UpdateNamespaceScopeSidecarConfig - Alibaba Cloud Service Mesh

Updates the configurations of sidecar proxies at the namespace level.

Debugging

OpenAPI Explorer automatically calculates the signature value. For your convenience, we recommend that you call this operation in OpenAPI Explorer.

Debug

Authorization information

The following table shows the authorization information corresponding to the API. The authorization information can be used in the Action policy element to grant a RAM user or RAM role the permissions to call this API operation. Description:

Operation: the value that you can use in the Action element to specify the operation on a resource.
Access level: the access level of each operation. The levels are read, write, and list.
Resource type: the type of the resource on which you can authorize the RAM user or the RAM role to perform the operation. Take note of the following items:
- The required resource types are displayed in bold characters.
- If the permissions cannot be granted at the resource level, All Resources is used in the Resource type column of the operation.
Condition Key: the condition key that is defined by the cloud service.
Associated operation: other operations that the RAM user or the RAM role must have permissions to perform to complete the operation. To complete the operation, the RAM user or the RAM role must have the permissions to perform the associated operations.

Operation	Access level	Resource type	Condition key	Associated operation
servicemesh:UpdateNamespaceScopeSidecarConfig	update	All Resources *	none	none

Request parameters

Parameter	Type	Required	Description	Example
ServiceMeshId	string	Yes	The ID of the ASM instance.	ca04bc38979214bf2882be79d39b4****
Namespace	string	No	The namespace for which you want to update the sidecar proxy configurations.	default
IncludeIPRanges	string	No	The range of IP addresses that are denied to access external services. (`global.proxy.includelPRanges`)	*
ExcludeIPRanges	string	No	The range of IP addresses that are allowed to access external services. (`global.proxy.excludelPRanges`)	172.16.0.0/12
IncludeInboundPorts	string	No	The port that the inbound traffic of the sidecar proxy passes through.	83
ExcludeOutboundPorts	string	No	The port that the outbound traffic of the sidecar proxy does not pass through.	81
ExcludeInboundPorts	string	No	The port that the inbound traffic of the sidecar proxy does not pass through.	82
IncludeOutboundPorts	string	No	The port that the outbound traffic of the sidecar proxy passes through.	84
TerminationDrainDuration	string	No	The maximum period of time that the sidecar proxy waits for a request to end.	6s
ProxyInitCPUResourceLimit	string	No	The maximum number of CPU cores that are available to the sidecar proxy init container.	2000 m
ProxyInitMemoryResourceLimit	string	No	The maximum size of memory that is available to the sidecar proxy init container.	50 Mi
ProxyInitCPUResourceRequest	string	No	The minimum number of CPU cores that are requested by the sidecar proxy init container.	60 m
ProxyInitMemoryResourceRequest	string	No	The minimum size of memory that is requested by the sidecar proxy init container.	30 Mi
SidecarProxyCPUResourceLimit	string	No	The maximum number of CPU cores that are available to the sidecar proxy container.	2000 m
SidecarProxyMemoryResourceLimit	string	No	The maximum size of memory that is available to the sidecar proxy container.	50 Mi
SidecarProxyCPUResourceRequest	string	No	The minimum number of CPU cores that are requested by the sidecar proxy container.	60 m
SidecarProxyMemoryResourceRequest	string	No	The minimum size of memory that is requested by the sidecar proxy container.	30 Mi
Lifecycle	string	No	The lifecycle of the sidecar proxy.	{"postStart":{"exec":{"command":["pilot-agent","wait"]}},"preStop":{"exec":{"command":["/bin/sh","-c","sleep 15"]}}}
IstioDNSProxyEnabled	boolean	No	Specifies whether to enable the Domain Name System (DNS) proxy feature. Valid values: `true`: The DNS proxy feature is enabled. `false`: The DNS proxy feature is disabled.	true
PostStart	string	No	The post-start parameters of Istio Proxy.	{"exec":{"command":["pilot-agent","wait"]}}
PreStop	string	No	The pre-close parameters of Istio Proxy.	{"exec":{"command":["/bin/sh","-c","sleep 15"]}}
Concurrency	integer	No	The number of worker threads to run in Istio Proxy.	2
ProxyStatsMatcher	string	No	The monitoring metrics for data collected by Envoy proxies. The value is in the JSON format.	{ "inclusionPrefixes": [ "cluster.outbound", "cluster_manager", "listener_manager", "server", "cluster.xds-grpc" ], "inclusionRegexps": [ "listener..downstream_cx_total", "listener..downstream_cx_active" ] }
HoldApplicationUntilProxyStarts	boolean	No	Specifies whether applications can be started only after Istio Proxy starts. Valid values: `true`: Applications can be started only after Istio Proxy starts. `false`: Applications can be started before Istio Proxy starts.	true
LogLevel	string	No	The log level. Valid values: `info`, `debug`, `tracing`, and `error`.	info
Tracing	string	No	The custom configurations of Tracing Analysis. The configurations must be serialized into JSON strings. The configurations contain the following parameters: `sampling`: The sampling rate, which is of the DOUBLE type. `custom_tags`: The custom tags added to reported spans, which are of the MAP type. The key of a tag is of the string type. The value of a tag is in the JSON format. A custom tag can belong to one of the following types: `literal`: The tag value is a fixed value in the JSON format. This tag must contain the `value` field that specifies a literal. Example: `{"value":"test"}`. `header`: The tag value is a request header in the JSON format. This tag must contain the `name` field and `defaultValue` field.The name field indicates the name of the request header. The defaultValue field indicates the default value that is used when no request header is available. Example: `{"name":"test","defaultValue":"test"}`. `environment`: The tag value is an environment variable in the JSON format. This tag must contain the `name` field and `defaultValue` field. The name field indicates the name of the environment variable. The defaultValue field indicates the environment variable that is used when no environment variable is available. Example: `{"name":"test","defaultValue":"test"}`.	{"sampling":99.8,"custom_tags":{"test":{"literal":{"value":"testnamespace"}}}}
