yexinru/doc-exports
1
0
Fork 0
forked from docs/doc-exports
Code Pull Requests Activity

Compare commits

base: yexinru:Precheck
Branches Tags
yexinru:main yexinru:yexinru_ucs_apiyaml yexinru:Precheck yexinru:UCS_openapi yexinru:revert-ucs_api_20250523 yexinru:add-openapi-check yexinru:obsutil-add yexinru:as_openapi yexinru:add-rabbitmq yexinru:illegal-chars-test yexinru:add-esw yexinru:update-metadata yexinru:hcdc9 yexinru:tischrei-patch-1 yexinru:hcdc8 yexinru:hcdc6 yexinru:hcdc5 yexinru:hcdc4 yexinru:hcdc3 yexinru:hcdc2 yexinru:hcdc yexinru:test-container-build yexinru:test-rfs-api yexinru:fix-rfs yexinru:test-rfs yexinru:delete-bd yexinru:ucns_koosearch_obs3rdparty_dms yexinru:revert-mrs_umn_202506181 yexinru:sgode-patch-2 yexinru:sgode-patch-1 yexinru:update-metadata-3rdparty3 yexinru:taurusdb yexinru:das-fix yexinru:cce_umn_20250311_reupload yexinru:fix_python yexinru:ccn-add yexinru:add_dbss_api_update_metadata yexinru:update-confpy-pdfs yexinru:mv_apm yexinru:re-apig_api_20240125 yexinru:revert-2fc8a34abd yexinru:remove_swiftapi yexinru:update-confpy-template2 yexinru:re-ecs_api_20240823 yexinru:update-confpy-template yexinru:re-ecs_umn_20240823 yexinru:rfs-add yexinru:other-update yexinru:other-add yexinru:test-cfw yexinru:new-services yexinru:add_geminidb yexinru:cfw_enable yexinru:add_aom_umn2 yexinru:add_aom2 yexinru:metadata-stuff yexinru:revert_613_ddm_umn yexinru:dli_dev_0104_version_revert yexinru:zuul-yaml-ocr yexinru:Update-metadata yexinru:apig_fix yexinru:drs-bp yexinru:ims_bp yexinru:bp-meta yexinru:add_apm_metadata yexinru:add_apm yexinru:hss_fix yexinru:hss_add_zuul yexinru:drs_umn_revert_fix yexinru:add_params yexinru:permissions_pr_fix yexinru:fg_iam_ecs yexinru:gaussdb_api_20221230-pr_recreate yexinru:change_propose_reference yexinru:split-convertor yexinru:public-images_on_public yexinru:wafd_revert_20230423 yexinru:swift_deprecated_nosql_api_addon yexinru:cbr_umn_revert_0426 yexinru:gtema-patch-2 yexinru:metadata_in_convert_jobs yexinru:fixing_sfs_name yexinru:cse_addon yexinru:obs_umn_0414_reupload yexinru:ims_api_0406_reupload yexinru:ims_umn_406_reupload yexinru:convertor_th_fix yexinru:apig_dataarts_fix yexinru:apig_dataarts yexinru:new_rds_conversion_fix yexinru:dbss_er_addon yexinru:colon_asterisk_fix yexinru:unit-tests yexinru:change_obs_pfs_perms yexinru:change_add_dli yexinru:pandoc_update yexinru:new_obs_doc yexinru:enabling_cci_metadata yexinru:empty_space_v2 yexinru:empty_space_fix yexinru:zuul_new_repos yexinru:adding_new_docs yexinru:dollar_char yexinru:convertor_fix yexinru:another_special_char yexinru:swift_addon yexinru:convert-fname yexinru:conversion_link_fixes yexinru:convert yexinru:cleanup yexinru:strong_fix yexinru:adding_mrs_comp_metadata yexinru:fix_links yexinru:waf_and_obs_fix yexinru:vpn_umn yexinru:vpn_api yexinru:gaussb_title_fix yexinru:lts_api yexinru:gtema-patch-1 yexinru:plas_umn yexinru:kms_api yexinru:ces_umn yexinru:ces_umn_recover yexinru:rts_api yexinru:lts_umn yexinru:aom_api yexinru:aom_umn
..
compare: yexinru:ucns_koosearch_obs3rdparty_dms
Branches Tags
yexinru:yexinru_ucs_apiyaml yexinru:main yexinru:Precheck yexinru:UCS_openapi yexinru:revert-ucs_api_20250523 yexinru:add-openapi-check yexinru:obsutil-add yexinru:as_openapi yexinru:add-rabbitmq yexinru:illegal-chars-test yexinru:add-esw yexinru:update-metadata yexinru:hcdc9 yexinru:tischrei-patch-1 yexinru:hcdc8 yexinru:hcdc6 yexinru:hcdc5 yexinru:hcdc4 yexinru:hcdc3 yexinru:hcdc2 yexinru:hcdc yexinru:test-container-build yexinru:test-rfs-api yexinru:fix-rfs yexinru:test-rfs yexinru:delete-bd yexinru:ucns_koosearch_obs3rdparty_dms yexinru:revert-mrs_umn_202506181 yexinru:sgode-patch-2 yexinru:sgode-patch-1 yexinru:update-metadata-3rdparty3 yexinru:taurusdb yexinru:das-fix yexinru:cce_umn_20250311_reupload yexinru:fix_python yexinru:ccn-add yexinru:add_dbss_api_update_metadata yexinru:update-confpy-pdfs yexinru:mv_apm yexinru:re-apig_api_20240125 yexinru:revert-2fc8a34abd yexinru:remove_swiftapi yexinru:update-confpy-template2 yexinru:re-ecs_api_20240823 yexinru:update-confpy-template yexinru:re-ecs_umn_20240823 yexinru:rfs-add yexinru:other-update yexinru:other-add yexinru:test-cfw yexinru:new-services yexinru:add_geminidb yexinru:cfw_enable yexinru:add_aom_umn2 yexinru:add_aom2 yexinru:metadata-stuff yexinru:revert_613_ddm_umn yexinru:dli_dev_0104_version_revert yexinru:zuul-yaml-ocr yexinru:Update-metadata yexinru:apig_fix yexinru:drs-bp yexinru:ims_bp yexinru:bp-meta yexinru:add_apm_metadata yexinru:add_apm yexinru:hss_fix yexinru:hss_add_zuul yexinru:drs_umn_revert_fix yexinru:add_params yexinru:permissions_pr_fix yexinru:fg_iam_ecs yexinru:gaussdb_api_20221230-pr_recreate yexinru:change_propose_reference yexinru:split-convertor yexinru:public-images_on_public yexinru:wafd_revert_20230423 yexinru:swift_deprecated_nosql_api_addon yexinru:cbr_umn_revert_0426 yexinru:gtema-patch-2 yexinru:metadata_in_convert_jobs yexinru:fixing_sfs_name yexinru:cse_addon yexinru:obs_umn_0414_reupload yexinru:ims_api_0406_reupload yexinru:ims_umn_406_reupload yexinru:convertor_th_fix yexinru:apig_dataarts_fix yexinru:apig_dataarts yexinru:new_rds_conversion_fix yexinru:dbss_er_addon yexinru:colon_asterisk_fix yexinru:unit-tests yexinru:change_obs_pfs_perms yexinru:change_add_dli yexinru:pandoc_update yexinru:new_obs_doc yexinru:enabling_cci_metadata yexinru:empty_space_v2 yexinru:empty_space_fix yexinru:zuul_new_repos yexinru:adding_new_docs yexinru:dollar_char yexinru:convertor_fix yexinru:another_special_char yexinru:swift_addon yexinru:convert-fname yexinru:conversion_link_fixes yexinru:convert yexinru:cleanup yexinru:strong_fix yexinru:adding_mrs_comp_metadata yexinru:fix_links yexinru:waf_and_obs_fix yexinru:vpn_umn yexinru:vpn_api yexinru:gaussb_title_fix yexinru:lts_api yexinru:gtema-patch-1 yexinru:plas_umn yexinru:kms_api yexinru:ces_umn yexinru:ces_umn_recover yexinru:rts_api yexinru:lts_umn yexinru:aom_api yexinru:aom_umn

2 Commits
Precheck ... ucns_koose

Author SHA1 Message Date
Hasko, Vladimir
77d2b862b2 removing dis from zuul.yaml 2025-07-16 08:20:17 +00:00
vladimirhasko
33fe0df887 adding metadata for rocketmq, ucs, koosearch, obs3rdparty 2025-07-14 12:11:40 +00:00
12095 changed files with 265662 additions and 892441 deletions
Expand all files Collapse all files

81
.gitea/workflows/class-txt-check.yml
View File

@ -1,81 +0,0 @@
# .gitea/workflows/class-txt-check.yml
name: Docs Precheck - CLASS.TXT.json Check
on:
pull_request:
types: [opened, reopened, synchronize, edited]
permissions:
contents: read
pull-requests: write
jobs:
class-txt-check:
runs-on: ubuntu-latest
steps:
- name: Checkout repository
uses: actions/checkout@v4
with:
fetch-depth: 0
- name: Setup Python
uses: actions/setup-python@v5
with:
python-version: '3.12'
- name: Get changed CLASS.TXT.json files
id: changed-files
run: |
BASE_SHA="${{ gitea.event.pull_request.base.sha }}"
changed=$(git diff --name-only ${BASE_SHA}...HEAD | grep -E 'CLASS\.TXT\.json$' | tr '\n' ' ' || true)
echo "files=$changed" >> $GITHUB_OUTPUT
echo "CHANGED_FILES=$changed" >> $GITHUB_ENV
echo "Changed CLASS.TXT.json files: $changed"
- name: Run duplicate title check
id: class-check
run: |
python3 .gitea/workflows/helpers/class-txt-check.py
- name: Comment on PR with violations
if: failure() && steps.class-check.outcome == 'failure'
env:
GITEA_SERVER_URL: ${{ gitea.server_url }}
REPO: ${{ gitea.repository }}
PR_NUMBER: ${{ gitea.event.pull_request.number }}
TOKEN: ${{ gitea.token }}
run: |
set -euo pipefail
# Ensure URL starts with http
if [[ ! "${GITEA_SERVER_URL}" =~ ^https?:// ]]; then
GITEA_SERVER_URL="http://${GITEA_SERVER_URL}"
echo "Added http:// prefix to URL"
fi
# Generate comment message
MSG=$(python3 .gitea/workflows/helpers/class-comment.py)
echo "$MSG"
# Extract body from JSON
BODY=$(echo "$MSG" | python3 -c "import sys, json; print(json.load(sys.stdin)['body'])")
# Build the full URL
FULL_URL="${GITEA_SERVER_URL}/api/v1/repos/${REPO}/issues/${PR_NUMBER}/comments"
echo "Posting comment to: ${FULL_URL}"
# Comment on PR
curl -sS -X POST \
-H "Authorization: token ${TOKEN}" \
-H "Content-Type: application/json" \
"${FULL_URL}" \
-d "$(echo "$BODY" | python3 -c "import sys, json; print(json.dumps({'body': sys.stdin.read()}))")"
- name: Final status
if: always()
run: |
if [ -f violations.json ]; then
echo "::error::CLASS.TXT.json check failed. See previous step for details."
exit 1
fi

84
.gitea/workflows/docs-precheck.yml
View File

@ -1,84 +0,0 @@
# .gitea/workflows/docs-precheck.yml
name: Docs Precheck - Underscore Check
on:
pull_request:
types: [opened, reopened, synchronize, edited]
permissions:
contents: read
pull-requests: write
jobs:
docs-precheck:
runs-on: ubuntu-latest
steps:
- name: Checkout repository
uses: actions/checkout@v4
with:
fetch-depth: 0
- name: Setup Python
uses: actions/setup-python@v5
with:
python-version: '3.12'
- name: Install dependencies
run: pip install beautifulsoup4 lxml
- name: Get changed HTML files
id: changed-files
run: |
BASE_SHA="${{ gitea.event.pull_request.base.sha }}"
changed=$(git diff --name-only ${BASE_SHA}...HEAD | grep -E '\.(html|htm)$' | tr '\n' ' ' || true)
echo "files=$changed" >> $GITHUB_OUTPUT
echo "CHANGED_FILES=$changed" >> $GITHUB_ENV
echo "Changed HTML files: $changed"
- name: Run underscore check
id: underscore-check
run: |
python3 .gitea/workflows/helpers/underscore-check.py
- name: Comment on PR with violations
if: failure() && steps.underscore-check.outcome == 'failure'
env:
GITEA_SERVER_URL: ${{ gitea.server_url }}
REPO: ${{ gitea.repository }}
PR_NUMBER: ${{ gitea.event.pull_request.number }}
TOKEN: ${{ gitea.token }}
run: |
set -euo pipefail
# Ensure URL starts with http
if [[ ! "${GITEA_SERVER_URL}" =~ ^https?:// ]]; then
GITEA_SERVER_URL="http://${GITEA_SERVER_URL}"
echo "Added http:// prefix to URL"
fi
# Generate comment message
MSG=$(python3 .gitea/workflows/helpers/underscore-comment.py)
echo "$MSG"
# Extract body from JSON
BODY=$(echo "$MSG" | python3 -c "import sys, json; print(json.load(sys.stdin)['body'])")
# Build the full URL
FULL_URL="${GITEA_SERVER_URL}/api/v1/repos/${REPO}/issues/${PR_NUMBER}/comments"
echo "Posting comment to: ${FULL_URL}"
# Comment on PR
curl -sS -X POST \
-H "Authorization: token ${TOKEN}" \
-H "Content-Type: application/json" \
"${FULL_URL}" \
-d "$(echo "$BODY" | python3 -c "import sys, json; print(json.dumps({'body': sys.stdin.read()}))")"
- name: Final status
if: always()
run: |
if [ -f violations.json ]; then
echo "::error::Underscore check failed. See previous step for details."
exit 1
fi

