调用UpdateMeshFeature接口更新服务网格的功能配置。

调试

您可以在OpenAPI Explorer中直接运行该接口,免去您计算签名的困扰。运行成功后,OpenAPI Explorer可以自动生成SDK代码示例。

请求参数

名称 类型 是否必选 示例值 描述
Action String UpdateMeshFeature

系统规定参数。取值:UpdateMeshFeature

ServiceMeshId String cb8963379255149cb98c8686f274x****

服务网格ID

Tracing Boolean false

启用链路追踪(需要开通阿里云链路追踪服务),取值:

  • true:启用链路追踪
  • false:不启用链路追踪

默认值:false

TraceSampling Float 100

链路追踪采样百分比

LocalityLoadBalancing Boolean true

是否启用跨地域负载均衡,取值:

  • true:启用跨地域负载均衡
  • false:不启用跨地域负载均衡

默认值:false

LocalityLBConf String {"failover":[{"from":"cn-hangzhou","to":"cn-shanghai"}]}

跨地域负载均衡配置,取值:

  • failover:跨地域故障转移配置,例如:
    
        failover: [//  struct,跨地域故障转移配置
            {
                // 当北京地域服务故障时,流量转移到杭州同服务
                from: "cn-beijing", 
                to: "cn-hangzhou",
            }
        ]
    
  • distribute:跨地域流量分布配置,例如:

distribute: [ // struct, 跨地域流量分布配置 
        {
            // 路由到北京地域的流量70%分配到北京,30%分配到杭州
            "from": "cn-beijing",
            "to": {
                "cn-beijing": 70,
                "cn-hangzhou": 30,
            }
        }
    ]
Telemetry Boolean false

是否开启采集Prometheus监控指标(建议使用阿里云Prometheus监控),取值:

  • true:开启采集Prometheus监控指标
  • false:不开启采集Prometheus监控指标

默认值:false

OpenAgentPolicy Boolean false

是否集成开放策略代理(OPA)插件,取值:

  • true:集成开放策略代理(OPA)插件
  • false:不集成开放策略代理(OPA)插件

默认值:false

OPALogLevel String info

OPA代理容器日志级别,取值:

  • info:输出所有信息
  • debug:输出调试信息和错误信息
  • error:仅输出错误信息
OPARequestCPU String 1

OPA代理容器的CPU资源请求

OPARequestMemory String 512Mi

OPA代理容器的内存资源请求

OPALimitCPU String 2

OPA代理容器的CPU资源限制

OPALimitMemory String 1024Mi

OPA代理容器的内存资源限制

EnableAudit Boolean false

是否启用网格审计(需要开通阿里云日志服务),取值:

  • true:启用网格审计
  • false:不启用网格审计

默认值:false

AuditProject String mesh-log-c08ba3fd1e64xxb0f8cc1ad8****

网格审计对应的日志项目名称

默认值:mesh-log-{meshId}

CustomizedZipkin Boolean false

是否启用自建Zipkin,取值:

  • true:启用自建Zipkin
  • false:不启用自建Zipkin

默认值:false

OutboundTrafficPolicy String ALLOW_ANY

对外部服务的访问策略,取值:

  • ALLOW_ANY:允许访问所有外部服务
  • REGISTRY_ONLY:只能访问注册到网格内的服务
ProxyRequestCPU String 100m

CPU所需资源

ProxyRequestMemory String 128Mi

内存所需资源

ProxyLimitCPU String 2000m

CPU资源限制

ProxyLimitMemory String 1024Mi

内存资源限制

IncludeIPRanges String *

拦截对外访问的地址范围

ExcludeIPRanges String 100.100.100.100

排除拦截对外访问的地址范围

ExcludeOutboundPorts String 80,81

以逗号分隔的出站端口列表

IncludeInboundPorts String 80,81

设置端口使inbound流量免于经过Sidecar

ExcludeInboundPorts String 80,81

以逗号分隔的入站端口列表

EnableNamespacesByDefault Boolean false

是否为所有命名空间开启自动注入功能,取值:

  • true:为所有命名空间开启自动注入功能
  • false:不为所有命名空间开启自动注入功能

默认值:false

AutoInjectionPolicyEnabled Boolean false

是否开启通过Pod Annotations实现自动注入Sidecar,取值:

  • true:开启通过Pod Annotations实现自动注入Sidecar
  • false:不开启通过Pod Annotations实现自动注入Sidecar

默认值:false

SidecarInjectorRequestCPU String 1000m

Sidecar注入器Pod的CPU请求资源

SidecarInjectorRequestMemory String 512Mi

Sidecar注入器Pod的内存请求资源

SidecarInjectorLimitCPU String 4000m

Sidecar注入器Pod的CPU限制资源

SidecarInjectorLimitMemory String 2048Mi

Sidecar注入器Pod的内存限制资源

SidecarInjectorWebhookAsYaml String {"injectedAnnotations":{"test/istio-init":"runtime/default2","test/istio-proxy":"runtime/default"},"replicaCount":2,"nodeSelector":{"beta.kubernetes.io/os":"linux"}}