InterceptionMode	string	No	The mode in which the sidecar proxy intercepts inbound traffic. Valid values: `REDIRECT`: The sidecar proxy intercepts inbound traffic in the REDIRECT mode. `TPROXY`: The sidecar proxy intercepts inbound traffic in the TPROXY mode.	TPROXY
ProxyMetadata	string	No	The environment variables that are added to a sidecar proxy. The environment variables are represented as JSON objects. The keys and values in the JSON objects represent the keys and values added to the environment variables of the sidecar proxy.	{"EXIT_ON_ZERO_ACTIVE_CONNECTIONS":"true"}
ProxyInitAckSloCPUResourceLimit	string	No	The maximum number of reclaimed CPU cores provided by Container Service for Kubernetes (ACK) that are available to the istio-init container. Reclaimed resources, including CPU cores and memory, are resources that can be dynamically overcommitted. This configuration item is used to set the maximum number of CPU cores that are available to the istio-init container in a pod labeled with `koordinator.sh/qosClass`. Unit: millicore.	2000
ProxyInitAckSloMemoryResourceLimit	string	No	The maximum size of reclaimed memory resources provided by ACK that are available to the istio-init container. This configuration item is used to set the maximum size of memory that is available to the istio-init container in a pod labeled with `koordinator.sh/qosClass`.	2048Mi
ProxyInitAckSloCPUResourceRequest	string	No	The minimum number of reclaimed CPU cores provided by ACK that the istio-init container requires at runtime. This configuration item is used to set the minimum number of reclaimed CPU cores for the istio-init container in a pod labeled with `koordinator.sh/qosClass`. Unit: millicore.	100
ProxyInitAckSloMemoryResourceRequest	string	No	The minimum size of reclaimed memory provided by ACK that the istio-init container requires at runtime. This configuration item is used to set the minimum size of reclaimed memory for the istio-init container in a pod labeled with `koordinator.sh/qosClass`.	128Mi
SidecarProxyAckSloCPUResourceLimit	string	No	The maximum number of reclaimed CPU cores provided by ACK that are available to the sidecar proxy container. This configuration item is used to set the maximum number of CPU cores that are available to the sidecar proxy container in a pod labeled with `koordinator.sh/qosClass`. Unit: millicore.	2000
SidecarProxyAckSloMemoryResourceLimit	string	No	The maximum size of reclaimed memory resources provided by ACK that are available to the sidecar proxy container. This configuration item is used to set the maximum size of memory that is available to the sidecar proxy container in a pod labeled with `koordinator.sh/qosClass`.	2048Mi
SidecarProxyAckSloCPUResourceRequest	string	No	The minimum number of reclaimed CPU cores provided by ACK that the sidecar proxy container requires at runtime. This configuration item is used to set the minimum number of reclaimed CPU cores for the sidecar proxy container in a pod labeled with `koordinator.sh/qosClass`. Unit: millicore.	100
SidecarProxyAckSloMemoryResourceRequest	string	No	The minimum size of reclaimed memory provided by ACK that the sidecar proxy container requires at runtime. This configuration item is used to set the minimum size of reclaimed memory for the sidecar proxy container in a pod labeled with `koordinator.sh/qosClass`.	128Mi
Privileged	boolean	No	Specifies whether to enable the privileged mode in the security context of the sidecar proxy containers. Valid values: `true`: enables the privileged mode. This means that the sidecar proxy containers run in privileged mode. `false`: does not enable the privileged mode.	false
EnableCoreDump	boolean	No	Specifies whether to enable the core dump feature for the sidecar proxy containers. Valid values: `true` `false`	false
ReadinessInitialDelaySeconds	integer	No	The amount of time to wait before the first readiness check of a sidecar proxy container is performed. Unit: seconds.	1
ReadinessPeriodSeconds	integer	No	The interval between two readiness checks of a sidecar proxy container. Unit: seconds.	2
ReadinessFailureThreshold	integer	No	The number of readiness check failures required before marking a sidecar proxy container as not ready.	5
SMCEnabled	boolean	No	Specifies whether to enable Shared Memory Communications over Remote Direct Memory Access (SMC-R) optimization. The SMC-R optimization feature uses Alibaba Cloud Linux 3 and elastic remote direct memory access (eRDMA) network devices, which optimizes cross-node communication.	false

Response parameters

Parameter	Type	Description	Example
	object
RequestId	string	The ID of the request.	31d3a0f0-07ed-4f6e-9004-1804498c****

Examples

Sample success responses

JSONformat

{
  "RequestId": "31d3a0f0-07ed-4f6e-9004-1804498c****"
}

Error codes

For a list of error codes, visit the Service error codes.

Change history

Change time	Summary of changes	Operation
2024-07-26	The request parameters of the API has changed	View Change Details
2024-05-21	The request parameters of the API has changed	View Change Details
2023-08-31	The request parameters of the API has changed	View Change Details
2023-03-27	The request parameters of the API has changed	View Change Details