71
.gitea/workflows/helpers/class-comment.py
View File

@ -1,71 +0,0 @@
#!/usr/bin/env python3
"""
Generate PR comment for CLASS.TXT.json duplicate title violations.
This script reads violations.json (created by class-txt-check.py) and generates
a formatted markdown comment to be posted on the PR. The comment includes:
- File path where violations were found
- Parent document title and code
- The duplicate title
- Document codes that share the duplicate title
Usage:
Run after class-txt-check.py fails. Reads violations.json and outputs JSON
with 'body' field containing the markdown comment text.
"""
import json
import sys
def main():
try:
with open("violations.json", "r") as f:
violations = json.load(f)
except Exception:
violations = []
if not violations:
print(json.dumps({"body": "No violations to report"}))
sys.exit(0)
# Group violations by file
by_file = {}
for v in violations:
key = v["file"]
if key not in by_file:
by_file[key] = []
by_file[key].append(v)
# Build message
lines = [
"❌ **Duplicate title detected in CLASS.TXT.json**",
"",
"Found child documents with duplicate titles under the same parent:",
"",
]
for filepath, file_violations in by_file.items():
lines.append(f"**{filepath}:**")
for v in file_violations:
parent_code = v["parent_code"]
parent_title = v["parent_title"]
duplicate_title = v["duplicate_title"]
codes = v["codes"]
lines.append(f" - Parent: `{parent_title}` (code: `{parent_code}`)")
lines.append(f" Duplicate title: `{duplicate_title}`")
for code in codes:
lines.append(f" - Document code: `{code}`")
lines.append("")
lines.append(
"**Please ensure all child documents under the same parent have unique titles.**"
)
message = "\n".join(lines)
print(json.dumps({"body": message}))
if __name__ == "__main__":
main()

161
.gitea/workflows/helpers/class-txt-check.py
View File

File diff suppressed because it is too large Load Diff

149
.gitea/workflows/helpers/metadata-check.py
View File

File diff suppressed because it is too large Load Diff

63
.gitea/workflows/helpers/metadata-comment.py
View File

@ -1,63 +0,0 @@
#!/usr/bin/env python3
"""
Generate PR comment for metadata registration check violations.
This script reads violations.json (created by metadata-check.py) and generates
a formatted markdown comment to be posted on the PR. The comment includes:
- HTML file path that was added but not registered
- Which metadata files it's missing from (CLASS.TXT.json, ALL_META.TXT.json)
- Whether the metadata files don't exist or the file is simply missing from them
Usage:
Run after metadata-check.py fails. Reads violations.json and outputs JSON
with 'body' field containing the markdown comment text.
"""
import json
import sys
def main():
try:
with open("violations.json", "r") as f:
violations = json.load(f)
except Exception:
violations = []
if not violations:
print(json.dumps({"body": "No violations to report"}))
sys.exit(0)
# Build message
lines = [
"❌ **HTML file not registered in metadata**",
"",
"The following HTML files were added but are not properly registered in the metadata files:",
"",
]
for v in violations:
html_file = v["file"]
missing_from = v["missing_from"]
lines.append(f"**{html_file}**")
for missing in missing_from:
# Check if it's a "file not found" case
if "(file not found)" in missing:
lines.append(
f" ❌ Missing from: `{missing.split(' (')[0]}` (metadata file does not exist)"
)
else:
lines.append(f" ❌ Missing from: `{missing}`")
lines.append("")
lines.append(
"**Please add the new HTML files to both `CLASS.TXT.json` and `ALL_META.TXT.json` in the same directory.**"
)
message = "\n".join(lines)
print(json.dumps({"body": message}))
if __name__ == "__main__":
main()

214
.gitea/workflows/helpers/underscore-check.py
View File

File diff suppressed because it is too large Load Diff

68
.gitea/workflows/helpers/underscore-comment.py
View File

@ -1,68 +0,0 @@
#!/usr/bin/env python3
"""
Generate PR comment for underscore check violations.
This script reads violations.json (created by underscore-check.py) and generates
a formatted markdown comment to be posted on the PR. The comment includes:
- File path where violations were found
- Line number of each violation
- The offending word (ending with underscore)
- Context showing where the violation appears in the HTML
Usage:
Run after underscore-check.py fails. Reads violations.json and outputs JSON
with 'body' field containing the markdown comment text.
"""
import json
import sys
def main():
try:
with open("violations.json", "r") as f:
violations = json.load(f)
except Exception:
violations = []
if not violations:
print(json.dumps({"body": "No violations to report"}))
sys.exit(0)
# Group violations by file
by_file = {}
for v in violations:
key = v["file"]
if key not in by_file:
by_file[key] = []
by_file[key].append(v)
# Build message
lines = [
"❌ **Underscore check failed**",
"",
"Found words ending with underscore (not followed by alphanumeric characters):",
"",
]
for filepath, file_violations in by_file.items():
lines.append(f"**{filepath}:**")
for v in file_violations:
word = v["word"]
line_num = v["line"]
context = v["context"]
# Escape markdown special chars in context
context = context.replace("`", "\\`")
lines.append(f" - Line {line_num}: `{word}` in context: `{context}`")
lines.append("")
lines.append(
"**Please fix these issues as soon as possible.** Words should not end with an underscore unless followed by alphanumeric characters (A-Za-z0-9)."
)
message = "\n".join(lines)
print(json.dumps({"body": message}))
if __name__ == "__main__":
main()

81
.gitea/workflows/metadata-check.yml
View File

@ -1,81 +0,0 @@
# .gitea/workflows/metadata-check.yml
name: Docs Precheck - Metadata Registration Check
on:
pull_request:
types: [opened, reopened, synchronize, edited]
permissions:
contents: read
pull-requests: write
jobs:
metadata-check:
runs-on: ubuntu-latest
steps:
- name: Checkout repository
uses: actions/checkout@v4
with:
fetch-depth: 0
- name: Setup Python
uses: actions/setup-python@v5
with:
python-version: '3.12'
- name: Get added HTML files
id: added-files
run: |
BASE_SHA="${{ gitea.event.pull_request.base.sha }}"
added=$(git diff --name-status ${BASE_SHA}...HEAD | grep "^A" | awk '{print $2}' | grep -E '\.html$' | tr '\n' ' ' || true)
echo "files=$added" >> $GITHUB_OUTPUT
echo "ADDED_FILES=$added" >> $GITHUB_ENV
echo "Added HTML files: $added"
- name: Run metadata registration check
id: metadata-check
run: |
python3 .gitea/workflows/helpers/metadata-check.py
- name: Comment on PR with violations
if: failure() && steps.metadata-check.outcome == 'failure'
env:
GITEA_SERVER_URL: ${{ gitea.server_url }}
REPO: ${{ gitea.repository }}
PR_NUMBER: ${{ gitea.event.pull_request.number }}
TOKEN: ${{ gitea.token }}
run: |
set -euo pipefail
# Ensure URL starts with http
if [[ ! "${GITEA_SERVER_URL}" =~ ^https?:// ]]; then
GITEA_SERVER_URL="http://${GITEA_SERVER_URL}"
echo "Added http:// prefix to URL"
fi
# Generate comment message
MSG=$(python3 .gitea/workflows/helpers/metadata-comment.py)
echo "$MSG"
# Extract body from JSON
BODY=$(echo "$MSG" | python3 -c "import sys, json; print(json.load(sys.stdin)['body'])")
# Build the full URL
FULL_URL="${GITEA_SERVER_URL}/api/v1/repos/${REPO}/issues/${PR_NUMBER}/comments"
echo "Posting comment to: ${FULL_URL}"
# Comment on PR
curl -sS -X POST \
-H "Authorization: token ${TOKEN}" \
-H "Content-Type: application/json" \
"${FULL_URL}" \
-d "$(echo "$BODY" | python3 -c "import sys, json; print(json.dumps({'body': sys.stdin.read()}))")"
- name: Final status
if: always()
run: |
if [ -f violations.json ]; then
echo "::error::Metadata registration check failed. See previous step for details."
exit 1
fi

198
.gitea/workflows/openapi.yml
View File

File diff suppressed because it is too large Load Diff

115
.gitea/workflows/run-hcdc.yaml
View File

File diff suppressed because it is too large Load Diff

123
.gitea/workflows/yaml-lint.yml
View File

File diff suppressed because it is too large Load Diff

11
.spectral.yaml
View File

@ -1,11 +0,0 @@
rules:
path-starts-with-slash-no-spaces:
description: Path must start with / and contain no spaces
message: "Path '{{property}}' must start with '/' and must not contain spaces"
severity: error
given: $.paths
then:
field: "@key"
function: pattern
functionOptions:
match: "^\\/[^\\s]*$"

17
.yamllint
View File

@ -1,17 +0,0 @@
# .yamllint
extends: default
yaml-files:
- '*.yaml'
- '*.yml'
rules:
line-length:
max: 120
level: warning
indentation:
spaces: 2 # number of spaces per indent level
indent-sequences: consistent # or true/false/whatever
level: error
document-start:
level: warning

2
docs/apig/umn/CLASS.TXT.json
View File

@ -515,7 +515,7 @@
{
"desc":"Meaning: Request throttling policy.Scope of effect: Operation Object (2.0)/Operation Object (3.0)Example:",
"product_code":"apig",
"title":"x-apigateway-ratelimits",
"title":"x-apigateway-ratelimit",
"uri":"apig_03_0098.html",
"doc_type":"usermanual",
"p_code":"43",

20
docs/apig/umn/apig_02_0001_1.html
View File

@ -1,20 +0,0 @@
<a name="apig_02_0001"></a><a name="apig_02_0001"></a>
<h1 class="topictitle1">Process Flow</h1>
<div id="body8662426"><p id="apig_02_0001__en-us_topic_0000001128377382_en-us_topic_0080101676_p8060118">The following figure shows the process of exposing an API.</p>
<p id="apig_02_0001__en-us_topic_0000001128377382_p18543548134311"><span><img id="apig_02_0001__en-us_topic_0000001128377382_image14730133294617" src="en-us_image_0000001829896089.png"></span></p>
<ol id="apig_02_0001__en-us_topic_0000001128377382_en-us_topic_0080101676_ol134712352910"><li id="apig_02_0001__en-us_topic_0000001128377382_li035223651911">Creating a Gateway<p id="apig_02_0001__en-us_topic_0000001128377382_p08351451237"><a name="apig_02_0001__en-us_topic_0000001128377382_li035223651911"></a><a name="en-us_topic_0000001128377382_li035223651911"></a><a href="apig_03_0037.html">Create a dedicated gateway.</a></p>
</li><li id="apig_02_0001__en-us_topic_0000001128377382_en-us_topic_0080101676_li1934718315294"><a href="apig-ug-180307003.html">Creating an API Group</a><p id="apig_02_0001__en-us_topic_0000001128377382_en-us_topic_0080101676_p52731551293">An API group facilitates management of APIs used for the same service. Create an API group and then create APIs.</p>
</li><li id="apig_02_0001__en-us_topic_0000001128377382_en-us_topic_0080101676_li1239042116208"><a href="apig-ug-190419107.html">Binding a Domain Name</a><p id="apig_02_0001__en-us_topic_0000001128377382_en-us_topic_0080101676_p1939022115203">Before making the API available for users to access, bind an independent domain name (custom domain name) to the group to which the API belongs. Then API callers can use these domain names to call the API.</p>
</li><li id="apig_02_0001__en-us_topic_0000001128377382_en-us_topic_0080101676_li034715392911"><a href="apig_0080101678.html">Creating an API</a><p id="apig_02_0001__en-us_topic_0000001128377382_en-us_topic_0080101676_p1396201052917">When creating an API, configure the frontend and backend request paths, parameters, and protocols.</p>
</li><li id="apig_02_0001__en-us_topic_0000001128377382_en-us_topic_0080101676_li1447643191811"><a href="apig-ug-190419108.html">Debugging an API</a><p id="apig_02_0001__en-us_topic_0000001128377382_en-us_topic_0080101676_p18728145518188">Debug the API to check whether it works normally.</p>
</li><li id="apig_02_0001__en-us_topic_0000001128377382_en-us_topic_0080101676_li23471332910"><a href="apig-ug-180307004.html">(Optional) Creating an Environment</a><p id="apig_02_0001__en-us_topic_0000001128377382_en-us_topic_0080101676_p10254142615218">An API can be called in different scenarios, such as the production environment (RELEASE) or other custom environments. RELEASE is the default environment defined in APIG.</p>
</li><li id="apig_02_0001__en-us_topic_0000001128377382_en-us_topic_0080101676_li134733102913"><a href="apig-ug-180307005.html">Publishing an API</a><p id="apig_02_0001__en-us_topic_0000001128377382_en-us_topic_0080101676_p780511012155">Publish the API so that it can be called.</p>
</li></ol>
</div>
<div>
<div class="familylinks">
<div class="parentlink"><strong>Parent topic:</strong> <a href="apig-ug-180307001.html">Opening APIs</a></div>
</div>
</div>

