ALIYUN::ASM::ServiceMesh类型用于创建服务网格实例。
语法
{
"Type": "ALIYUN::ASM::ServiceMesh",
"Properties": {
"EnableAudit": Boolean,
"OPA": Map,
"IstioVersion": String,
"ApiServerPublicEip": Boolean,
"LocalityLoadBalancing": Boolean,
"Telemetry": Boolean,
"OutboundTrafficPolicy": String,
"AuditProject": String,
"TraceSampling": Number,
"Name": String,
"Proxy": Map,
"VpcId": String,
"PilotPublicEip": Boolean,
"IncludeIPRanges": String,
"VSwitches": List,
"Tracing": Boolean,
"CustomizedZipkin": Boolean
}
}属性
| 属性名称 | 类型 | 必须 | 允许更新 | 描述 | 约束 |
|---|---|---|---|---|---|
| EnableAudit | Boolean | 否 | 是 | 是否启用网格审计 。 | 取值:
说明 您需要开通阿里云日志服务。
|
| OPA | Map | 否 | 是 | 开放策略代理。 | 更多信息,请参见OPA属性。 |
| IstioVersion | String | 否 | 否 | Istio版本号。 | 无 |
| ApiServerPublicEip | Boolean | 否 | 否 | 是否使用公网地址暴露API Server。 | 取值:
|
| LocalityLoadBalancing | Boolean | 否 | 是 | 是否启用服务就近访问。 | 取值:
|
| Telemetry | Boolean | 否 | 是 | 开启采集Prometheus监控指标。 | 建议您使用阿里云Prometheus监控。 |
| OutboundTrafficPolicy | String | 否 | 是 | 对外部服务的访问策略。 | 取值:
|
| AuditProject | String | 否 | 是 | 网格审计对应的日志项目名称。 | 默认值:mesh-log-{meshId}。 |
| TraceSampling | Number | 否 | 是 | 链路追踪采样百分比。 | 无 |
| Name | String | 否 | 否 | 服务网格名称。 | 无 |
| Proxy | Map | 否 | 是 | 代理。 | 更多信息,请参见Proxy属性。 |
| VpcId | String | 是 | 否 | 专有网络ID。 | 无 |
| PilotPublicEip | Boolean | 否 | 否 | 是否使用公网地址暴露Istio Pilot。 | 取值:
|
| IncludeIPRanges | String | 否 | 是 | 拦截对外访问的地址范围。 | 无 |
| VSwitches | List | 是 | 否 | 交换机ID。 | 无 |
| Tracing | Boolean | 否 | 是 | 是否启用链路追踪。 | 取值:
说明 您需要开通阿里云链路追踪服务。
|
| CustomizedZipkin | Boolean | 否 | 是 | 是否启用自建Zipkin。 | 取值:
|
OPA语法
"OPA": {
"OPARequestCPU": String,
"OpenAgentPolicy": Boolean,
"OPALogLevel": String,
"OPALimitCPU": String,
"OPALimitMemory": String,
"OPARequestMemory": String
}OPA属性
| 属性名称 | 类型 | 必须 | 允许更新 | 描述 | 约束 |
|---|---|---|---|---|---|
| OPARequestCPU | String | 否 | 是 | OPA代理容器的CPU资源请求。 | 无 |
| OpenAgentPolicy | Boolean | 否 | 是 | 是否集成开放策略代理(OPA)插件。 | 取值:
|
| OPALogLevel | String | 否 | 是 | OPA代理容器日志级别。 | 无 |
| OPALimitCPU | String | 否 | 是 | OPA代理容器的CPU资源限制。 | 无 |
| OPALimitMemory | String | 否 | 是 | OPA代理容器的内存资源限制。 | 无 |
| OPARequestMemory | String | 否 | 是 | OPA代理容器的内存资源请求。 | 无 |
Proxy语法
"Proxy": {
"ClusterDomain": String,
"ProxyLimitCPU": String,
"ProxyLimitMemory": String,
"ProxyRequestCPU": String,
"ProxyRequestMemory": String
}Proxy属性
| 属性名称 | 类型 | 必须 | 允许更新 | 描述 | 约束 |
|---|---|---|---|---|---|
| ClusterDomain | String | 否 | 是 | 集群域名。 | 无 |
| ProxyLimitCPU | String | 否 | 是 | CPU资源限制。 | 无 |
| ProxyLimitMemory | String | 否 | 是 | 内存资源限制。 | 无 |
| ProxyRequestCPU | String | 否 | 是 | CPU所需资源。 | 无 |
| ProxyRequestMemory | String | 否 | 是 | 内存所需资源。 | 无 |
返回值
Fn::GetAtt
ServiceMeshId:服务网格ID。
示例
JSON格式
{
"ROSTemplateFormatVersion": "2015-09-01",
"Parameters": {
"OPA": {
"Type": "Json",
"Description": "OPA settings."
