- What's New
- Product Bulletin
- Service Overview
- Billing
- Getting Started
-
User Guide
- Application Service Mesh
- Buying a Service Mesh
- Mesh Management
- Service Management
- Gateway Management
- Grayscale Release
- Mesh Configuration
- Traffic Management
- Security
-
Best Practices
- Upgrading Data Plane Sidecars Without Service Interruption
- Service Governance for Dubbo-based Applications
- Reserving Source IP Address for Gateway Access
- Creating a Service Mesh with IPv4/IPv6 Dual Stack Enabled
- How Do I Query Application Metrics in AOM?
- Reducing the Agency Permissions of ASM Users
- Istio-ingressgateway HA Configuration
-
FAQs
- Service Mesh Cluster
-
Mesh Management
- Why Cannot I Create a Mesh for My Cluster?
- Why Are Exclusive Nodes Still Exist After Istio Is Uninstalled?
- How Do I Upgrade ICAgent?
- How Do I Enable Namespace Injection for a Cluster?
- How Do I Disable Sidecar Injection for Workloads?
- What Can I Do If A Pod Cannot Be Started Due to Unready Sidecar
- How Do I Handle a Canary Upgrade Failure?
-
Adding a Service
- What Do I Do If an Added Gateway Does Not Take Effect?
- Why Does It Take a Long Time to Start the Demo Application in Experiencing Service Mesh in One Click?
- Why Cannot I Access the page of the Demo Application After It Is Successfully Deployed?
- Why Cannot I Select the Corresponding Service When Adding a Route?
- How Do I Inject a Sidecar for the Pod Created Using a Job or CronJob?
- Performing Grayscale Release
-
Managing Traffic
- Why Are the Created Clusters, Namespaces, and Applications Not Displayed on the Traffic Management Page?
- How Do I Change the Resource Requests of the istio-proxy Container?
- Does ASM Support HTTP/1.0?
- How Can I Block Access from Some IP Address Ranges or Ports for a Service Mesh?
- How Do I Configure max_concurrent_streams for a Gateway?
- How Do I Fix Compatibility Issues Between Istio CNI and Init Containers?
-
Monitoring Traffic
- Why Cannot I View Traffic Monitoring Data Immediately After a Pod Is Started?
- Why Are the Latency Statistics on the Dashboard Page Inaccurate?
- Why Is the Traffic Ratio Inconsistent with That in the Traffic Monitoring Chart?
- Why Can't I Find Certain Error Requests in Tracing?
- Why Cannot I Find My Service in the Traffic Monitoring Topology?
- How Do I Connect a Service Mesh to Jaeger or Zipkin for Viewing Traces?
- Videos
-
More Documents
-
User Guide (ME-Abu Dhabi Region)
- Service Overview
- Getting Started
- User Guide
-
FAQs
- Service Mesh Cluster
- Mesh Management
-
Adding a Service
- What Do I Do If an Added Gateway Does Not Take Effect?
- Why Does It Take a Long Time to Start the Demo Application in Experiencing Service Mesh in One Click?
- Why Cannot I Access the page of the Demo Application After It Is Successfully Deployed?
- Why Cannot I Select the Corresponding Service When Adding a Route?
- Performing Grayscale Release
-
User Guide (ME-Abu Dhabi Region)
- General Reference
Copied.
Configuring Istio Resources Using YAML
You can modify all Istio resources (such as VirtualService and DestinationRule) of a service in YAML or JSON format on the Istio Resource Management page. You can also create new Istio resources.
Istio resource configurations created or modified using YAML may conflict with those you directly add on the console. As a result, console functions will be unavailable. If you want to configure Istio resources only using YAML, edit or create Istio resources by referring to this section. Otherwise, skip this section.
Modifying an Existing Istio Resource
- Log in to the ASM console and click the name of the target service mesh to go to its details page.
- In the navigation pane, choose Mesh Configuration. Then click the Istio Resource Management tab.
- In the drop-down list, select the Istio resource type (for example, Istio Resources: virtualservices) and the namespace to which the resource belongs.
- Click Edit in the Operation column. In the right pane, modify related configurations and click OK. By default, the message displayed at the bottom is selected, indicating that related console functions are no longer available.
NOTE:
Console functions vary depending on the Istio resource type. For details about unavailable console functions, see Handling Policy of Resource Configuration Using YAML.
The configuration file can be displayed in YAML or JSON format and can be downloaded to the local PC.
Creating an Istio Resource
- Log in to the ASM console and click the name of the target service mesh to go to its details page.
- In the navigation pane, choose Mesh Configuration. Then click the Istio Resource Management tab.
- Click Create in the upper left corner of the list.
- Edit the file in the right pane, or click Import File to upload the edited YAML or JSON file.
- Confirm the file content and click OK. By default, the message displayed at the bottom is selected, indicating that related console functions are no longer available.
NOTE:
Console functions vary depending on the Istio resource type. For details about unavailable console functions, see Handling Policy of Resource Configuration Using YAML.
Istio Resource Description
Resource Type |
Description |
---|---|
AuthorizationPolicy |
Configures authorization policies. |
DestinationRule |
Defines the target service and traffic policy of a route. VirtualService and DestinationRule are the two most important resources for traffic control. DestinationRule defines the policies and rules for a Service in a mesh to provide external services, including the load balancing policy, exception monitoring, outlier detection control, and connection pool access. |
EnvoyFilter |
Provides more powerful extension capabilities for the service mesh control plane so that the Filter Chain in Envoy can be customized. |
Gateway |
Defines the unified ingress and egress for all HTTP/TCP traffic and describes a group of public ports, protocols, load balancing, and SNI configurations. |
PeerAuthentication |
Configures the mTLS mode for service communication. It is an Istio authentication policy. |
RequestAuthentication |
Configures the request authentication method of a service. It is an Istio authentication policy. |
ServiceEntry |
Adds external services to a mesh and manages their traffic. |
Sidecar |
Sets the sidecar proxies as a whole. |
VirtualService |
Set routes in a mesh. VirtualService and DestinationRule are the two most important resources for traffic control. VirtualService defines a group of routing rules. When traffic enters the mesh, the traffic is matched with the rules one by one. Once matched, the traffic is forwarded to the specified routing address. |
WorkloadEntry |
Abstracts VMs or bare metals so that they can be managed by a mesh. They are as important as pods in Kubernetes and provide traffic management, security management, and visualization. |
Feedback
Was this page helpful?
Provide feedbackThank you very much for your feedback. We will continue working to improve the documentation.See the reply and handling status in My Cloud VOC.
For any further questions, feel free to contact us through the chatbot.
Chatbot