2
docs/apig/umn/apig_03_0006.html
View File

@ -41,7 +41,7 @@
</table>
</div>
</p></li><li id="apig_03_0006__en-us_topic_0000001221574215_en-us_topic_0103545823_li369614061512"><span>Click <strong id="apig_03_0006__en-us_topic_0000001221574215_en-us_topic_0103545823_b1151018810305">OK</strong>.</span><p><p id="apig_03_0006__en-us_topic_0000001221574215_en-us_topic_0103545823_p643617378212">If the domain name is no longer needed, click <strong id="apig_03_0006__en-us_topic_0000001221574215_en-us_topic_0103545823_b791211518302">Unbind Domain Name</strong> to unbind it from the API group.</p>
</p></li><li id="apig_03_0006__en-us_topic_0000001221574215_en-us_topic_0103545823_li93451675213"><span>(Optional) If the API group contains HTTPS APIs, bind an SSL certificate to the independent domain name test_.</span><p><ol type="a" id="apig_03_0006__en-us_topic_0000001221574215_ol1799111542324"><li id="apig_03_0006__en-us_topic_0000001221574215_li13991165415321">In the row that contains the domain name, click <strong id="apig_03_0006__en-us_topic_0000001221574215_b854515393379">Select SSL Certificate</strong>.</li></ol><ol type="a" start="2" id="apig_03_0006__en-us_topic_0000001221574215_ol2992145419328"><li id="apig_03_0006__en-us_topic_0000001221574215_li2992135493218">Select an SSL certificate and click <strong id="apig_03_0006__en-us_topic_0000001221574215_b13711142203720">OK</strong>.<ul id="apig_03_0006__en-us_topic_0000001221574215_ul867615616168"><li id="apig_03_0006__en-us_topic_0000001221574215_li20676175641611">If a CA certificate has been uploaded for the SSL certificate, you can enable client authentication (HTTPS two-way authentication). <strong id="apig_03_0006__en-us_topic_0000001221574215_b28742914013">Enabling or disabling client authentication will affect the existing services. Exercise caution when performing this operation.</strong></li><li id="apig_03_0006__en-us_topic_0000001221574215_li14676105617167">If no SSL certificate is available, click <strong id="apig_03_0006__en-us_topic_0000001221574215_b11101651114714">Create SSL Certificate</strong> to create one. For details, see <a href="apig_03_0055.html#apig_03_0055">SSL Certificates</a>.</li></ul>
</p></li><li id="apig_03_0006__en-us_topic_0000001221574215_en-us_topic_0103545823_li93451675213"><span>(Optional) If the API group contains HTTPS APIs, bind an SSL certificate to the independent domain name.</span><p><ol type="a" id="apig_03_0006__en-us_topic_0000001221574215_ol1799111542324"><li id="apig_03_0006__en-us_topic_0000001221574215_li13991165415321">In the row that contains the domain name, click <strong id="apig_03_0006__en-us_topic_0000001221574215_b854515393379">Select SSL Certificate</strong>.</li></ol><ol type="a" start="2" id="apig_03_0006__en-us_topic_0000001221574215_ol2992145419328"><li id="apig_03_0006__en-us_topic_0000001221574215_li2992135493218">Select an SSL certificate and click <strong id="apig_03_0006__en-us_topic_0000001221574215_b13711142203720">OK</strong>.<ul id="apig_03_0006__en-us_topic_0000001221574215_ul867615616168"><li id="apig_03_0006__en-us_topic_0000001221574215_li20676175641611">If a CA certificate has been uploaded for the SSL certificate, you can enable client authentication (HTTPS two-way authentication). <strong id="apig_03_0006__en-us_topic_0000001221574215_b28742914013">Enabling or disabling client authentication will affect the existing services. Exercise caution when performing this operation.</strong></li><li id="apig_03_0006__en-us_topic_0000001221574215_li14676105617167">If no SSL certificate is available, click <strong id="apig_03_0006__en-us_topic_0000001221574215_b11101651114714">Create SSL Certificate</strong> to create one. For details, see <a href="apig_03_0055.html#apig_03_0055">SSL Certificates</a>.</li></ul>
</li></ol>
</p></li></ol>
</div>

2
docs/apig/umn/apig_03_0017.html
View File

@ -28,7 +28,7 @@
</li>
<li class="ulchildlink"><strong><a href="apig_03_0055.html">SSL Certificates</a></strong><br>
</li>
<li class="ulchildlink test_policy test_"><strong><a href="apig_03_0040.html">Load Balance Channels</a></strong><br>
<li class="ulchildlink"><strong><a href="apig_03_0040.html">Load Balance Channels</a></strong><br>
</li>
<li class="ulchildlink"><strong><a href="apig_03_0041.html">Managing Environments</a></strong><br>
</li>

2
docs/apig/umn/apig_03_0019.html
View File

@ -47,7 +47,7 @@
</li></ul>
</p></li><li id="apig_03_0019__en-us_topic_0000001221774151_en-us_topic_0000001151883501_li19109142924410"><span>Click <strong id="apig_03_0019__en-us_topic_0000001221774151_b1275410503448">OK</strong>.</span><p><ul id="apig_03_0019__en-us_topic_0000001221774151_ul18334414115613"><li id="apig_03_0019__en-us_topic_0000001221774151_li133351014125618">To clone this policy, click <strong id="apig_03_0019__en-us_topic_0000001221774151_b995111582546">Clone</strong> in the <strong id="apig_03_0019__en-us_topic_0000001221774151_b204471192551">Operation</strong> column.<div class="note" id="apig_03_0019__en-us_topic_0000001221774151_note165441445125319"><img src="public_sys-resources/note_3.0-en-us.png"><span class="notetitle"> </span><div class="notebody"><ul id="apig_03_0019__en-us_topic_0000001221774151_ul133541495612"><li id="apig_03_0019__en-us_topic_0000001221774151_li2335181412567">The name of a cloned policy cannot be the same as that of any existing policy.</li><li id="apig_03_0019__en-us_topic_0000001221774151_li1533581455617"><strong id="apig_03_0019__en-us_topic_0000001221774151_b033415153572">Request throttling</strong> and <strong id="apig_03_0019__en-us_topic_0000001221774151_b391031715576">signature key</strong> policies cannot be cloned.</li></ul>
</div></div>
</li><li id="apig_03_0019__en-us_topic_0000001221774151_li933561485617">After the policy is created, perform the operations described in test_policy <a href="#apig_03_0019__en-us_topic_0000001221774151_en-us_topic_0000001151883501_section020918935713">Binding the Policy to APIs</a> for the policy to take effect for the API.</li></ul>
</li><li id="apig_03_0019__en-us_topic_0000001221774151_li933561485617">After the policy is created, perform the operations described in <a href="#apig_03_0019__en-us_topic_0000001221774151_en-us_topic_0000001151883501_section020918935713">Binding the Policy to APIs</a> for the policy to take effect for the API.</li></ul>
</p></li></ol>
</div>
<div class="section" id="apig_03_0019__en-us_topic_0000001221774151_en-us_topic_0000001151883501_section020918935713"><a name="apig_03_0019__en-us_topic_0000001221774151_en-us_topic_0000001151883501_section020918935713"></a><a name="en-us_topic_0000001221774151_en-us_topic_0000001151883501_section020918935713"></a><h4 class="sectiontitle">Binding the Policy to APIs</h4><ol id="apig_03_0019__en-us_topic_0000001221774151_en-us_topic_0000001151883501_ol1356962619589"><li id="apig_03_0019__en-us_topic_0000001221774151_li53566433142"><span>Click a policy name to go to the policy details page.</span></li><li id="apig_03_0019__en-us_topic_0000001221774151_li1350414233155"><span>In the <strong id="apig_03_0019__en-us_topic_0000001221774151_b253612484616">APIs</strong> area, select an environment and click <strong id="apig_03_0019__en-us_topic_0000001221774151_b17559174011464">Select APIs</strong>.</span></li><li id="apig_03_0019__en-us_topic_0000001221774151_li1218216522159"><span>Select the API group, environment, and required APIs.</span></li><li id="apig_03_0019__en-us_topic_0000001221774151_li131891433203"><span>Click <strong id="apig_03_0019__en-us_topic_0000001221774151_b914315914475">OK</strong>.</span><p><ul id="apig_03_0019__en-us_topic_0000001221774151_ul514320193525"><li id="apig_03_0019__en-us_topic_0000001221774151_li16143111911526">If an API no longer needs this policy, click <strong id="apig_03_0019__en-us_topic_0000001221774151_b4321503488">Unbind</strong> in the row that contains the API.</li><li id="apig_03_0019__en-us_topic_0000001221774151_li191431319145211">If there are multiple APIs that no longer need this policy, select these APIs, and click <strong id="apig_03_0019__en-us_topic_0000001221774151_b11659101474819">Unbind</strong> above the API list. You can unbind a policy from a maximum of 1000 APIs at a time.</li></ul>