},
"EnableAudit": {
"Type": "Boolean",
"Description": "Specifies whether to enable the mesh audit feature. To enable this feature, make sure\nthat you have activated Alibaba Cloud Log Service.\nValid values: true and false. Default value: false.",
"AllowedValues": [
"True",
"true",
"False",
"false"
]
},
"IstioVersion": {
"Type": "String",
"Description": "The Istio version of the ASM instance."
},
"ApiServerPublicEip": {
"Type": "Boolean",
"Description": "Specifies whether to expose the API server to the Internet.\nValid values: true and false. Default value: false.\nIf you do not set this parameter, the API server of clusters added to the ASM instance\ncannot be accessed from the Internet.",
"AllowedValues": [
"True",
"true",
"False",
"false"
]
},
"LocalityLoadBalancing": {
"Type": "Boolean",
"Description": "Specifies whether to route traffic to the nearest instance.\nValid values: true and false. Default value: false.",
"AllowedValues": [
"True",
"true",
"False",
"false"
]
},
"Telemetry": {
"Type": "Boolean",
"Description": "Specifies whether to enable Prometheus monitoring. We recommend that you use Application Real-Time Monitoring Service (ARMS).",
"AllowedValues": [
"True",
"true",
"False",
"false"
]
},
"OutboundTrafficPolicy": {
"Type": "String",
"Description": "The outbound traffic policy of the ASM instance."
},
"AuditProject": {
"Type": "String",
"Description": "The name of the Log Service project that is used for mesh audit.\nDefault value: mesh-log-{meshId}."
},
"TraceSampling": {
"Type": "Number",
"Description": "The sampling percentage of tracing."
},
"Name": {
"Type": "String",
"Description": "The name of the ASM instance."
},
"Proxy": {
"Type": "Json",
"Description": "Proxy settings. "
},
"VpcId": {
"Type": "String",
"Description": "The ID of the virtual private cloud (VPC)."
},
"PilotPublicEip": {
"Type": "Boolean",
"Description": "Specifies whether to expose Istio Pilot to the Internet.\nValid values: true and false. Default value: false.\nIf you do not set this parameter, only clusters in the same VPC as the ASM instance\ncan access Istio Pilot of the instance.",
"AllowedValues": [
"True",
"true",
"False",
"false"
]
},
"IncludeIPRanges": {
"Type": "String",
"Description": "The Classless Inter-Domain Routing (CIDR) block in the ASM instance that are denied\nto access external services."
},
"VSwitches": {
"Type": "CommaDelimitedList",
"Description": "The ID of the vSwitch, eg: [\"vsw-xzegf5dndkbf4m6eg****\"]"
},
"Tracing": {
"Type": "Boolean",
"Description": "Specifies whether to enable the tracing feature. To enable this feature, make sure\nthat you have activated Alibaba Cloud Tracing Analysis.\nValid values: true and false. Default value: false.",
"AllowedValues": [
"True",
"true",
"False",
"false"
]
},
"CustomizedZipkin": {
"Type": "Boolean",
"Description": "Specifies whether to use a user-created Zipkin system.",
"AllowedValues": [
"True",
"true",
"False",
"false"
]
}
},
"Resources": {
"ServiceMesh": {
"Type": "ALIYUN::ASM::ServiceMesh",
"Properties": {
"OPA": {
"Ref": "OPA"
},
"EnableAudit": {
"Ref": "EnableAudit"
},
"IstioVersion": {
"Ref": "IstioVersion"
},
"ApiServerPublicEip": {
"Ref": "ApiServerPublicEip"
},
"LocalityLoadBalancing": {
"Ref": "LocalityLoadBalancing"
},
"Telemetry": {
"Ref": "Telemetry"
},
"OutboundTrafficPolicy": {
"Ref": "OutboundTrafficPolicy"
},
"AuditProject": {
"Ref": "AuditProject"
},
"TraceSampling": {
"Ref": "TraceSampling"
},
"Name": {
"Ref": "Name"
},
"Proxy": {
"Ref": "Proxy"
},
"VpcId": {
"Ref": "VpcId"
},
"PilotPublicEip": {
"Ref": "PilotPublicEip"
},
"IncludeIPRanges": {
"Ref": "IncludeIPRanges"
},
"VSwitches": {
"Ref": "VSwitches"
},
"Tracing": {
"Ref": "Tracing"
},
"CustomizedZipkin": {
"Ref": "CustomizedZipkin"
}
}
}
},
"Outputs": {
"ServiceMeshId": {
"Description": "The ID of the ASM instance.",
"Value": {
"Fn::GetAtt": [
"ServiceMesh",
"ServiceMeshId"
]
}
}
}
}YAML格式
ROSTemplateFormatVersion: '2015-09-01'
Parameters:
OPA:
Type: Json
Description: OPA settings.
