Default settings of features and parameters of ASM

0.0.201

Service Mesh (ASM) provides a fully managed platform that is compatible with the open source Istio service. When you install Istio or use ASM, the default settings of some features and parameters are used. This topic compares the default settings of some features and parameters of ASM with those of Istio.

Background information

The following sample command is used to install Istio. profile=demo indicates that the configuration file named demo is used. You can find the corresponding profile file, such as demo.yaml, in the manifests/profiles directory of a released version of Istio.

./istioctl install --set profile=demo -y

Parameters and their default values of each component

In this topic, Istio version 1.17 is used for comparison.

Proxy

Parameter	Default value of Istio	Default value of ASM	Description

Parameter	Default value of Istio	Default value of ASM	Description
clusterDomain	cluster.local	Specified when you create the instance	The local domain name of the cluster. The local domain name of the ASM instance must be the same as that of the Kubernetes cluster on the data plane.
enableCoreDump	false	Same as that of the open source Istio version	Enables the Core Dump option for the injected sidecar proxy, which is used to debug the sidecar proxy in the ASM instance.
excludeInboundPorts	""	Same as that of the open source Istio version	Sets inbound ports to be excluded from redirection to the sidecar proxy in the ASM instance.
includeInboundPorts	"*"	Same as that of the open source Istio version	Sets inbound ports for which traffic is to be redirected to the sidecar proxy in the ASM instance.
includeIPRanges	"*"	Same as that of the open source Istio version	Sets IP ranges in CIDR form for which traffic is to be redirected to the sidecar proxy in the ASM instance.
excludeIPRanges	""	Same as that of the open source Istio version	Sets IP ranges in CIDR form to be excluded from redirection to the sidecar proxy in the ASM instance.
includeOutboundPorts	""	Same as that of the open source Istio version	Sets outbound ports for which traffic is to be redirected to the sidecar proxy in the ASM instance.
excludeOutboundPorts	""	Same as that of the open source Istio version	Sets outbound ports to be excluded from redirection to the sidecar proxy in the ASM instance.
logLevel	warning	Same as that of the open source Istio version	Sets the log level of the sidecar proxy.
readinessFailureThreshold	30	Same as that of the open source Istio version	The number of consecutive detection failures before the sidecar proxy is determined to be unready.
readinessInitialDelaySeconds	1	Same as that of the open source Istio version	The number of seconds before the first readiness detection of a sidecar proxy.
readinessPeriodSeconds	2	Same as that of the open source Istio version	The interval in seconds between two readiness detections of a sidecar proxy.
resources	`requests: cpu: 100m memory: 128Mi limits: cpu: 2000m memory: 1024Mi`	Same as that of the open source Istio version	The default resource settings of the sidecar proxy container.
holdApplicationUntilProxyStarts	false	true	Specifies whether the sidecar proxy container must be started before the service container can be started during the start of a pod.
concurrency	2	Same as that of the open source Istio version	The number of worker threads started by Envoy.
interceptionMode	REDIRECT	Same as that of the open source Istio version	The mode in which the sidecar proxy intercepts traffic.
tracing	`zipkin: address: zipkin.istio-system:9411`	N/A. ASM does not enable Tracing Analysis by default.	The configurations of Tracing Analysis.
proxyMetadata	{}	`{ EXIT_ON_ZERO_ACTIVE_CONNECTIONS: "true" }`	The environment variable that is added to the sidecar proxy container.
terminationDrainDuration	5s	Same as that of the open source Istio version	The amount of time allowed for connections to complete on sidecar proxy termination.
proxyStatsMatcher	N/A	`proxyStatsMatcher: inclusionRegexps: - .adaptive_concurrency.`	The custom Envoy metrics to be reported.
Resources of the sidecar proxy init container	`resources: limits: cpu: '2' memory: 1Gi requests: cpu: 100m memory: 128Mi`	`resources: limits: cpu: '2' memory: 1Gi requests: cpu: 10m memory: 10Mi`	The resource settings of the sidecar proxy init container.
OutboundTrafficPolicy	ALLOW_ANY	Same as that of the open source Istio version	The policies for accessing external services of the sidecar proxy.