518
docs/asm/umn/ALL_META.TXT.json
View File

File diff suppressed because it is too large Load Diff

375
docs/asm/umn/CLASS.TXT.json
View File

File diff suppressed because it is too large Load Diff

36
docs/asm/umn/asm_01_0020.html
View File

@ -4,12 +4,12 @@
<div id="body8662426"><p id="asm_01_0020__en-us_topic_0000001542706401_p7705103811473">ASM allows you to create a Basic service mesh for commercial use.</p>
<div class="section" id="asm_01_0020__en-us_topic_0000001542706401_section033812246196"><h4 class="sectiontitle">Prerequisites</h4><p id="asm_01_0020__en-us_topic_0000001542706401_p43381724171910">A CCE cluster is available.</p>
</div>
<div class="section" id="asm_01_0020__en-us_topic_0000001542706401_section1486314595204"><h4 class="sectiontitle">Constraints</h4><ul id="asm_01_0020__en-us_topic_0000001542706401_ul186475910202"><li id="asm_01_0020__en-us_topic_0000001542706401_li1786417596203">ASM depends on the domain name resolution of CoreDNS. Before creating a service mesh for a cluster, ensure that the cluster has required resources and CoreDNS is running normally.</li><li id="asm_01_0020__li133817361244">The components of Istio 1.13 and 1.15 cannot run on nodes running CentOS or EulerOS 2.5. When creating a service mesh, do not specify these types of nodes as master nodes.</li></ul>
<div class="section" id="asm_01_0020__en-us_topic_0000001542706401_section1486314595204"><h4 class="sectiontitle">Constraints</h4><ul id="asm_01_0020__en-us_topic_0000001542706401_ul186475910202"><li id="asm_01_0020__en-us_topic_0000001542706401_li1786417596203">ASM depends on the domain name resolution of CoreDNS. Before creating a service mesh for a cluster, ensure that the cluster has required resources and CoreDNS is running normally.</li><li id="asm_01_0020__li133817361244">Istio components v1.13 and v1.15 cannot run on nodes running CentOS or EulerOS 2.5. When creating a service mesh, do not specify these types of nodes as master nodes.</li></ul>
</div>
<div class="section" id="asm_01_0020__en-us_topic_0000001542706401_section201371027102715"><h4 class="sectiontitle">Procedure</h4><ol id="asm_01_0020__en-us_topic_0000001542706401_ol1158918434276"><li id="asm_01_0020__en-us_topic_0000001542706401_li184614499427"><span>Log in to the ASM console.</span></li><li id="asm_01_0020__en-us_topic_0000001542706401_li125894431271"><span>Click <strong id="asm_01_0020__b205391310114513">Create Mesh</strong> in the upper right corner.</span></li><li id="asm_01_0020__en-us_topic_0000001542706401_li135891543162714"><span>Configure the following parameters.</span><p><ul id="asm_01_0020__en-us_topic_0000001542706401_ul75901043202711"><li id="asm_01_0020__en-us_topic_0000001542706401_li2092711501216"><strong id="asm_01_0020__en-us_topic_0000001542706401_b1094850142211">Mesh Edition</strong><p id="asm_01_0020__en-us_topic_0000001542706401_p4479132261213">Only service meshes of the Basic edition are supported for commercial use.</p>
</li><li id="asm_01_0020__en-us_topic_0000001542706401_li35901243162718"><strong id="asm_01_0020__b22496209">Mesh Name</strong><p id="asm_01_0020__en-us_topic_0000001542706401_p19590743152711">Enter a service mesh name, which consists of 4 to 64 characters. It must start with a lowercase letter and cannot end with a hyphen (-). Only lowercase letters, digits, and hyphens (-) are allowed.</p>
<p id="asm_01_0020__en-us_topic_0000001542706401_p11590144316275">Each name in the same account must be unique. After a service mesh is created, the name cannot be modified.</p>
</li><li id="asm_01_0020__en-us_topic_0000001542706401_li3590184362716"><strong id="asm_01_0020__b1611790005">Istio Version</strong><p id="asm_01_0020__en-us_topic_0000001542706401_p19590144310274">Select the Istio version supported by the service mesh.</p>
<div class="section" id="asm_01_0020__en-us_topic_0000001542706401_section201371027102715"><h4 class="sectiontitle">Procedure</h4><ol id="asm_01_0020__en-us_topic_0000001542706401_ol1158918434276"><li id="asm_01_0020__en-us_topic_0000001542706401_li184614499427"><span>Log in to the ASM console.</span></li><li id="asm_01_0020__en-us_topic_0000001542706401_li125894431271"><span>Click Create Mesh in the upper right corner.</span></li><li id="asm_01_0020__en-us_topic_0000001542706401_li135891543162714"><span>Configure the following parameters.</span><p><ul id="asm_01_0020__en-us_topic_0000001542706401_ul75901043202711"><li id="asm_01_0020__en-us_topic_0000001542706401_li2092711501216"><strong id="asm_01_0020__en-us_topic_0000001542706401_b1094850142211">Mesh Edition</strong><p id="asm_01_0020__en-us_topic_0000001542706401_p4479132261213">Only service meshes of the Basic edition are supported for commercial use.</p>
</li><li id="asm_01_0020__en-us_topic_0000001542706401_li35901243162718"><strong id="asm_01_0020__b147201102">Mesh Name</strong><p id="asm_01_0020__en-us_topic_0000001542706401_p19590743152711">Enter a service mesh name, which consists of 4 to 64 characters. It must start with a lowercase letter and cannot end with a hyphen (-). Only lowercase letters, digits, and hyphens (-) are allowed.</p>
<p id="asm_01_0020__en-us_topic_0000001542706401_p11590144316275">Service mesh names under the same account must be unique and cannot be modified after creation.</p>
</li><li id="asm_01_0020__en-us_topic_0000001542706401_li3590184362716"><strong id="asm_01_0020__b1937452824">Istio Version</strong><p id="asm_01_0020__en-us_topic_0000001542706401_p19590144310274">Select the Istio version supported by the service mesh.</p>
</li><li id="asm_01_0020__li20991123625914"><strong id="asm_01_0020__b54661518132116">Enable IPv6</strong><p id="asm_01_0020__p04381549215">Conditions for enabling IPv4/IPv6 dual stack for a service mesh</p>
<div class="tablenoborder"><table cellpadding="4" cellspacing="0" summary="" id="asm_01_0020__table11439754142117" frame="border" border="1" rules="all"><thead align="left"><tr id="asm_01_0020__row1743955417212"><th align="left" class="cellrowborder" valign="top" width="12.379999999999999%" id="mcps1.3.4.2.3.2.1.4.3.1.6.1.1"><p id="asm_01_0020__p1643985417218">Service Mesh Edition</p>
@ -30,32 +30,32 @@
</td>
<td class="cellrowborder" valign="top" width="15.260000000000002%" headers="mcps1.3.4.2.3.2.1.4.3.1.6.1.3 "><p id="asm_01_0020__p94391954112116">CCE Turbo clusters</p>
</td>
<td class="cellrowborder" valign="top" width="20.4%" headers="mcps1.3.4.2.3.2.1.4.3.1.6.1.4 "><p id="asm_01_0020__p843985414211">Cloud Native Network 2.0</p>
<td class="cellrowborder" valign="top" width="20.4%" headers="mcps1.3.4.2.3.2.1.4.3.1.6.1.4 "><p id="asm_01_0020__p843985414211">Cloud native network 2.0</p>
</td>
<td class="cellrowborder" valign="top" width="37.05%" headers="mcps1.3.4.2.3.2.1.4.3.1.6.1.5 "><p id="asm_01_0020__p17439135413211">IPv6 needs to be enabled for a cluster.</p>
<td class="cellrowborder" valign="top" width="37.05%" headers="mcps1.3.4.2.3.2.1.4.3.1.6.1.5 "><p id="asm_01_0020__p17439135413211">To enable IPv6.</p>
</td>
</tr>
</tbody>
</table>
</div>
<p id="asm_01_0020__p124428207334">For details, see <a href="asm_bestpractice_1009.html">How Do I Create a Service Mesh with IPv4/IPv6 Dual Stack Enabled</a>.</p>
<p id="asm_01_0020__p124428207334">For details, see <a href="asm_bestpractice_1009.html">How Do I Create a Service Mesh with IPv4/IPv6 Dual Stack Enabled</a></p>
<div class="note" id="asm_01_0020__note18440654152111"><img src="public_sys-resources/note_3.0-en-us.png"><span class="notetitle"> </span><div class="notebody"><ul id="asm_01_0020__ul1744075432120"><li id="asm_01_0020__li1744055413210"><strong id="asm_01_0020__b11396256101815">Enable IPv6</strong> is only available in Basic service meshes based on Istio 1.18 or later.</li><li id="asm_01_0020__li194404548216">IPv4/IPv6 dual stack cannot be enabled for a service mesh whose Istio version is upgraded to 1.18 or later.</li></ul>
<ul id="asm_01_0020__ul144085482119"><li id="asm_01_0020__li1344010549212">IPv4/IPv6 dual stack cannot be disabled once it is enabled for a service mesh. IPv4/IPv6 dual stack cannot be enabled for an existing service mesh.</li></ul>
</div></div>
</li><li id="asm_01_0020__en-us_topic_0000001542706401_li4590154315271"><strong id="asm_01_0020__b1825392822">Cluster</strong><p id="asm_01_0020__en-us_topic_0000001542706401_p4590184313278">Select the cluster from the cluster list or enter the cluster name in the upper right corner of the list to search for the cluster. You can only select the clusters whose versions are supported by the current service mesh version.</p>
</li><li id="asm_01_0020__en-us_topic_0000001542706401_li159044311277"><strong id="asm_01_0020__b553295356">Mesh Control Plane Node</strong><p id="asm_01_0020__en-us_topic_0000001542706401_p125902437272">The control plane components of a Basic service mesh are installed in your cluster. You need to select a node for installing the control plane. If HA is required, you can select two or more nodes from different AZs.</p>
</li><li id="asm_01_0020__en-us_topic_0000001542706401_li4590154315271"><strong id="asm_01_0020__b2100410425">Cluster</strong><p id="asm_01_0020__en-us_topic_0000001542706401_p4590184313278">Select the cluster from the cluster list or enter the cluster name in the upper right corner of the list to search for it. You can only select the clusters whose versions are supported by the current service mesh version.</p>
</li><li id="asm_01_0020__en-us_topic_0000001542706401_li159044311277"><strong id="asm_01_0020__b973752981">Mesh Control Plane Node</strong><p id="asm_01_0020__en-us_topic_0000001542706401_p125902437272">The control plane components of the Basic service mesh are installed in the user cluster. Therefore, you need to select a node for installing the control plane. If HA is required, you can select two or more nodes from different AZs.</p>
<p id="asm_01_0020__en-us_topic_0000001542706401_p1959024392713">A selected node will be labeled with <strong id="asm_01_0020__b12113195612363">istio:master</strong>, and the components will be scheduled to that node.</p>
</li><li id="asm_01_0020__li17225629125"><strong id="asm_01_0020__b182161818152520">Observability Configuration</strong><ul id="asm_01_0020__ul162251921123"><li id="asm_01_0020__li1522512214127"><strong id="asm_01_0020__b1443315218391">Tracing</strong><p id="asm_01_0020__p015131035712"><strong id="asm_01_0020__b1314122314192">Enable Call Chain</strong>: If this option is enabled, you can use distributed tracing to track requests in the service mesh.</p>