其他自动注入Sidecar的配置(YAML格式)

CniEnabled Boolean false

是否启用CNI,取值:

  • true:启用CNI
  • false:不启用CNI

默认值:false

CniExcludeNamespaces String kube-system

CNI排除的命名空间

OpaEnabled Boolean false

是否启用OPA,取值:

  • true:启用OPA
  • false:不启用OPA

默认值:false

Http10Enabled Boolean false

是否支持HTTP1.0,取值:

  • true:支持HTTP1.0
  • false:不支持HTTP1.0

默认值:false

KialiEnabled Boolean false

是否启用Kiali(需先开启采集Prometheus监控指标,当该项更新为false时,本项强制为false),取值:

  • true:启用Kiali
  • false:不启用Kiali

默认值:false

CustomizedPrometheus Boolean false

是否自定义Prometheus,取值:

  • true:自定义Prometheus
  • false:不自定义Prometheus

默认值:false

PrometheusUrl String http://prometheus:9090

Prometheus服务地址(非自定义情况下,使用ARMS地址格式)

AccessLogEnabled Boolean false

是否启用访问日志采集,取值:

  • true:启用访问日志采集
  • false:不启用访问日志采集

默认值:false

MSEEnabled Boolean false

是否启用MSE微服务引擎,取值:

  • true:启用MSE微服务引擎
  • false:不启用MSE微服务引擎

默认值:false

RedisFilterEnabled Boolean false

是否启用RedisFilter,取值:

  • true:启用RedisFilter
  • false:不启用RedisFilter

默认值:false

MysqlFilterEnabled Boolean false

是否启用MysqlFilter,取值:

  • true:启用MysqlFilter
  • false:不启用MysqlFilter

默认值:false

ThriftFilterEnabled Boolean false

是否启用ThriftFilter,取值:

  • true:启用ThriftFilter
  • false:不启用ThriftFilter

默认值:false

WebAssemblyFilterEnabled Boolean false

是否启用WebAssemblyFilter,取值:

  • true:启用WebAssemblyFilter
  • false:不启用WebAssemblyFilter

默认值:false

DNSProxyingEnabled Boolean false

是否启用DNS Proxying,取值:

  • true:启用DNS Proxying
  • false:不启用DNS Proxying

默认值:false

DubboFilterEnabled Boolean false

是否启用DubboFilter,取值:

  • true:启用DubboFilter
  • false:不启用DubboFilter

默认值:false

FilterGatewayClusterConfig Boolean false

是否启用Gateway配置过滤,取值:

  • true:启用Gateway配置过滤
  • false:不启用Gateway配置过滤

默认值:false

EnableSDSServer Boolean false

是否启用SDS服务,取值:

  • true:启用SDS服务
  • false:不启用SDS服务

默认值:false

AccessLogServiceEnabled Boolean false

是否启用Envoy的gRPC日志服务(ALS),取值:

  • true:启用Envoy的gRPC日志服务(ALS)
  • false:不启用Envoy的gRPC日志服务(ALS)

默认值:false

AccessLogServiceHost String 0.0.0.0

启用Envoy的gRPC日志服务(ALS)的地址

AccessLogServicePort Integer 9999

启用Envoy的gRPC日志服务(ALS)的端口

GatewayAPIEnabled Boolean false

是否启用Gateway API,取值:

  • true:启用Gateway API
  • false:不启用Gateway API

默认值:false

ConfigSourceEnabled Boolean false

是否启用外部服务注册中心,取值:

  • true:启用外部服务注册中心
  • false:不启用外部服务注册中心

默认值:false

ConfigSourceNacosID String mse-cn-tl326******

Nacos注册中心实例ID

AccessLogFormat String {"authority_for":"%REQ(:AUTHORITY)%","bytes_received":"%BYTES_RECEIVED%","bytes_sent":"%BYTES_SENT%","downstream_local_address":"%DOWNSTREAM_LOCAL_ADDRESS%","downstream_remote_address":"%DOWNSTREAM_REMOTE_ADDRESS%","duration":"%DURATION%","istio_policy_status":"%DYNAMIC_METADATA(istio.mixer:status)%","method":"%REQ(:METHOD)%","path":"%REQ(X-ENVOY-ORIGINAL-PATH?:PATH)%","protocol":"%PROTOCOL%","request_id":"%REQ(X-REQUEST-ID)%","requested_server_name":"%REQUESTED_SERVER_NAME%","response_code":"%RESPONSE_CODE%","response_flags":"%RESPONSE_FLAGS%","route_name":"%ROUTE_NAME%","start_time":"%START_TIME%","trace_id":"%REQ(X-B3-TRACEID)%","upstream_cluster":"%UPSTREAM_CLUSTER%","upstream_host":"%UPSTREAM_HOST%","upstream_local_address":"%UPSTREAM_LOCAL_ADDRESS%","upstream_service_time":"%RESP(X-ENVOY-UPSTREAM-SERVICE-TIME)%","upstream_transport_failure_reason":"%UPSTREAM_TRANSPORT_FAILURE_REASON%","user_agent":"%REQ(USER-AGENT)%","x_forwarded_for":"%REQ(X-FORWARDED-FOR)%"}