Pilot (control plane)

Parameter	Default value of Istio	Default value of ASM	Description

Parameter

Default value of Istio

Default value of ASM

Description

jwtPolicy

third-party-jwt

Same as that of the open source Istio version

Specifies the JSON Web Token (JWT)-based authentication policy. Valid values:

third-party-jwt
first-party-jwt

MeshConfig

Parameter	Sub-field	Default value of Istio	Default value of ASM	Description

Parameter	Sub-field	Default value of Istio	Default value of ASM	Description
proxyMetadata	ISTIO_META_DNS_CAPTURE	true	false	Specifies whether to enable DNS proxy.
proxyMetadata	BOOTSTRAP_XDS_AGENT	true	false	Specifies whether to enable the pilot-agent process to dynamically obtain the BOOTSTRAP configuration before it starts the Envoy proxy.
accessLogFile		/dev/stdout	Same as that of the open source Istio version	The file address for access logs.
enablePrometheusMerge		true	false	Specifies whether Istio Agent combines the public metrics of an application with the metrics of Envoy and Istio Agent.
extensionProviders		You need to configure extension providers based on the addons that you installed.	You can configure extension providers in the ASM console, such as the providers of Log Service, Tracing Analysis, and metric monitoring.	N/A

Telemetry

Parameter	Sub-field	Default value of Istio	Default value of ASM	Description

Parameter	Sub-field	Default value of Istio	Default value of ASM	Description
prometheus	wasmEnabled	false	Same as that of the open source Istio version	Specifies whether to enable WebAssembly runtimes for stats filters.
metadataExchange	wasmEnabled	false	Same as that of the open source Istio version	Specifies whether to enable WebAssembly runtimes for metadata exchange filters.

Feedback

Previous: LimitsNext: Announcements and Updates

On this page （1, O）

Background information

Parameters and their default values of each component

Proxy

Pilot (control plane)

MeshConfig

Telemetry

Chat now with Alibaba Cloud Customer Service to assist you in finding the right products and services to meet your needs.

Background information

Parameters and their default values of each component

Proxy

Pilot (control plane)

MeshConfig

Telemetry

Sales Support

Technical Support

Connect & Report Abuse

About Alibaba Cloud

Our Global Network

Quick Start

Global Offices

Olympic Games Paris 2024 New

Stade Roland Garros – Glitz from the Past New

Place de la Concorde – “Breaking” the Barriers New

Vaires-sur-Marne Nautical Stadium – Sports with Sustainability New

International Broadcast Center – Images, Sounds, and Data that Captivate Billions New

Customer Success Stories New

Trust Center

Security & Compliance Center

Cloud Compliance Resources

Security Compliance FAQs

Product & Feature Update New

Cloud Forward

Press Room

Alibaba Cloud e-Magazine New

Alibaba Cloud in Analyst Research

Notice

Go Global Service New

Go Global Alliance with Alibaba Cloud

Asia Accelerator Hot

Information Compliance

China Gateway - MLPS 2.0 Compliance New

China Gateway - Networking

China Gateway - Global Application Acceleration New

China Gateway - Security

China Gateway - Data Security New

ICP Support Hot

China Gateway - Omnichannel Data Mid-End New

China Gateway - Organizational Data Mid-End New

China Gateway - Business Mid-End New

China Gateway - AI Service for Conversational Chatbots New

China Gateway - Online Education

China Gateway - Domain Registration

Work at Alibaba Cloud

Experienced Professionals

Students and Graduates

Free Trial

Pricing

Promo Center

Price Reduction

Pay Less and Deploy More

FinOps

Elastic Compute Service (ECS)

Simple Application Server (SAS)

Elastic GPU Service

Elastic Desktop Service (EDS)

Object Storage Service (OSS)

Cloud Enterprise Network (CEN)

Web Application Firewall (WAF)

Domain Names

Lingma

Container Compute Service (ACS)

Secure Access Service Edge (SASE)

Intelligent Media Services(IMS)

Edge Security Acceleration (ESA)(Original DCDN)

Intelligent Media Management

DingTalk Enterprise

YiDA

Alibaba Cloud Model Studio

Apsara Prime - For Easy Cloud Product Selection

Alibaba Cloud ECS - Cater All Your Cloud Hosting Needs

1TB CDN—Get Free 1 TB Outbound Traffic Plan Now

Security—Under Attack? Get Free Security Support

Short Message Service - Free Testing is Available

Elastic Compute Service (ECS) Hot

CloudBox

Compute Nest

Dedicated Host Hot

ECS Bare Metal Instance

Elastic GPU Service Featured

Simple Application Server (SAS) Hot

Auto Scaling

Cloud Phone Beta

Elastic Desktop Service (EDS) Featured

Batch Compute

Elastic High Performance Computing (E-HPC)

Super Computing Cluster (SCC)