<p id="asm_01_0020__p3225124129">- <strong id="asm_01_0020__b1649171110292">Sampling Rate</strong>: The number of requests generated by the tracing service/The total number of requests</p>
</li><li id="asm_01_0020__li17225629125"><strong id="asm_01_0020__b182161818152520">Observability Configuration</strong><ul id="asm_01_0020__ul162251921123"><li id="asm_01_0020__li1233211216319"><strong id="asm_01_0020__b1115002839">Application Metrics</strong><p id="asm_01_0020__p93321821123112">If this option is enabled, you can specify service access metrics, application topologies, and service health and SLO definitions in the service mesh.</p>
</li><li id="asm_01_0020__li1522512214127"><strong id="asm_01_0020__b1443315218391">Tracing</strong><p id="asm_01_0020__p3225124129">- <strong id="asm_01_0020__b1649171110292">Sampling Rate</strong>: Number of requests generated by the tracing service/Total number of requests</p>
<p id="asm_01_0020__p722519210123">- <strong id="asm_01_0020__b13853258294">Version</strong>: tracing service. If you select <strong id="asm_01_0020__b1028517591813">Third-party Jaeger/Zipkin service</strong>, you need to set <strong id="asm_01_0020__b613018597425">Service Address</strong> and <strong id="asm_01_0020__b665636154317">Service Port</strong>, which indicate the address and port number used by the third-party tracing service to receive requests.</p>
<div class="note" id="asm_01_0020__note122518211219"><img src="public_sys-resources/note_3.0-en-us.png"><span class="notetitle"> </span><div class="notebody"><ul id="asm_01_0020__ul1522613251216"><li id="asm_01_0020__li112261223127">Only Istio 1.15 and later versions support third-party tracing services.</li><li id="asm_01_0020__li142761222131512">If you want to use the third-party Jaeger or Zipkin service, install it first. Then, obtain the service address.</li><li id="asm_01_0020__li1622612111211">The default service ports of Jaeger and Zipkin are both 9411. If you create a custom service port during Jaeger or Zipkin installation, replace <strong id="asm_01_0020__b1161449123214">Service Port</strong> with the actual value.</li></ul>
<div class="note" id="asm_01_0020__note122518211219"><img src="public_sys-resources/note_3.0-en-us.png"><span class="notetitle"> </span><div class="notebody"><ul id="asm_01_0020__ul1522613251216"><li id="asm_01_0020__li112261223127">Only Istio 1.15 or later support the third-party tracing service.</li><li id="asm_01_0020__li142761222131512">If you want to use the third-party Jaeger or Zipkin service, install it first. Then, obtain the service address.</li><li id="asm_01_0020__li1622612111211">The default service ports of Jaeger and Zipkin are both 9411. If you customize the service port during Jaeger or Zipkin installation, replace <strong id="asm_01_0020__b3675134710313">Service Port</strong> with the actual value.</li></ul>
</div></div>
</li></ul>
</li></ul>
</p></li><li id="asm_01_0020__en-us_topic_0000001542706401_li185901043112713"><span>(Optional) Specify advanced settings.</span><p><ul id="asm_01_0020__en-us_topic_0000001542706401_ul195914431277"><li id="asm_01_0020__en-us_topic_0000001542706401_li105911243172720"><strong id="asm_01_0020__b337428543">Namespace Injection Settings</strong><p id="asm_01_0020__en-us_topic_0000001542706401_p0591154316270">Select a namespace and label it with <strong id="asm_01_0020__b0190101221818">istio-injection=enabled</strong>. After being restarted, all pods in the namespace will be automatically injected with istio-proxy sidecars.</p>
</p></li><li id="asm_01_0020__en-us_topic_0000001542706401_li185901043112713"><span>(Optional) Configure advanced settings.</span><p><ul id="asm_01_0020__en-us_topic_0000001542706401_ul195914431277"><li id="asm_01_0020__en-us_topic_0000001542706401_li105911243172720"><strong id="asm_01_0020__b808612298">Namespace Injection Settings</strong><p id="asm_01_0020__en-us_topic_0000001542706401_p0591154316270">Select a namespace and label it with <strong id="asm_01_0020__b1742517548222">istio-injection=enabled</strong>. After being restarted, all pods in the namespace will be automatically injected with an istio-proxy sidecar.</p>
<p id="asm_01_0020__en-us_topic_0000001542706401_p1459184332714">If you do not configure namespace injection, you can inject a sidecar on the <strong id="asm_01_0020__b1960806132112">Sidecar Management</strong> tab (<strong id="asm_01_0020__b86087612111">Mesh Configuration</strong> &gt; <strong id="asm_01_0020__b196087611215">Sidecar Management</strong>) after the service mesh is created. For details, see <a href="asm_01_0041.html#asm_01_0041__section65931513505">Injecting a Sidecar</a>.</p>
</li><li id="asm_01_0020__en-us_topic_0000001542706401_li1059184310276"><strong id="asm_01_0020__b1505440256">Restart Existing Services</strong><p id="asm_01_0020__en-us_topic_0000001542706401_p12591144362715"><span><img id="asm_01_0020__image879324619490" src="en-us_image_0000001920032153.png"></span>: The pods of existing services in the namespace will be restarted, which will temporarily interrupt your services. The istio-proxy sidecars can be automatically injected to the pods of existing services only after the pods are restarted.</p>
<p id="asm_01_0020__en-us_topic_0000001542706401_p195911343162718"><span><img id="asm_01_0020__en-us_topic_0000001542706401_image1736110311031" src="en-us_image_0000001494249996.png"></span>: The istio-proxy sidecars cannot be automatically injected into the pods of existing services. You need to manually restart the pods on the CCE console to inject the sidecars.</p>
</li><li id="asm_01_0020__en-us_topic_0000001542706401_li1059184310276"><strong id="asm_01_0020__b963350775">Restart Existing Services</strong><p id="asm_01_0020__en-us_topic_0000001542706401_p12591144362715"><span><img id="asm_01_0020__image879324619490" src="en-us_image_0000001920032153.png"></span>: Pods of the existing services in the namespace will be restarted, which will temporarily interrupt your services. The <strong id="asm_01_0020__b658216428">istio-proxy</strong> sidecar is automatically injected into the pods of the existing services.</p>
<p id="asm_01_0020__en-us_topic_0000001542706401_p195911343162718"><span><img id="asm_01_0020__en-us_topic_0000001542706401_image1736110311031" src="en-us_image_0000001494249996.png"></span>: The <strong id="asm_01_0020__b166037221819">istio-proxy</strong> sidecar cannot be automatically injected into the pods of the existing services. You need to manually restart the workloads on the CCE console to inject the sidecar.</p>
</li><li id="asm_01_0020__li103761117176"><strong id="asm_01_0020__b161488533415">Traffic Interception Settings</strong><div class="note" id="asm_01_0020__note9376117978"><img src="public_sys-resources/note_3.0-en-us.png"><span class="notetitle"> </span><div class="notebody"><p id="asm_01_0020__p2376181712720">By default, sidecars intercept all inbound and outbound traffic of pods. You can modify the default traffic rules in <strong id="asm_01_0020__b134331479345">Traffic Interception Settings</strong>.</p>
</div></div>
<p id="asm_01_0020__p93763174718"><strong id="asm_01_0020__b9810181314341">Inbound Ports</strong>: Inbound ports separated by commas (,). You can use this field to specify the ports that will be included or excluded for inbound traffic redirection.</p>
@ -67,9 +67,9 @@
<p id="asm_01_0020__p11377181717712"><strong id="asm_01_0020__b20653518442">Outbound IP Ranges</strong>: IP address ranges separated by commas (,) in CIDR format. You can use this field to specify the IP ranges that will be included or excluded for outbound traffic redirection.</p>
<ul id="asm_01_0020__ul1337716172078"><li id="asm_01_0020__li1377417579"><strong id="asm_01_0020__b39502030153411">Include only specified IP ranges</strong> means that the traffic from specified IP ranges will be redirected to the sidecar.</li></ul>
<ul id="asm_01_0020__ul14377181711717"><li id="asm_01_0020__li3377171710719"><strong id="asm_01_0020__b393303213347">Exclude only specified IP ranges</strong> means that the traffic from IP ranges except the specified IP ranges will be redirected to the sidecar.</li></ul>
</li><li id="asm_01_0020__li1611138125316"><strong id="asm_01_0020__b896573998">Resource Tags</strong><p id="asm_01_0020__p1711128135317">Enter the tag key and tag value. A maximum of 20 tags can be added.</p>
</li><li id="asm_01_0020__li1611138125316"><strong id="asm_01_0020__b1576740032">Resource Tags</strong><p id="asm_01_0020__p1711128135317">Enter the tag key and tag value. A maximum of 20 tags can be added.</p>
</li></ul>
</p></li><li id="asm_01_0020__en-us_topic_0000001542706401_li859154318271"><span>Review the service mesh configuration in <strong id="asm_01_0020__b1410335113">Configuration List</strong> on the right of the page and click <strong id="asm_01_0020__b250962436">Submit</strong>.</span><p><p id="asm_01_0020__en-us_topic_0000001542706401_p13591174382714">It takes about 1 to 3 minutes to create a service mesh. If the service mesh status changes from <strong id="asm_01_0020__b1250689906">Installing</strong> to <strong id="asm_01_0020__b1089094307">Running</strong>, the service mesh is successfully created.</p>
</p></li><li id="asm_01_0020__en-us_topic_0000001542706401_li859154318271"><span>Review the service mesh configuration in <strong id="asm_01_0020__b151099494">Configuration List</strong> on the right of the page and click <strong id="asm_01_0020__b441494675">Submit</strong>.</span><p><p id="asm_01_0020__en-us_topic_0000001542706401_p13591174382714">It takes about 1 to 3 minutes to create a service mesh. If the service mesh status changes from <strong id="asm_01_0020__b567440244">Installing</strong> to <strong id="asm_01_0020__b17683781">Running</strong>, the service mesh is successfully created.</p>
<div class="note" id="asm_01_0020__en-us_topic_0000001542706401_note14591184342712"><img src="public_sys-resources/note_3.0-en-us.png"><span class="notetitle"> </span><div class="notebody"><p id="asm_01_0020__en-us_topic_0000001542706401_p1459119432275">When the service mesh is enabled, the following operations are performed:</p>
<ul id="asm_01_0020__en-us_topic_0000001542706401_ul859134311276"><li id="asm_01_0020__en-us_topic_0000001542706401_li195911043152719">Helm orchestrates the application into a Release as the resource of the service mesh control plane.</li></ul>
</div></div>