自定义访问日志的格式(需先启用访问日志,否则自动忽略本项)。本项字符串为JSON格式,且JSON字符串中必须至少包含下述的键值:authority_for、bytes_received、bytes_sent、downstream_local_address、downstream_remote_address、duration、istio_policy_status、method、path、protocol、requested_server_name、response_code、response_flags、route_name、start_time、trace_id、upstream_cluster、upstream_host、upstream_local_address、upstream_service_time、upstream_transport_failure_reason、user_agent、x_forwarded_for

AccessLogFile String “”

开启和关闭访问日志,取值:

  • “”:关闭访问日志
  • /dev/stdout:开启访问日志
AccessLogProject String mesh-log-cf245a429b6ff4b6e97f20797758eefd4

自定义日志服务SLS采集的Project

EnableCRHistory Boolean false

设置是否启用ASM的Istio资源历史版本管理功能

CRAggregationEnabled Boolean false

设置是否启用数据面集群Kubernetes API访问Istio资源(需ASM实例v1.9.7.93版本以上)

TerminationDrainDuration String 5s

istio proxy终止等待时长,例如5秒钟,输入为5s。

ProxyInitCPUResourceLimit String 2000m

istio-init 初始化容器CPU资源限制

ProxyInitMemoryResourceLimit String 1024Mi

istio-init 初始化容器内存资源限制

ProxyInitCPUResourceRequest String 10m

istio-init 初始化容器CPU资源所需

ProxyInitMemoryResourceRequest String 10Mi

istio-init 初始化容器内存资源所需

Lifecycle String {"postStart":{"exec":{"command":["pilot-agent","wait"]}},"preStop":{"exec":{"command":["/bin/sh","-c","sleep 15"]}}}

istio proxy生命周期

MultiBufferEnabled Boolean false

开启MultiBuffer加速功能

MultiBufferPollDelay String 0.02s

MultiBuffer的策略拉取延迟,默认为空

DiscoverySelectors String [{"matchExpressions":[{"key":"asm-discovery","operator":"Exists"}]}]

用于选择性服务发现的数据平面命名空间标签选择器列表

GlobalRateLimitEnabled Boolean false

是否开启AHAS流控。取值:

  • true:开启。
  • false:关闭。

默认值:false

ClusterSpec String standard

服务网格实例规格,取值:

  • standard:标准版
  • enterprise:企业版
  • ultimate:旗舰版
OPAScopeInjected Boolean false

是否启用OPA注入范围控制能力,取值:

  • true:启用OPA注入范围控制能力。
  • false:不启用OPA注入范围控制能力。
OPAInjectorCPURequirement String 80m

