiBufferEnabled	boolean	No	Specifies whether to enable Transport Layer Security (TLS) acceleration based on MultiBuffer.	false
MultiBufferPollDelay	string	No	The pull-request latency. By default, this parameter is left empty.	0.02s
DiscoverySelectors	string	No	The label selectors used to specify the namespaces of the clusters on the data plane for selective service discovery.	[{"matchExpressions":[{"key":"asm-discovery","operator":"Exists"}]}]
ClusterSpec	string	No	Specifies whether to enable the feature of controlling the OPA injection scope. Valid values: `true`: enables the feature. `false`: disables the feature.	standard
OPAScopeInjected	boolean	No	The minimum number of CPU cores requested by the pod that injects OPA proxies into application pods. For example, `1000m` indicates one CPU core.	false
OPAInjectorCPURequirement	string	No	The minimum size of the memory requested by the pod that injects OPA proxies into application pods. For example, `50 Mi` indicates 50 MB.	80m
OPAInjectorMemoryRequirement	string	No	The maximum number of CPU cores that are available to the pod that injects OPA proxies into application pods. For example, `1000m` indicates one CPU core.	50Mi
OPAInjectorCPULimit	string	No	The maximum size of the memory that is available to the pod that injects OPA proxies into application pods. For example, `1024Mi` indicates 1024 MB.	1000m
OPAInjectorMemoryLimit	string	No	Specifies whether to create a CLB instance for accessing the ASM mesh topology.	1024Mi
IntegrateKiali	boolean	No	Specifies whether to create a Classic Load Balancer (CLB) instance for accessing Mesh Topology of Service Mesh (ASM).	false
NFDEnabled	boolean	No	Specifies whether to clear feature labels on nodes when NFD is disabled. This parameter is valid only when the `NFDEnabled` parameter is set to `false`.	false
NFDLabelPruned	boolean	No	The minimum number of CPU cores requested by the proxy service that exports Tracing Analysis data. For example, `1000m` indicates one CPU core.	false
TracingOnExtZipkinRequestCPU	string	No	The minimum size of the memory requested by the proxy service that exports Tracing Analysis data. For example, `1Mi` indicates 1 MB.	200m
TracingOnExtZipkinRequestMemory	string	No	The maximum number of CPU cores that are available to the proxy service that exports Tracing Analysis data. For example, `1000m` indicates one CPU core.	200Mi
TracingOnExtZipkinLimitCPU	string	No	The maximum size of the memory that is available to the proxy service that exports Tracing Analysis data. For example, `1Mi` indicates 1 MB.	1000Mi
TracingOnExtZipkinLimitMemory	string	No	The retention period for the access logs of the ingress gateway. Unit: day. The logs are collected by using Log Service. For example, `30` indicates 30 days.	1024Mi
TracingOnExtZipkinReplicaCount	string	No	The number of replicas that are available to the proxy service that exports Managed Service for OpenTelemetry data.	2
AccessLogGatewayLifecycle	integer	No	The retention period for the access logs of the sidecar proxy. Unit: day. The logs are collected by using Log Service. For example, `30` indicates 30 days.	30
AccessLogSidecarLifecycle	integer	No	Specifies whether to enable automatic diagnostics for the ASM instance. If you enable this feature, the ASM instance is automatically diagnosed when you modify Istio resources in the ASM instance.	30
EnableAutoDiagnosis	boolean	No	The ports for which outbound traffic is redirected to the sidecar proxy.	true
IncludeOutboundPorts	string	No	The log level of the sidecar proxy on the data plane. Log levels include `none`, `error`, `warn`, `info`, and `debug`. The levels correspond to different amounts of information reported by the logs. For example, none-level logs report the least information, while debug-level logs report the most information.	8000,8001
LogLevel	string	No	The number of worker threads used by the sidecar proxy on the data plane.	info
Concurrency	integer	No	Specifies whether to delay application container startup until the sidecar proxy container is started in a pod.	2
HoldApplicationUntilProxyStarts	boolean	No	Other metrics of the sidecar proxy on the data plane.	true
ProxyStatsMatcher	string	No	The mode in which the sidecar proxy intercepts inbound traffic. Valid values: `REDIRECT`: The sidecar proxy intercepts inbound traffic in the REDIRECT mode. `TPROXY`: The sidecar proxy intercepts inbound traffic in the TPROXY mode.	{"inclusionRegexps":".adaptive_concurrency."}
InterceptionMode	string	No	Specifies whether to load the bootstrap configuration before the sidecar proxy is started.	TPROXY
EnableBootstrapXdsAgent	boolean	No	Specifies the authentication token of an ARMS Prometheus instance when the Mesh Topology feature is enabled and ARMS Prometheus is used to collect monitoring metrics. The token is used to allow Mesh Topology to access the ARMS Prometheus instance. The token is in the JSON format. The key in the JSON object is the ID of the cluster on the data plane, and the value is the authentication token of the ARMS Prometheus instance deployed in the cluster.	true