4
docs/asm/umn/asm_01_0029.html
View File

@ -6,9 +6,9 @@
<ul class="ullinks">
<li class="ulchildlink"><strong><a href="asm_01_0031.html">Configuration Diagnosis</a></strong><br>
</li>
<li class="ulchildlink"><strong><a href="asm_01_0060.html">Fixing Items Manually</a></strong><br>
<li class="ulchildlink"><strong><a href="asm_01_0060.html">Manual Fixing Items</a></strong><br>
</li>
<li class="ulchildlink"><strong><a href="asm_01_0065.html">Fixing Items Automatically</a></strong><br>
<li class="ulchildlink"><strong><a href="asm_01_0065.html">Auto Fixing Items</a></strong><br>
</li>
</ul>

10
docs/asm/umn/asm_01_0036.html
View File

@ -9,7 +9,7 @@
</li></ul>
</p></li><li id="asm_01_0036__li771712313588"><span>Configure basic information of the grayscale release task.</span><p><ul id="asm_01_0036__ul6468103391818"><li id="asm_01_0036__li182551458340"><strong id="asm_01_0036__b151365433183">Grayscale Release Form</strong><p id="asm_01_0036__p2064691819344">Select <strong id="asm_01_0036__b1497597343102415">Canary Release</strong> or <strong id="asm_01_0036__b2049366149102415">Blue-Green Deployment</strong> as required. For details about the differences between the two forms, see <a href="asm_01_0035.html">Grayscale Release Overview</a>.</p>
</li><li id="asm_01_0036__li4938581353"><strong id="asm_01_0036__b743019103613">Task Name</strong><p id="asm_01_0036__p98958413619">Customize a grayscale release task name. Enter 4 to 63 characters, starting with a lowercase letter and ending with a letter or digit. Only lowercase letters, digits, and hyphens (-) are allowed.</p>
</li><li id="asm_01_0036__li36212449385"><strong id="asm_01_0036__b13288953173816">Namespace</strong><p id="asm_01_0036__p26361500386">Select the namespace that the service belongs to.</p>
</li><li id="asm_01_0036__li36212449385"><strong id="asm_01_0036__b13288953173816">Namespace</strong><p id="asm_01_0036__p26361500386">Select the namespace to which the service belongs.</p>
</li><li id="asm_01_0036__li10113185692215"><strong id="asm_01_0036__b083101432311">Service</strong><p id="asm_01_0036__p11370657182210">Select the service to be released from the drop-down list box. Services that are running grayscale tasks cannot be selected. They are automatically filtered out from the list.</p>
</li><li id="asm_01_0036__li164901553114017"><strong id="asm_01_0036__b486725564018">Workload</strong><p id="asm_01_0036__p614765119400">Select the workload to which the service belongs.</p>
</li><li id="asm_01_0036__li16245142511413"><strong id="asm_01_0036__b2245142520413">Version</strong><p id="asm_01_0036__p5245132584112">Current service version number, which cannot be changed.</p>
@ -24,14 +24,14 @@
</p></li><li id="asm_01_0036__li5242204519710"><span>(For canary release only) Click <strong id="asm_01_0036__b2127315232102415">Configure Traffic Policy</strong> to configure a traffic policy.</span><p><p id="asm_01_0036__p58080153163125"><strong id="asm_01_0036__b371783390102415">Policy Type</strong>: The value can be <strong id="asm_01_0036__b1569755184102415">Based on traffic ratio</strong> or <strong id="asm_01_0036__b1443871107102415">Based on request content</strong>.</p>
<ul id="asm_01_0036__ul61311494163314"><li id="asm_01_0036__li1265865519290"><strong id="asm_01_0036__b179291468309">Based on traffic ratio</strong><p id="asm_01_0036__p910935618296">A specified ratio of traffic will be directed to the grayscale version. For example, 75% of the traffic is directed to the original version, and 25% is directed to the grayscale version. In actual applications, you can gradually increase the traffic ratio of the grayscale version and deliver policies to monitor the performance of the grayscale version.</p>
<div class="fignone" id="asm_01_0036__fig1550914468143"><span class="figcap"><b>Figure 1 </b>Based on traffic ratio</span><br><span><img class="eddx" id="asm_01_0036__image45091246201417" src="en-us_image_0000001210438852.png"></span></div>
<p id="asm_01_0036__p184331616162415">You can set the traffic ratio for the original version and grayscale version. The system distributes traffic to the two versions based on the specific traffic ratio.</p>
<p id="asm_01_0036__p184331616162415"><strong id="asm_01_0036__b361084949102415">Traffic</strong> <strong id="asm_01_0036__b1076523187102415">ratio</strong>: You can set the traffic ratio for the original version and grayscale version. The system distributes traffic to the two versions based on the specific traffic ratio.</p>
</li></ul>
<ul id="asm_01_0036__ul21864151442"><li id="asm_01_0036__li1318621514442"><strong id="asm_01_0036__b1184715194414">Based on request content</strong><p id="asm_01_0036__p10186515104411">With such a policy, a grayscale version can be accessed only when the traffic meets the rules based on cookies, headers, queries, allowed operating systems, and allowed browsers. For example, only HTTP requests whose cookies meet <strong id="asm_01_0036__b1217005551102415">User=Internal</strong> can be forwarded to the grayscale version. Other requests are still received by the original version.</p>
<ul id="asm_01_0036__ul21864151442"><li id="asm_01_0036__li1318621514442"><strong id="asm_01_0036__b1184715194414">Based on request content</strong><p id="asm_01_0036__p10186515104411">The grayscale version can be accessed only when the traffic meets the rules based on the cookies, custom headers, queries, operating systems, and browsers. For example, only HTTP requests whose cookies meet <strong id="asm_01_0036__b1217005551102415">User=Internal</strong> can be forwarded to the grayscale version. Other requests are still received by the original version.</p>
<div class="fignone" id="asm_01_0036__fig19101134141212"><span class="figcap"><b>Figure 2 </b>Based on request content</span><br><span><img class="eddx" id="asm_01_0036__image1610220411210" src="en-us_image_0000001210119300.png"></span></div>
<ul id="asm_01_0036__ul146803318438"><li id="asm_01_0036__li1765991217433"><strong id="asm_01_0036__b0949204010510">Cookie</strong><p id="asm_01_0036__p14135174411452"><strong id="asm_01_0036__b351285221111">Regular expression</strong>: When the cookie of a request matches the configured regular expression, the request will be distributed to the grayscale version.</p>
</li><li id="asm_01_0036__li63161151174315"><strong id="asm_01_0036__b99941448155113">Header</strong><ul id="asm_01_0036__ul17661191910713"><li id="asm_01_0036__li111518584416"><strong id="asm_01_0036__b08691434192116">Full match</strong>: Only the header that fully matches the values you set can be used for service access. For example, if <strong id="asm_01_0036__b1697833709102415">Key</strong> is set to <strong id="asm_01_0036__b2061631694102415">User</strong> and <strong id="asm_01_0036__b781961949102415">Value</strong> is set to <strong id="asm_01_0036__b38182976102415">Internal</strong>, only requests whose headers contain <strong id="asm_01_0036__b1880166255102415">User</strong> with the value <strong id="asm_01_0036__b438277587102415">Internal</strong> are responded by the grayscale version.</li><li id="asm_01_0036__li1830122117716"><strong id="asm_01_0036__b1433176777102415">Regular expression</strong>: When the header of a request matches the configured regular expression, the request will be distributed to the grayscale version.<p id="asm_01_0036__p530216211679">You can create custom key and value. The value supports the full match and regular expression.</p>
</li><li id="asm_01_0036__li63161151174315"><strong id="asm_01_0036__b99941448155113">Header</strong><ul id="asm_01_0036__ul17661191910713"><li id="asm_01_0036__li111518584416"><strong id="asm_01_0036__b08691434192116">Full match</strong>: Only the URL that fully matches the values you set can be accessed. For example, if <strong id="asm_01_0036__b1697833709102415">Key</strong> is set to <strong id="asm_01_0036__b2061631694102415">User</strong> and <strong id="asm_01_0036__b781961949102415">Value</strong> is set to <strong id="asm_01_0036__b38182976102415">Internal</strong>, only requests whose headers contain <strong id="asm_01_0036__b1880166255102415">User</strong> with the value <strong id="asm_01_0036__b438277587102415">Internal</strong> are responded by the service of the grayscale version.</li><li id="asm_01_0036__li1830122117716"><strong id="asm_01_0036__b1433176777102415">Regular expression</strong>: When the header of a request matches the configured regular expression, the request will be distributed to the grayscale version.<p id="asm_01_0036__p530216211679">You can customize the key and value for filtering. The value supports the full match and regular expression.</p>
</li></ul>
</li><li id="asm_01_0036__li0455205112192"><strong id="asm_01_0036__b6293190135211">Query</strong><ul id="asm_01_0036__ul122705534206"><li id="asm_01_0036__li62701453112015"><strong id="asm_01_0036__b052280152213">Full match</strong>: Only the query that fully matches the values you set can be used for service access. For example, if <strong id="asm_01_0036__b1874948701102415">Key</strong> is set to <strong id="asm_01_0036__b1903766040102415">User</strong> and <strong id="asm_01_0036__b1996971534102415">Value</strong> is set to <strong id="asm_01_0036__b2112203613102415">Internal</strong>, only requests whose queries contain <strong id="asm_01_0036__b433224998102415">User</strong> with the value <strong id="asm_01_0036__b566472174102415">Internal</strong> are responded by the grayscale version.</li><li id="asm_01_0036__li127075311208"><strong id="asm_01_0036__b1062257843102415">Regular expression</strong>: When the query of a request matches the configured regular expression, the request will be distributed to the grayscale version.<p id="asm_01_0036__p112701053182010">You can customize the key and value for filtering. The value supports the full match and regular expression.</p>
</li><li id="asm_01_0036__li0455205112192"><strong id="asm_01_0036__b6293190135211">Query</strong><ul id="asm_01_0036__ul122705534206"><li id="asm_01_0036__li62701453112015"><strong id="asm_01_0036__b052280152213">Full match</strong>: Only the URL that fully matches the values you set can be accessed. For example, if <strong id="asm_01_0036__b1874948701102415">Key</strong> is set to <strong id="asm_01_0036__b1903766040102415">User</strong> and <strong id="asm_01_0036__b1996971534102415">Value</strong> is set to <strong id="asm_01_0036__b2112203613102415">Internal</strong>, only requests whose queries contain <strong id="asm_01_0036__b433224998102415">User</strong> with the value <strong id="asm_01_0036__b566472174102415">Internal</strong> are responded by the service of the grayscale version.</li><li id="asm_01_0036__li127075311208"><strong id="asm_01_0036__b1062257843102415">Regular expression</strong>: When the query of a request matches the configured regular expression, the request will be distributed to the grayscale version.<p id="asm_01_0036__p112701053182010">You can customize the key and value for filtering. The value supports the full match and regular expression.</p>
</li></ul>
</li><li id="asm_01_0036__li15787154419"><strong id="asm_01_0036__b649621384102415">Allowed OS</strong>: Select OSs that can access the grayscale version, including iOS, Android, Windows, and macOS.</li><li id="asm_01_0036__li526131604411"><strong id="asm_01_0036__b2030726272102415">Allowed Browser</strong>: Select browsers that can access the grayscale version, including Chrome and Internet Explorer.</li><li id="asm_01_0036__li1630402520442"><strong id="asm_01_0036__b1968871174102415">Traffic management YAML</strong>: The rule YAML is automatically generated based on the configured parameters.</li></ul>
</li></ul>

6
docs/asm/umn/asm_01_0037.html
View File

@ -8,13 +8,13 @@
<ol id="asm_01_0037__ol22602493585"><li id="asm_01_0037__li172608490583"><span>Log in to the ASM console and click the name of the target service mesh to go to its details page.</span></li><li id="asm_01_0037__li1685515685910"><span>In the navigation pane, choose <strong id="asm_01_0037__b1198257152102457">Grayscale Release</strong>. Then click the target canary release task.</span></li><li id="asm_01_0037__li119651731195914"><span>On the <span class="uicontrol" id="asm_01_0037__uicontrol15603542195919"><b>Configure Traffic Policy</b></span> page, set the traffic ratio of the grayscale version.</span><p><p id="asm_01_0037__p204971340517">If the traffic ratio of the grayscale version is set to <strong id="asm_01_0037__b1049686697102457">x</strong>, the traffic ratio of the original version is automatically adjusted to <strong id="asm_01_0037__b1249862318102457">100-x</strong>.</p>
</p></li><li id="asm_01_0037__li1654913119011"><span>Click <strong id="asm_01_0037__b2088803477102457">Deliver Policy</strong>.</span></li></ol>
<p id="asm_01_0037__p229215343582"><strong id="asm_01_0037__b2085653513584">Modifying a grayscale policy that is based on request content</strong></p>
<p id="asm_01_0037__p78315545421">With such a policy, a grayscale version can be accessed only when the traffic meets the rules based on cookies, headers, queries, allowed operating systems, and allowed browsers. In real-world use cases, rules may be modified for multiple times to fully verify the performance of the grayscale version.</p>
<ol id="asm_01_0037__ol63435402427"><li id="asm_01_0037__li83431840114212"><span>Log in to the ASM console and click the name of the target service mesh to go to its details page.</span></li><li id="asm_01_0037__li1343134014429"><span>In the navigation pane, choose <strong id="asm_01_0037__b1329515052517">Grayscale Release</strong>. Then click the target canary release task.</span></li><li id="asm_01_0037__li43433409426"><span>On the <span class="uicontrol" id="asm_01_0037__uicontrol221028061102457"><b>Configure Traffic Policy</b></span> page, reconfigure <strong id="asm_01_0037__b158529202102457">Cookie</strong>, <strong id="asm_01_0037__b1274928578102457">Header</strong>, <strong id="asm_01_0037__b1679842724102457">Query</strong>, <strong id="asm_01_0037__b227798411102457">Allowed OS</strong>, and <strong id="asm_01_0037__b323640813102457">Allowed Browser</strong>.</span></li><li id="asm_01_0037__li134315402422"><span>Click <strong id="asm_01_0037__b1247868421102457">Deliver Policy</strong>.</span></li></ol>
<p id="asm_01_0037__p78315545421">With such a policy, a grayscale version can be accessed only when the traffic meets the rules based on Cookies, Headers, Queries, Allowed Operating Systems, and Allowed Browsers. In real-world use cases, rules may be modified for multiple times to fully verify the performance of the grayscale version.</p>
<ol id="asm_01_0037__ol63435402427"><li id="asm_01_0037__li83431840114212"><span>Log in to the ASM console and click the name of the target service mesh to go to its details page.</span></li><li id="asm_01_0037__li1343134014429"><span>In the navigation pane on the left, choose <strong id="asm_01_0037__b808078738102457">Grayscale Release</strong> and click the target canary release task.</span></li><li id="asm_01_0037__li43433409426"><span>On the <span class="uicontrol" id="asm_01_0037__uicontrol221028061102457"><b>Configure Traffic Policy</b></span> page, reconfigure <strong id="asm_01_0037__b158529202102457">Cookie</strong>, <strong id="asm_01_0037__b1274928578102457">Header</strong>, <strong id="asm_01_0037__b1679842724102457">Query</strong>, <strong id="asm_01_0037__b227798411102457">Allowed OS</strong>, and <strong id="asm_01_0037__b323640813102457">Allowed Browser</strong>.</span></li><li id="asm_01_0037__li134315402422"><span>Click <strong id="asm_01_0037__b1247868421102457">Deliver Policy</strong>.</span></li></ol>
</div>
<div class="section" id="asm_01_0037__section1198719955819"><h4 class="sectiontitle">Switching the Grayscale Policy Type</h4><p id="asm_01_0037__p1938319221655">You can change the type of a grayscale policy from <span class="uicontrol" id="asm_01_0037__uicontrol196956419398"><b>based on request content</b></span> to <span class="uicontrol" id="asm_01_0037__uicontrol8517310113911"><b>based on traffic ratio</b></span> and vice versa. After this operation is complete, all configured rules become invalid and all traffic is redistributed based on the new policy.</p>
<div class="notice" id="asm_01_0037__note084791961611"><span class="noticetitle"><img src="public_sys-resources/notice_3.0-en-us.png"> </span><div class="noticebody"><p id="asm_01_0037__p071154481611">Grayscale policies can be changed only for running tasks. After a grayscale version is released (that is, the new version completely takes over the traffic and the old version has been brought offline), its grayscale policy cannot be reconfigured.</p>
</div></div>
<ol id="asm_01_0037__ol1210818591352"><li id="asm_01_0037__li52621017101914"><span>Log in to the ASM console and click the name of the target service mesh to go to its details page.</span></li><li id="asm_01_0037__li46935210529"><span>In the navigation pane, choose <strong id="asm_01_0037__b6894111472512">Grayscale Release</strong>. Then click the target canary release task.</span></li><li id="asm_01_0037__li196067405229"><span>On the <span class="uicontrol" id="asm_01_0037__uicontrol85896715214"><b>Configure Traffic Policy</b></span> page, change the policy type.</span></li><li id="asm_01_0037__li188191539102411"><span>Click <strong id="asm_01_0037__b1743078927102457">Deliver Policy</strong>.</span></li></ol>
<ol id="asm_01_0037__ol1210818591352"><li id="asm_01_0037__li52621017101914"><span>Log in to the ASM console and click the name of the target service mesh to go to its details page.</span></li><li id="asm_01_0037__li46935210529"><span>In the navigation pane on the left, choose <strong id="asm_01_0037__b245738102102457">Grayscale Release</strong> and click the target canary release task.</span></li><li id="asm_01_0037__li196067405229"><span>On the <span class="uicontrol" id="asm_01_0037__uicontrol85896715214"><b>Configure Traffic Policy</b></span> page, change the policy type.</span></li><li id="asm_01_0037__li188191539102411"><span>Click <strong id="asm_01_0037__b1743078927102457">Deliver Policy</strong>.</span></li></ol>
</div>
<div class="section" id="asm_01_0037__section124701017142211"><h4 class="sectiontitle">Taking Over All Traffic</h4><p id="asm_01_0037__p772618508120">After you click <span class="uicontrol" id="asm_01_0037__uicontrol6726125018123"><b>Take Over All Traffic</b></span>, the original version or grayscale version takes over all traffic.</p>
<ol id="asm_01_0037__ol11726175016122"><li id="asm_01_0037__li590412592365"><span>Log in to the ASM console and click the name of the target service mesh to go to its details page.</span></li><li id="asm_01_0037__li167261550131217"><span>In the navigation pane on the left, choose <strong id="asm_01_0037__b2072504440102457">Grayscale Release</strong> and click the target grayscale release task.</span></li><li id="asm_01_0037__li11726450171215"><span>On the <strong id="asm_01_0037__b675106888102457">Monitor and Manage Traffic</strong> page, click <strong id="asm_01_0037__b2027459733102457">Take Over All Traffic</strong> next to the target version.</span></li><li id="asm_01_0037__li107261550141217"><span>In the displayed dialog box, click <strong id="asm_01_0037__b313926256102457">OK</strong>.</span></li></ol>