负责注入OPA代理的Pod所申请的最少CPU核数。1000m表示1核CPU。

OPAInjectorMemoryRequirement String 50Mi

负责注入OPA代理的Pod所申请的最少内存。80Mi表示80MB。

OPAInjectorCPULimit String 1000m

负责注入OPA代理的Pod所限制的最大CPU核数。1000m表示1核CPU。

OPAInjectorMemoryLimit String 1024Mi

负责注入OPA代理的Pod所限制的最大内存。1024Mi表示1024MB。

返回数据

名称 类型 示例值 描述
RequestId String BD65C0AD-D3C6-48D3-8D93-38D2015C****

请求ID

示例

请求示例

http(s)://[Endpoint]/?Action=UpdateMeshFeature
&ServiceMeshId=cb8963379255149cb98c8686f274x****
&Tracing=false
&TraceSampling=100.0
&LocalityLoadBalancing=true
&LocalityLBConf={"failover":[{"from":"cn-hangzhou","to":"cn-shanghai"}]}
&Telemetry=false
&OpenAgentPolicy=false
&OPALogLevel=info
&OPARequestCPU=1
&OPARequestMemory=512Mi
&OPALimitCPU=2
&OPALimitMemory=1024Mi
&EnableAudit=false
&AuditProject=mesh-log-c08ba3fd1e64xxb0f8cc1ad8****
&CustomizedZipkin=false
&OutboundTrafficPolicy=ALLOW_ANY
&ProxyRequestCPU=100m
&ProxyRequestMemory=128Mi
&ProxyLimitCPU=2000m
&ProxyLimitMemory=1024Mi
&IncludeIPRanges=*
&ExcludeIPRanges=100.100.100.100
&ExcludeOutboundPorts=80,81
&IncludeInboundPorts=80,81
&ExcludeInboundPorts=80,81
&EnableNamespacesByDefault=false
&AutoInjectionPolicyEnabled=false
&SidecarInjectorRequestCPU=1000m
&SidecarInjectorRequestMemory=512Mi
&SidecarInjectorLimitCPU=4000m
&SidecarInjectorLimitMemory=2048Mi
&SidecarInjectorWebhookAsYaml={"injectedAnnotations":{"test/istio-init":"runtime/default2","test/istio-proxy":"runtime/default"},"replicaCount":2,"nodeSelector":{"beta.kubernetes.io/os":"linux"}}
&CniEnabled=false
&CniExcludeNamespaces=kube-system
&OpaEnabled=false
&Http10Enabled=false
&KialiEnabled=false
&CustomizedPrometheus=false
&PrometheusUrl=http://prometheus:9090
&AccessLogEnabled=false
&MSEEnabled=false
&RedisFilterEnabled=false
&MysqlFilterEnabled=false
&ThriftFilterEnabled=false
&WebAssemblyFilterEnabled=false
&DNSProxyingEnabled=false
&DubboFilterEnabled=false
&FilterGatewayClusterConfig=false
&EnableSDSServer=false
&AccessLogServiceEnabled=false
&AccessLogServiceHost=0.0.0.0
&AccessLogServicePort=9999
&GatewayAPIEnabled=false
&ConfigSourceEnabled=false
&ConfigSourceNacosID=mse-cn-tl326******
&AccessLogFormat={"authority_for":"%REQ(:AUTHORITY)%","bytes_received":"%BYTES_RECEIVED%","bytes_sent":"%BYTES_SENT%","downstream_local_address":"%DOWNSTREAM_LOCAL_ADDRESS%","downstream_remote_address":"%DOWNSTREAM_REMOTE_ADDRESS%","duration":"%DURATION%","istio_policy_status":"%DYNAMIC_METADATA(istio.mixer:status)%","method":"%REQ(:METHOD)%","path":"%REQ(X-ENVOY-ORIGINAL-PATH?:PATH)%","protocol":"%PROTOCOL%","request_id":"%REQ(X-REQUEST-ID)%","requested_server_name":"%REQUESTED_SERVER_NAME%","response_code":"%RESPONSE_CODE%","response_flags":"%RESPONSE_FLAGS%","route_name":"%ROUTE_NAME%","start_time":"%START_TIME%","trace_id":"%REQ(X-B3-TRACEID)%","upstream_cluster":"%UPSTREAM_CLUSTER%","upstream_host":"%UPSTREAM_HOST%","upstream_local_address":"%UPSTREAM_LOCAL_ADDRESS%","upstream_service_time":"%RESP(X-ENVOY-UPSTREAM-SERVICE-TIME)%","upstream_transport_failure_reason":"%UPSTREAM_TRANSPORT_FAILURE_REASON%","user_agent":"%REQ(USER-AGENT)%","x_forwarded_for":"%REQ(X-FORWARDED-FOR)%"}
&AccessLogFile=“”
&AccessLogProject=mesh-log-cf245a429b6ff4b6e97f20797758eefd4
&EnableCRHistory=false
&CRAggregationEnabled=false
&TerminationDrainDuration=5s
&ProxyInitCPUResourceLimit=2000m
&ProxyInitMemoryResourceLimit=1024Mi
&ProxyInitCPUResourceRequest=10m
&ProxyInitMemoryResourceRequest=10Mi
&Lifecycle={"postStart":{"exec":{"command":["pilot-agent","wait"]}},"preStop":{"exec":{"command":["/bin/sh","-c","sleep 15"]}}}
&MultiBufferEnabled=false
&MultiBufferPollDelay=0.02s
&DiscoverySelectors=[{"matchExpressions":[{"key":"asm-discovery","operator":"Exists"}]}]
&公共请求参数

正常返回示例

XML格式

HTTP/1.1 200 OK
Content-Type:application/xml

<UpdateMeshFeatureResponse>
    <RequestId>BD65C0AD-D3C6-48D3-8D93-38D2015C****</RequestId>
</UpdateMeshFeatureResponse>

JSON格式

HTTP/1.1 200 OK
Content-Type:application/json

{
  "RequestId" : "BD65C0AD-D3C6-48D3-8D93-38D2015C****"
}

错误码

访问错误中心查看更多错误码。