Alauda Service Mesh

asm.alauda.io group

ServiceMeshGroup is the Schema for the servicemeshgroups API

v1alpha1 version

spec object

ServiceMeshGroupSpec defines the desired state of ServiceMeshGroup

caConfig object

certmanager object

Certmanager is generated CA for Istio

insecure object

Deprecated: Insecure, use Certmanager instead For compatibility reasons, insecure CA is used by default

clusters []string

groupID string

istioConfig object

localityLbSetting object

Locality-weighted load balancing allows administrators to control the distribution of traffic to endpoints based on the localities of where the traffic originates and where it will terminate. These localities are specified using arbitrary labels that designate a hierarchy of localities in {region}/{zone}/{sub-zone} form. For additional detail refer to Locality Weight The following example shows how to setup locality weights mesh-wide. Given a mesh with workloads and their service deployed to "us-west/zone1/" and "us-west/zone2/". This example specifies that when traffic accessing a service originates from workloads in "us-west/zone1/", 80% of the traffic will be sent to endpoints in "us-west/zone1/", i.e the same zone, and the remaining 20% will go to endpoints in "us-west/zone2/". This setup is intended to favor routing traffic to endpoints in the same locality. A similar setting is specified for traffic originating in "us-west/zone2/".

distribute: - from: us-west/zone1/* to: "us-west/zone1/*": 80 "us-west/zone2/*": 20 - from: us-west/zone2/* to: "us-west/zone1/*": 20 "us-west/zone2/*": 80

If the goal of the operator is not to distribute load across zones and regions but rather to restrict the regionality of failover to meet other operational requirements an operator can set a 'failover' policy instead of a 'distribute' policy. The following example sets up a locality failover policy for regions. Assume a service resides in zones within us-east, us-west & eu-west this example specifies that when endpoints within us-east become unhealthy traffic should failover to endpoints in any zone or sub-zone within eu-west and similarly us-west should failover to us-east.

failover: - from: us-east to: eu-west - from: us-west to: us-east

distribute []object

Describes how traffic originating in the 'from' zone or sub-zone is distributed over a set of 'to' zones. Syntax for specifying a zone is {region}/{zone}/{sub-zone} and terminal wildcards are allowed on any segment of the specification. Examples: * - matches all localities us-west/* - all zones and sub-zones within the us-west region us-west/zone-1/* - all sub-zones within us-west/zone-1

from string

Originating locality, '/' separated, e.g. 'region/zone/sub_zone'.

to object

Map of upstream localities to traffic distribution weights. The sum of all weights should be 100. Any locality not present will receive no traffic.

enabled boolean

e.g. true means that turn on locality load balancing for this DestinationRule no matter what mesh wide settings is.

failover []object

Specify the traffic failover policy across regions. Since zone and sub-zone failover is supported by default this only needs to be specified for regions when the operator needs to constrain traffic failover so that the default behavior of failing over to any endpoint globally does not apply. This is useful when failing over traffic across regions would not improve service health or may need to be restricted for other reasons like regulatory controls.

from string

Originating region.

to string

Destination region the traffic will fail over to when endpoints in the 'from' region becomes unhealthy.

failoverPriority []string

failoverPriority is an ordered list of labels used to sort endpoints to do priority based load balancing. This is to support traffic failover across different groups of endpoints. Suppose there are total N labels specified:

Endpoints matching all N labels with the client proxy have priority P(0) i.e. the highest priority. 2. Endpoints matching the first N-1 labels with the client proxy have priority P(1) i.e. second highest priority. 3. By extension of this logic, endpoints matching only the first label with the client proxy has priority P(N-1) i.e. second lowest priority. 4. All the other endpoints have priority P(N) i.e. lowest priority. Note: For a label to be considered for match, the previous labels must match, i.e. nth label would be considered matched only if first n-1 labels match. It can be any label specified on both client and server workloads. The following labels which have special semantic meaning are also supported:

topology.istio.io/network is used to match the network metadata of an endpoint, which can be specified by pod/namespace label topology.istio.io/network, sidecar env ISTIO_META_NETWORK or MeshNetworks. - topology.istio.io/cluster is used to match the clusterID of an endpoint, which can be specified by pod label topology.istio.io/cluster or pod env ISTIO_META_CLUSTER_ID. - topology.kubernetes.io/region is used to match the region metadata of an endpoint, which maps to Kubernetes node label topology.kubernetes.io/region or the deprecated label failure-domain.beta.kubernetes.io/region. - topology.kubernetes.io/zone is used to match the zone metadata of an endpoint, which maps to Kubernetes node label topology.kubernetes.io/zone or the deprecated label failure-domain.beta.kubernetes.io/zone. - topology.istio.io/subzone is used to match the subzone metadata of an endpoint, which maps to Istio node label topology.istio.io/subzone. The below topology config indicates the following priority levels: yaml failoverPriority: - "topology.istio.io/network" - "topology.kubernetes.io/region" - "topology.kubernetes.io/zone" - "topology.istio.io/subzone"

endpoints match same [network, region, zone, subzone] label with the client proxy have the highest priority. 2. endpoints have same [network, region, zone] label but different [subzone] label with the client proxy have the second highest priority. 3. endpoints have same [network, region] label but different [zone] label with the client proxy have the third highest priority. 4. endpoints have same [network] but different [region] labels with the client proxy have the fourth highest priority. 5. all the other endpoints have the same lowest priority. Optional: only one of distribute, failover or failoverPriority can be set. And it should be used together with OutlierDetection to detect unhealthy endpoints, otherwise has no effect.

istioVersion string

k8sVersion string

meshCommonConfig object

elasticsearch object

enabled boolean

isDefault boolean

password string

secretName string

secretNamespace string

url string

username string

isDefaultMonitor boolean

istioSidecar object

Deprecated: IstioSidecar

cpuValue string

memoryValue string

jaeger object

indexPrefix string

strategy string

kafka object

authentication string

enabled boolean

password string

secretName string

secretNamespace string

tls object

enabled boolean

secretName string

secretNamespace string

url string

username string

monitorType string

prometheusBasicAuth object

enabled boolean

password string

secretName string

secretNamespace string

username string

prometheusURL string

traceSampling number

Deprecated: TraceSampling

meshConfig object

multiCluster object

enabled boolean

Indicates that whether the multi-cluster feature is enabled.

isMultiNetwork boolean

Indicates whether the servicemeshgroup is targeting a multi-network environment.

network string

primary string required

Deprecated: PrimaryCluster 仅做为主从结构的兼容性保留，不再使用

selector object

A label selector is a label query over a set of resources. The result of matchLabels and matchExpressions are ANDed. An empty label selector matches all objects. A null label selector matches no objects.

matchExpressions []object

A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values.

key string required

key is the label key that the selector applies to.

operator string required

operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.

values []string

values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.

matchLabels object

matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed.

status object

ServiceMeshGroupStatus defines the observed state of ServiceMeshGroup

clusterCount integer

latestUpdateTime string

meshStatus object

Individual status of each component controlled by the operator. The map key is the name of the component.

message string

Optional message providing additional information about the existing overall status.

nonReadyClusterCount integer

nonReadyClusters []string

status string

Overall status of all clusters controlled by the operator.

If all clusters have status NONE, overall status is NONE. * If all clusters are HEALTHY, overall status is HEALTHY. * If one or more clusters are RECONCILING and others are HEALTHY, overall status is RECONCILING. * If one or more clusters are UPDATING and others are HEALTHY, overall status is UPDATING. * If clusters are a mix of RECONCILING, UPDATING and HEALTHY, overall status is UPDATING. * If any component is in ERROR state, overall status is ERROR. * If further action is needed for reconciliation to proceed, overall status is ACTION_REQUIRED.