14
docs/asm/umn/asm_01_0041.html
View File

@ -5,15 +5,12 @@
<div class="section" id="asm_01_0041__section65931513505"><a name="asm_01_0041__section65931513505"></a><a name="section65931513505"></a><h4 class="sectiontitle">Injecting a Sidecar</h4><p id="asm_01_0041__p1820212632111">You can view the namespace and cluster that the injected sidecar belongs to. If no sidecar has been injected or you need to inject sidecars for more namespaces, perform the following operations:</p>
<ol id="asm_01_0041__ol13641175216560"><li id="asm_01_0041__li683575385614"><span>Log in to the ASM console and click the name of the target service mesh to go to its details page.</span></li><li id="asm_01_0041__li987742619292"><span>In the navigation pane, choose <strong id="asm_01_0041__b23024965310246">Mesh Configuration</strong>. Then, click the <strong id="asm_01_0041__b79698741510246">Sidecar Management</strong> tab.</span></li><li id="asm_01_0041__li122863200343"><span>Click <strong id="asm_01_0041__b212025475310246">Sidecar Management</strong>, select a namespace, determine whether enable <strong id="asm_01_0041__b34328513417">Restart Existing Services</strong>, and click <strong id="asm_01_0041__b163426572510246">OK</strong>.</span><p><p id="asm_01_0041__p5867153384619">Parameter description:</p>
<ul id="asm_01_0041__ul1213414267113"><li id="asm_01_0041__li151346264113"><strong id="asm_01_0041__b162639501293">Namespace</strong>: Select one or more namespaces. The system adds labels for namespaces based on Istio versions.<ul id="asm_01_0041__ul715833017173"><li id="asm_01_0041__li115810307178"><strong id="asm_01_0041__b93355351461">istio-injection=enabled</strong> can be used in Istio 1.13.9-r3 and earlier versions, as well as Istio 1.15.5-r2 and earlier versions.</li></ul>
<ul id="asm_01_0041__ul196772518187"><li id="asm_01_0041__li6677853189"><strong id="asm_01_0041__b5658241104719">istio.io/rev=&lt;revision&gt;</strong> can be used in Istio later than 1.13.9-r3, Istio later than 1.15.5-r2, all Istio 1.18 versions, and all Istio 1.28 versions.</li></ul>
</li><li id="asm_01_0041__li1283731219"><strong id="asm_01_0041__b176898850910246">Restart Existing Services</strong><p id="asm_01_0041__p16974516217"><span><img id="asm_01_0041__image1251935012150" src="en-us_image_0000001930216052.png"></span>: Enabling <strong id="asm_01_0041__b178031814163717">Restart Existing Services</strong> will restart the pods of existing services and temporarily interrupt your services. New pods will have istio-proxy sidecars automatically injected.</p>
<ul id="asm_01_0041__ul196772518187"><li id="asm_01_0041__li6677853189"><strong id="asm_01_0041__b5658241104719">istio.io/rev=&lt;revision&gt;</strong> can be used in Istio later than 1.13.9-r3, Istio later than 1.15.5-r2, and all Istio 1.18 versions.</li></ul>
</li><li id="asm_01_0041__li1283731219"><strong id="asm_01_0041__b176898850910246">Restart Existing Services</strong><p id="asm_01_0041__p16974516217"><span><img id="asm_01_0041__image1251935012150" src="en-us_image_0000001930216052.png"></span>: Enabling <strong id="asm_01_0041__b178031814163717">Restart Existing Services</strong> will restart the associated pods and temporarily interrupt your services. New pods will have istio-proxy sidecars automatically injected.</p>
<ul id="asm_01_0041__ul1893924912361"><li id="asm_01_0041__li149404492367">If you select a new namespace, an automatic injection label is added. After all pods running the Deployment in that namespace are restarted, the istio-proxy sidecars will be automatically injected into new pods.</li></ul>
<ul id="asm_01_0041__ul330205410366"><li id="asm_01_0041__li5302135413618">If you deselect a namespace, the automatic injection label is deleted. After all pods running the Deployment in that namespace are restarted, new pods do not have istio-proxy sidecars.</li></ul>
<ul id="asm_01_0041__ul157408585364"><li id="asm_01_0041__li074055833619">If there are pods that are not injected with sidecars in selected namespaces, all pods running the Deployment will be restarted to inject sidecars. If all pods have sidecars injected, the pods will not be restarted.</li></ul>
<p id="asm_01_0041__p45731657222"><span><img id="asm_01_0041__image1736110311031" src="en-us_image_0000001256463368.png"></span>: The istio-proxy sidecars cannot be automatically injected into the pods of existing services. You need to manually restart the pods on the CCE console to inject the sidecars. This parameter affects only existing services. If the namespaces are labeled with <strong id="asm_01_0041__b1545117533412">istio-injection=enabled</strong> or <strong id="asm_01_0041__b95971230195613">istio.io/rev=&lt;revision&gt;</strong>, sidecars will be automatically injected into new pods.</p>
<div class="caution" id="asm_01_0041__note1035861813226"><span class="cautiontitle"><img src="public_sys-resources/caution_3.0-en-us.png"> </span><div class="cautionbody"><p id="asm_01_0041__p191121442193617">This module does not provide the function of restarting services in a specific namespace. If a namespace is not selected, the automatic injection label will be removed from the namespace. After the workload in the namespace is restarted, the istio-proxy sidecar will not be automatically injected.</p>
<p id="asm_01_0041__p735815185225">To inject a sidecar into a workload in a specified namespace, ensure that the namespace is selected and enabled. Then, go to the <strong id="asm_01_0041__b106411057172819">Workloads</strong> page of the CCE cluster console, select the workload, and choose <strong id="asm_01_0041__b173501542913">More</strong> &gt; <strong id="asm_01_0041__b156784815297">Redeploy</strong>. After the workload is restarted, the istio-proxy sidecar is automatically injected.</p>
</div></div>
<p id="asm_01_0041__p45731657222"><span><img id="asm_01_0041__image1297291313419" src="en-us_image_0000001256463368.png"></span>: When you do not enable <strong id="asm_01_0041__b198411563510">Restart Existing Services</strong>, the istio-proxy sidecars cannot be automatically injected into the associated pods. You need to manually restart the workload on the CCE console to inject sidecars. This parameter affects only existing services. If the namespaces are labeled with <strong id="asm_01_0041__b1545117533412">istio-injection=enabled</strong>, sidecars will be automatically injected into new pods.</p>
</li><li id="asm_01_0041__li975935132613"><strong id="asm_01_0041__b4935192843517">Traffic Interception Settings</strong><div class="note" id="asm_01_0041__note130182311537"><img src="public_sys-resources/note_3.0-en-us.png"><span class="notetitle"> </span><div class="notebody"><p id="asm_01_0041__p5301112325320">By default, sidecars intercept all inbound and outbound traffic of pods. You can modify the default traffic rules in <strong id="asm_01_0041__b15949143017359">Traffic Interception Settings</strong>.</p>
</div></div>
<p id="asm_01_0041__p10174123175619"><strong id="asm_01_0041__b97421432123511">Inbound Ports</strong>: Inbound ports separated by commas (,). You can use this field to specify the ports that will be included or excluded for inbound traffic redirection.</p>
@ -22,12 +19,11 @@
<p id="asm_01_0041__p1492182965613"><strong id="asm_01_0041__b1262643613359">Outbound Ports</strong>: Outbound ports separated by commas (,). You can use this field to specify the ports that will be included or excluded for outbound traffic redirection.</p>
<ul id="asm_01_0041__ul887675114113"><li id="asm_01_0041__li208771351116"><strong id="asm_01_0041__b20581938193512">Include only specified ports</strong> means that the traffic from services in a service mesh over specified ports will be redirected to the sidecar.</li></ul>
<ul id="asm_01_0041__ul91091571217"><li id="asm_01_0041__li9109125715112"><strong id="asm_01_0041__b8850163916356">Exclude only specified ports</strong> means that the traffic from services in a service mesh over the ports except the specified ports will be redirected to the sidecar.</li></ul>
<p id="asm_01_0041__p14346164816561"><strong id="asm_01_0041__b1117210221271">Outbound IP Ranges</strong>: IP address ranges separated by commas (,) in CIDR format. You can use this field to specify the IP ranges that will be included or excluded for outbound traffic redirection.</p>
<p id="asm_01_0041__p14346164816561"><strong id="asm_01_0041__b13849134010355">Outbound IP Ranges</strong>: IP address ranges separated by commas (,) in CIDR format. You can use this field to specify the IP ranges that will be excluded from redirection to the sidecar.</p>
<ul id="asm_01_0041__ul13301528313"><li id="asm_01_0041__li5311221939"><strong id="asm_01_0041__b922854213514">Include only specified IP ranges</strong> means that the traffic from specified IP ranges will be redirected to the sidecar.</li></ul>
<ul id="asm_01_0041__ul112121251130"><li id="asm_01_0041__li42121455318"><strong id="asm_01_0041__b19623164303511">Exclude only specified IP ranges</strong> means that the traffic from IP ranges except the specified IP ranges will be redirected to the sidecar.</li></ul>
</li></ul>
<div class="note" id="asm_01_0041__note1279618584133"><img src="public_sys-resources/note_3.0-en-us.png"><span class="notetitle"> </span><div class="notebody"><ul id="asm_01_0041__ul3174175111130"><li id="asm_01_0041__li151741951141317">For details about why sidecar injection failed, see .</li></ul>
<ul id="asm_01_0041__ul97451116162713"><li id="asm_01_0041__li1974521615271">If ASM displays a message indicating that modification of namespace injection is not enabled in the following clusters, you need to run the <strong id="asm_01_0041__b11447123395415">kubectl</strong> command to enable namespace injection. For details, see <a href="asm_faq_0036.html">How Do I Enable Namespace Injection for a Cluster?</a></li><li id="asm_01_0041__li12746181642719">After sidecar injection is enabled for a namespace of a cluster, sidecars are automatically injected for pods of all workloads in the namespace. If you do not want to inject sidecars for some workloads, see <a href="asm_faq_0037.html">How Do I Disable Sidecar Injection for Workloads?</a></li></ul>
<div class="note" id="asm_01_0041__note1279618584133"><img src="public_sys-resources/note_3.0-en-us.png"><span class="notetitle"> </span><div class="notebody"><ul id="asm_01_0041__ul97451116162713"><li id="asm_01_0041__li1974521615271">If the system displays a message indicating that modification of namespace injection is not enabled in the following clusters, you need to run the <strong id="asm_01_0041__b11447123395415">kubectl</strong> command to enable namespace injection. For details, see <a href="asm_faq_0036.html">How Do I Enable Namespace Injection for a Cluster?</a>.</li><li id="asm_01_0041__li12746181642719">After sidecar injection is enabled for a namespace of a cluster, sidecars are automatically injected for pods of all workloads in the namespace. If you do not want to inject sidecars for some workloads, see <a href="asm_faq_0037.html">How Do I Disable Sidecar Injection for Workloads?</a>.</li></ul>
</div></div>
</p></li></ol>
</div>