KialiArmsAuthTokens	string	No	Specifies the default scheduling configurations that ASM delivers to components on the data plane. You can configure `nodeSelector` and tolerations in the JSON format. Note Modifying the value of this parameter is a high-risk operation. The modification will cause all components on the data plane of ASM to restart. Exercise caution before modifying the value of this parameter. The configurations specified by this parameter do not apply to the ASM gateway. You can configure gateway-specific scheduling on the ASM gateway.	{"c31e3b******5634b":"token_example"}
DefaultComponentsScheduleConfig	string	No	Specifies the default scheduling configurations that ASM delivers to components on the data plane. You can configure `nodeSelector` and `tolerations` in the JSON format. Note Modifying the value of this parameter is a high-risk operation. The modification will cause all components on the data plane of ASM to restart. Exercise caution before modifying the value of this parameter. The configurations specified by this parameter do not apply to ASM gateways. You can configure gateway-specific scheduling on ASM gateways.	{"tolerations":[{"key":"test-taints", "operator":"Exists", "effect":"NoSchedule"}], "nodeSelector":{"kubernetes.io/hostname":"test-nodes"}}
KialiServiceAnnotations	string	No	Specifies Classic Load Balancer (CLB) instances by using annotations when the Mesh Topology feature is enabled. These CLB instances are used to access the Mesh Topology feature in different clusters. This parameter is a JSON-encoded string. The key in the JSON object is the ID of a cluster on the data plane, and the value is the annotation content of the Mesh Topology service in the cluster. For more information about how to configure CLB instances by using annotations, see Add annotations to the YAML file of a Service to configure CLB instances.	{"c31e3b******5634b":{"service.beta.kubernetes.io/alibaba-cloud-loadbalancer-address-type":"intranet"}}
AccessLogGatewayEnabled	boolean	No	Specifies whether to enable the collection of access logs of ASM gateways to Simple Log Service.	false
AccessLogSidecarEnabled	boolean	No	Specifies whether to enable the collection of access logs of sidecar proxies to Simple Log Service.	false
LabelsForOffloadedWorkloads	string	No	The labels for isolated workloads.	name=xx,region=xx
ExistingRootCaCert	string	No	The updated root certificate. You can modify this parameter only if you use a custom certificate when you create a Service Mesh (ASM) instance.	Base64 encoded PEM certificate.
ExistingCaCert	string	No	The updated certificate authority (CA) certificate. You can modify this parameter only if you use a custom certificate when you create an ASM instance.	Base64 encoded PEM certificate.
ExistingCaKey	string	No	The updated CA certificate key. You can modify this parameter only if you use a custom certificate when you create an ASM instance.	Base64 encoded PEM private key.
CertChain	string	No	The certificate chain from the CA certificate to the root certificate. At least two certificates are included in the chain.	Base64 encoded PEM cert chain.
SMCEnabled	boolean	No	Specifies whether to enable SMC optimization.	false
PilotEnableQuicListeners	boolean	No	Specifies whether to support HTTP/3.	false

Response parameters

Parameter	Type	Description	Example
	object
RequestId	string	The request ID.	BD65C0AD-D3C6-48D3-8D93-38D2015C****

Examples

Sample success responses

JSONformat

{
  "RequestId": "BD65C0AD-D3C6-48D3-8D93-38D2015C****"
}

Error codes

For a list of error codes, visit the Service error codes.

Change history

Change time	Summary of changes	Operation
2024-06-26	The request parameters of the API has changed	View Change Details
2024-06-24	The request parameters of the API has changed	View Change Details
2024-05-17	The request parameters of the API has changed	View Change Details
2024-02-04	The request parameters of the API has changed	View Change Details
2024-01-27	The request parameters of the API has changed	View Change Details
2023-08-31	The request parameters of the API has changed	View Change Details
2023-06-02	The request parameters of the API has changed	View Change Details
2023-04-13	The request parameters of the API has changed	View Change Details
2023-03-17	The request parameters of the API has changed	View Change Details
2022-08-17	The request parameters of the API has changed	View Change Details
2021-10-28	The request parameters of the API has changed	View Change Details
2021-09-06	The request parameters of the API has changed	View Change Details
2021-05-25	The request parameters of the API has changed	View Change Details