EnableAudit:
Type: Boolean
Description: >-
Specifies whether to enable the mesh audit feature. To enable this
feature, make sure
that you have activated Alibaba Cloud Log Service.
Valid values: true and false. Default value: false.
AllowedValues:
- 'True'
- 'true'
- 'False'
- 'false'
IstioVersion:
Type: String
Description: The Istio version of the ASM instance.
ApiServerPublicEip:
Type: Boolean
Description: >-
Specifies whether to expose the API server to the Internet.
Valid values: true and false. Default value: false.
If you do not set this parameter, the API server of clusters added to the
ASM instance
cannot be accessed from the Internet.
AllowedValues:
- 'True'
- 'true'
- 'False'
- 'false'
LocalityLoadBalancing:
Type: Boolean
Description: |-
Specifies whether to route traffic to the nearest instance.
Valid values: true and false. Default value: false.
AllowedValues:
- 'True'
- 'true'
- 'False'
- 'false'
Telemetry:
Type: Boolean
Description: >-
Specifies whether to enable Prometheus monitoring. We recommend that you
use Application Real-Time Monitoring Service (ARMS).
AllowedValues:
- 'True'
- 'true'
- 'False'
- 'false'
OutboundTrafficPolicy:
Type: String
Description: The outbound traffic policy of the ASM instance.
AuditProject:
Type: String
Description: |-
The name of the Log Service project that is used for mesh audit.
Default value: mesh-log-{meshId}.
TraceSampling:
Type: Number
Description: The sampling percentage of tracing.
Name:
Type: String
Description: The name of the ASM instance.
Proxy:
Type: Json
Description: 'Proxy settings. '
VpcId:
Type: String
Description: The ID of the virtual private cloud (VPC).
PilotPublicEip:
Type: Boolean
Description: >-
Specifies whether to expose Istio Pilot to the Internet.
Valid values: true and false. Default value: false.
If you do not set this parameter, only clusters in the same VPC as the ASM
instance
can access Istio Pilot of the instance.
AllowedValues:
- 'True'
- 'true'
- 'False'
- 'false'
IncludeIPRanges:
Type: String
Description: >-
The Classless Inter-Domain Routing (CIDR) block in the ASM instance that
are denied
to access external services.
VSwitches:
Type: CommaDelimitedList
Description: 'The ID of the vSwitch, eg: ["vsw-xzegf5dndkbf4m6eg****"]'
Tracing:
Type: Boolean
Description: >-
Specifies whether to enable the tracing feature. To enable this feature,
make sure
that you have activated Alibaba Cloud Tracing Analysis.
Valid values: true and false. Default value: false.
AllowedValues:
- 'True'
- 'true'
- 'False'
- 'false'
CustomizedZipkin:
Type: Boolean
Description: Specifies whether to use a user-created Zipkin system.
AllowedValues:
- 'True'
- 'true'
- 'False'
- 'false'
Resources:
ServiceMesh:
Type: 'ALIYUN::ASM::ServiceMesh'
Properties:
OPA:
Ref: OPA
EnableAudit:
Ref: EnableAudit
IstioVersion:
Ref: IstioVersion
ApiServerPublicEip:
Ref: ApiServerPublicEip
LocalityLoadBalancing:
Ref: LocalityLoadBalancing
Telemetry:
Ref: Telemetry
OutboundTrafficPolicy:
Ref: OutboundTrafficPolicy
AuditProject:
Ref: AuditProject
TraceSampling:
Ref: TraceSampling
Name:
Ref: Name
Proxy:
Ref: Proxy
VpcId:
Ref: VpcId
PilotPublicEip:
Ref: PilotPublicEip
IncludeIPRanges:
Ref: IncludeIPRanges
VSwitches:
Ref: VSwitches
Tracing:
Ref: Tracing
CustomizedZipkin:
Ref: CustomizedZipkin
Outputs:
ServiceMeshId:
Description: The ID of the ASM instance.
Value:
'Fn::GetAtt':
- ServiceMesh
- ServiceMeshId
