ALIYUN::ASM::ServiceMesh is used to create a Service Mesh (ASM) instance.
Syntax
{
"Type": "ALIYUN::ASM::ServiceMesh",
"Properties": {
"EnableAudit": Boolean,
"OPA": Map,
"IstioVersion": String,
"ApiServerPublicEip": Boolean,
"LocalityLoadBalancing": Boolean,
"Telemetry": Boolean,
"OutboundTrafficPolicy": String,
"AuditProject": String,
"TraceSampling": Number,
"Name": String,
"Proxy": Map,
"VpcId": String,
"PilotPublicEip": Boolean,
"IncludeIPRanges": String,
"VSwitches": List,
"Tracing": Boolean,
"CustomizedZipkin": Boolean
}
}Properties
Property | Type | Required | Editable | Description | Constraint |
VpcId | String | Yes | No | The ID of the virtual private cloud (VPC). | None. |
VSwitches | List | Yes | No | The IDs of the vSwitches. | None. |
ApiServerPublicEip | Boolean | No | No | Specifies whether to expose the API server to the Internet. | Valid values:
|
AuditProject | String | No | Yes | The name of the log project that is used for mesh audits. | Default value: mesh-log-{meshId}. |
CustomizedZipkin | Boolean | No | Yes | Specifies whether to enable self-managed Zipkin. | Valid values:
|
EnableAudit | Boolean | No | Yes | Specifies whether to enable the mesh audit feature. | Valid values:
Note To enable this feature, you must activate Simple Log Service (SLS). |
IncludeIPRanges | String | No | Yes | The IP address ranges blocked for external access. | None. |
IstioVersion | String | No | No | The Istio version. | None. |
LocalityLoadBalancing | Boolean | No | Yes | Specifies whether to route traffic to the nearest instance. | Valid values:
|
Name | String | No | No | The instance name. | None. |
OPA | Map | No | Yes | The configurations of the Open Policy Agent (OPA) plug-in. | For more information, see OPA properties. |
OutboundTrafficPolicy | String | No | Yes | The outbound traffic policy. | Valid values:
|
PilotPublicEip | Boolean | No | No | Specifies whether to expose Istio Pilot to the Internet. | Valid values:
|
Proxy | Map | No | Yes | The proxy configurations. | For more information, see Proxy properties. |
Telemetry | Boolean | No | Yes | Specifies whether to enable the Prometheus monitoring feature. | We recommend that you use Managed Service for Prometheus (Prometheus). |
TraceSampling | Number | No | Yes | The sampling percentage of Managed Service for OpenTelemetry. | None. |
Tracing | Boolean | No | Yes | Specifies whether to enable the tracing analysis feature. | Valid values:
Note To enable this feature, you must activate Managed Service for OpenTelemetry. |
OPA syntax
"OPA": {
"OPARequestCPU": String,
"OpenAgentPolicy": Boolean,
"OPALogLevel": String,
"OPALimitCPU": String,
"OPALimitMemory": String,
"OPARequestMemory": String
}OPA properties
Property | Type | Required | Editable | Description | Constraint |
OPALimitCPU | String | No | Yes | The CPU limit of the OPA container. | None. |
OPALimitMemory | String | No | Yes | The memory limit the OPA container. | None. |
OPALogLevel | String | No | Yes | The log level of the OPA container. | None. |
OPARequestCPU | String | No | Yes | The CPU request of the OPA container. | None. |
OPARequestMemory | String | No | Yes | The memory request of the OPA container. | None. |
OpenAgentPolicy | Boolean | No | Yes | Specifies whether to install the OPA plug-in. | Valid values:
|
Proxy syntax
"Proxy": {
"ClusterDomain": String,
"ProxyLimitCPU": String,
"ProxyLimitMemory": String,
"ProxyRequestCPU": String,
"ProxyRequestMemory": String
}Proxy properties
Property | Type | Required | Editable | Description | Constraint |
ClusterDomain | String | No | Yes | The domain name of the cluster. | None. |
ProxyLimitCPU | String | No | Yes | The CPU limit of the proxy. | None. |
ProxyLimitMemory | String | No | Yes | The memory limit of the proxy. | None. |
ProxyRequestCPU | String | No | Yes | The CPU request of the proxy. | None. |
ProxyRequestMemory | String | No | Yes | The memory request of the proxy. | None. |
Return values
Fn::GetAtt
ServiceMeshId: the instance ID.
Examples
YAML format
ROSTemplateFormatVersion: '2015-09-01'
Parameters:
ZoneId:
Type: String
Description: Create an Availability Zone for an instance to ensure that the Availability Zone supports the creation of Memcache resource specifications.
AssociationProperty: ALIYUN::ECS::Instance::ZoneId
Label: Zone ID
VPC:
AssociationProperty: ALIYUN::ECS::VPC::VPCId
Type: String
Description: Please search the ID starts with (vpc-xxx)from console-Virtual Private Cloud
Label: Existing VPC Instance ID
VSwitch:
AssociationProperty: ALIYUN::ECS::VSwitch::VSwitchId
Type: String
Description: Please search the business VSwitch ID starts with(vsw-xxx)from console-Virtual Private Cloud-VSwitches
Label: Existing VSwitch ID
AssociationPropertyMetadata:
VpcId: VPC
ZoneId: ZoneId
Resources:
ServiceMesh:
Type: ALIYUN::ASM::ServiceMesh
Properties:
VpcId:
Ref: VPC
VSwitches:
- Ref: VSwitch
Outputs:
ServiceMeshId:
Description: The ID of the ASM instance.
Value:
Fn::GetAtt:
- ServiceMesh
- ServiceMeshId
JSON format
{
"ROSTemplateFormatVersion": "2015-09-01",
"Parameters": {
"ZoneId": {
"Type": "String",
"Description": "Create an Availability Zone for an instance to ensure that the Availability Zone supports the creation of Memcache resource specifications.",
"AssociationProperty": "ALIYUN::ECS::Instance::ZoneId",
"Label": "Zone ID"
},
"VPC": {
"AssociationProperty": "ALIYUN::ECS::VPC::VPCId",
"Type": "String",
"Description": "Please search the ID starts with (vpc-xxx)from console-Virtual Private Cloud",
"Label": "Existing VPC Instance ID"
},
"VSwitch": {
"AssociationProperty": "ALIYUN::ECS::VSwitch::VSwitchId",
"Type": "String",
"Description": "Please search the business VSwitch ID starts with(vsw-xxx)from console-Virtual Private Cloud-VSwitches",
"Label": "Existing VSwitch ID",
"AssociationPropertyMetadata": {
"VpcId": "VPC",
"ZoneId": "ZoneId"
}
}
},
"Resources": {
"ServiceMesh": {
"Type": "ALIYUN::ASM::ServiceMesh",
"Properties": {
"VpcId": {
"Ref": "VPC"
},
"VSwitches": [
{
"Ref": "VSwitch"
}
]
}
}
},
"Outputs": {
"ServiceMeshId": {
"Description": "The ID of the ASM instance.",
"Value": {
"Fn::GetAtt": [
"ServiceMesh",
"ServiceMeshId"
]
}
}
}
}