2
docs/asm/umn/asm_01_0049.html
View File

@ -116,7 +116,7 @@
</tbody>
</table>
</div>
<div class="section" id="asm_01_0049__section17947144510113"><h4 class="sectiontitle">Constraints</h4><p id="asm_01_0049__p15725165911311">Traffic management cannot be performed for the service whose configuration diagnosis fails. For details about rectifying faults, see <a href="asm_01_0060.html">Fixing Items Manually</a> or <a href="asm_01_0065.html">Fixing Items Automatically</a>.</p>
<div class="section" id="asm_01_0049__section17947144510113"><h4 class="sectiontitle">Constraints</h4><p id="asm_01_0049__p15725165911311">Traffic management cannot be performed for the service whose configuration diagnosis fails. For details about rectifying faults, see <a href="asm_01_0060.html">Manual Fixing Items</a> or <a href="asm_01_0065.html">Auto Fixing Items</a>.</p>
</div>
</div>
<div>

30
docs/asm/umn/asm_01_0050.html
View File

File diff suppressed because it is too large Load Diff

16
docs/asm/umn/asm_01_0056.html
View File

@ -6,7 +6,7 @@
<p id="asm_01_0056__p113671654155016">When creating a load balancer, you need to ensure that it belongs to the same VPC as the cluster.</p>
</div>
<div class="section" id="asm_01_0056__section15169750114920"><h4 class="sectiontitle">Procedure</h4><ol id="asm_01_0056__ol4817103154612"><li id="asm_01_0056__li1433614120526"><span>Log in to the ASM console and click the name of the target service mesh to go to its details page.</span></li><li id="asm_01_0056__li218910061117"><span>In the navigation pane on the left, choose <strong id="asm_01_0056__b766458229102515">Gateway Management</strong> and click <strong id="asm_01_0056__b966014901102515">Add Gateway</strong>.</span></li><li id="asm_01_0056__li65921447162912"><span>Configure the following parameters.</span><p><ul id="asm_01_0056__ul1359211474297"><li id="asm_01_0056__li139001750192815"><strong id="asm_01_0056__b3657180102915">Gateway Name</strong><p id="asm_01_0056__p15441558132814">Enter a gateway name. Enter 4 to 59 characters starting with a lowercase letter and ending with a lowercase letter or digit. Only lowercase letters, digits, and hyphens (-) are allowed.</p>
</li><li id="asm_01_0056__li205096299321"><strong id="asm_01_0056__b1576717357329">Cluster</strong><p id="asm_01_0056__p1719143716324">Select the cluster that the gateway belongs to.</p>
</li><li id="asm_01_0056__li205096299321"><strong id="asm_01_0056__b1576717357329">Cluster</strong><p id="asm_01_0056__p1719143716324">Select the cluster to which the gateway belongs.</p>
</li><li id="asm_01_0056__li1627847173510"><strong id="asm_01_0056__b72023510139">Load Balancer</strong><ul id="asm_01_0056__ul198721433124110"><li id="asm_01_0056__li1373914385357">Gateways use shared and dedicated load balancers of ELB for the access over both public and private IPv4 networks.</li></ul>
</li><li id="asm_01_0056__li137621212344"><strong id="asm_01_0056__b196012994813">Access Entry</strong><p id="asm_01_0056__p103982038193113">Gateways configure a listener for the load balancer, which listens to requests from the load balancer and distributes traffic.</p>
<ul id="asm_01_0056__ul1776173623113"><li id="asm_01_0056__li196722183918"><strong id="asm_01_0056__b1876120366312">External Protocol</strong><p id="asm_01_0056__p12761163618313">Select one to match the protocol type of your service. <strong id="asm_01_0056__b1196471084102515">HTTP</strong>, <strong id="asm_01_0056__b727748035102515">gRPC</strong>, <strong id="asm_01_0056__b2109712016102515">TCP</strong>, <strong id="asm_01_0056__b807938525102515">TLS</strong>, and <strong id="asm_01_0056__b1914909991102515">HTTPS</strong> are supported.</p>
@ -17,17 +17,17 @@
</li><li id="asm_01_0056__li185755272428"><strong id="asm_01_0056__b33038550462">Earliest TLS Version Supported/Latest TLS Version Supported</strong><p id="asm_01_0056__p16437125165612">When configuring a TLS protocol with TLS termination enabled or an HTTPS protocol, you can select the earliest and latest TLS versions.</p>
</li></ul>
</li></ul>
</p></li><li id="asm_01_0056__li35552319193"><span>(Optional) Configure the route parameters.</span><p><p id="asm_01_0056__p350315261000">When the access address of a request matches the forwarding rule (which consists of a domain name and URL. If the domain name is left empty, the IP address of the load balancer is used by default), the request is forwarded to the corresponding target service for processing. Click <span><img id="asm_01_0056__image3642183711263" src="en-us_image_0000001209954130.png"></span>. The <strong id="asm_01_0056__b28836919618">Add Route</strong> dialog box is displayed.</p>
</p></li><li id="asm_01_0056__li35552319193"><span>(Optional) Configure routing parameters.</span><p><p id="asm_01_0056__p350315261000">When the access address of a request matches the forwarding policy (which consists of a domain name and URL. If the domain name is left empty, the ELB IP address is used by default), the request is forwarded to the corresponding target Service for processing. Click <span><img id="asm_01_0056__image3642183711263" src="en-us_image_0000001209954130.png"></span>. The <strong id="asm_01_0056__b28836919618">Add Route</strong> dialog box is displayed.</p>
<ul id="asm_01_0056__ul43052021171916"><li id="asm_01_0056__li103041421111912"><strong id="asm_01_0056__b20304152120193">Domain Name</strong><p id="asm_01_0056__p1330482114196">Enter the external domain name of the service. If this parameter is left blank, the IP address of the load balancer is used by default. If you enable TLS termination, enter a domain name configured in the certificate for SNI domain name verification.</p>
</li><li id="asm_01_0056__li1230512118195"><strong id="asm_01_0056__b3304192131916">URL Matching Rule</strong><ul id="asm_01_0056__ul43041021141915"><li id="asm_01_0056__li193041021111910"><strong id="asm_01_0056__b92221320125617">Prefix match</strong>: A URL can be accessed if its prefix is the same as the URL you set. For example, if the URL is set to <strong id="asm_01_0056__b173121244439">/healthz</strong>, <strong id="asm_01_0056__b19312162494311">/healthz/v1</strong> and <strong id="asm_01_0056__b19313112424315">/healthz/v2</strong> can be accessed.</li><li id="asm_01_0056__li2304821181912"><strong id="asm_01_0056__b167861112172215">Full match</strong>: Only the URL that fully matches the URL you set can be accessed. For example, if the URL is set to <strong id="asm_01_0056__b1296786758102515">/healthz</strong>, only <strong id="asm_01_0056__b1008928963102515">/healthz</strong> can be accessed.</li></ul>
</li><li id="asm_01_0056__li1305192141912"><strong id="asm_01_0056__b193051421101911">URL</strong><p id="asm_01_0056__p123051212194">Mapping URL supported by the service, for example, <strong id="asm_01_0056__b188131036134117">/example</strong>.</p>
</li><li id="asm_01_0056__li133056214197"><strong id="asm_01_0056__b130522112199">Namespace</strong><p id="asm_01_0056__p18305421111919">Select the namespace that the gateway belongs to.</p>
</li><li id="asm_01_0056__li1230512118195"><strong id="asm_01_0056__b3304192131916">URL Matching Rule</strong><ul id="asm_01_0056__ul43041021141915"><li id="asm_01_0056__li193041021111910"><strong id="asm_01_0056__b1640956582102515">Prefix</strong>: A URL can be accessed if its prefix is the same as that you configure. For example, <strong id="asm_01_0056__b1627472063102515">/healthz/v1</strong> and <strong id="asm_01_0056__b2009910935102515">/healthz/v2</strong>.</li><li id="asm_01_0056__li2304821181912"><strong id="asm_01_0056__b167861112172215">Exact</strong>: Only the URL that fully matches the values you set can be accessed. For example, if the URL is set to <strong id="asm_01_0056__b1296786758102515">/healthz</strong>, only <strong id="asm_01_0056__b1008928963102515">/healthz</strong> can be accessed.</li></ul>
</li><li id="asm_01_0056__li1305192141912"><strong id="asm_01_0056__b193051421101911">URL</strong><p id="asm_01_0056__p123051212194">Mapping URL supported by the service, for example, <strong id="asm_01_0056__b286376356102515">/example</strong>.</p>
</li><li id="asm_01_0056__li133056214197"><strong id="asm_01_0056__b130522112199">Namespace</strong><p id="asm_01_0056__p18305421111919">Select the namespace to which the gateway belongs.</p>
</li><li id="asm_01_0056__li33051621171912"><strong id="asm_01_0056__b11305121111916">Target Service</strong><p id="asm_01_0056__p134063347264">Service of the gateway. Select a value from the drop-down list box. The target service is filtered based on the corresponding gateway protocol. For details about the filtering rules, see <a href="asm_faq_0035.html">Why Cannot I Select the Corresponding Service When Adding a Route?</a></p>
<p id="asm_01_0056__p18216183513118">The service which configuration diagnosis fails cannot be selected. You need to fix the issues first. For details, see <a href="asm_01_0060.html">Fixing Items Manually</a> or <a href="asm_01_0065.html">Fixing Items Automatically</a>.</p>
<p id="asm_01_0056__p18216183513118">The service which configuration diagnosis fails cannot be selected. You need to fix the issues first. For details, see <a href="asm_01_0060.html">Manual Fixing Items</a> or <a href="asm_01_0065.html">Auto Fixing Items</a>.</p>
</li><li id="asm_01_0056__li10305621141916"><strong id="asm_01_0056__b5305121111910">Access Port</strong><p id="asm_01_0056__p9305182112191">Only ports that match external protocols are displayed.</p>
</li><li id="asm_01_0056__li8016197318"><strong id="asm_01_0056__b1986112519313">Rewrite</strong><p id="asm_01_0056__p42700201559">(This parameter is configurable when the external protocol is HTTP.)</p>
<p id="asm_01_0056__p149531923439">Rewrite the HTTP URI and host/authority header before forwarding. This option is disabled by default. To enable it, configure the following parameters:</p>
<ul id="asm_01_0056__ul147951020181917"><li id="asm_01_0056__li279572091910"><strong id="asm_01_0056__b37865916147">URI</strong>: used to rewrite the URI or prefix. If the original path is matched by prefix, the value provided in this field replaces the corresponding matched prefix.</li><li id="asm_01_0056__li3390152618199"><strong id="asm_01_0056__b1867783431514">Host/Authority Header</strong>: used to rewrite the HTTP host/authority header.</li></ul>
<p id="asm_01_0056__p149531923439">Rewrite the HTTP URI and host/authority header before forwarding. Disabled by default. To enable it, configure the following parameters:</p>
<ul id="asm_01_0056__ul147951020181917"><li id="asm_01_0056__li279572091910">URI: This value is used to rewrite the URI or prefix.</li><li id="asm_01_0056__li3390152618199">Host/Authority Header: This value is used to rewrite the HTTP host/authority header.</li></ul>
</li></ul>
</p></li><li id="asm_01_0056__li19910958562"><span>Click <span class="uicontrol" id="asm_01_0056__uicontrol169158519564"><b>OK</b></span>.</span><p><p id="asm_01_0056__p688514211217">You can obtain the external network access address of the service in the <strong id="asm_01_0056__b840925467102515">Service Management</strong> page.</p>
</p></li></ol>

14
docs/asm/umn/asm_01_0057.html
View File

@ -3,18 +3,18 @@
<h1 class="topictitle1">Adding a Route</h1>
<div id="body0000001121400726"><div class="section" id="asm_01_0057__section195155335313"><h4 class="sectiontitle">Scenarios</h4><p id="asm_01_0057__p931218541531">You can add multiple routes and configure multiple forwarding policies for a created gateway.</p>
</div>
<div class="section" id="asm_01_0057__section8243022955"><h4 class="sectiontitle">Procedure</h4><ol id="asm_01_0057__ol4817103154612"><li id="asm_01_0057__li218910061117"><span>Log in to the ASM console and click the name of the target service mesh to go to its details page.</span></li><li id="asm_01_0057__li4563349450"><span>In the navigation pane, choose <strong id="asm_01_0057__b1723779989102359">Gateway Management</strong>. On the displayed page, locate the target gateway and click <span class="uicontrol" id="asm_01_0057__uicontrol1443280921102359"><b>Add Route</b></span> in the <strong id="asm_01_0057__b1193311901102359">Operation</strong> column. In the displayed dialog box, configure the following parameters:</span><p><ul id="asm_01_0057__ul43052021171916"><li id="asm_01_0057__li103041421111912"><strong id="asm_01_0057__b20304152120193">Domain Name</strong><p id="asm_01_0057__p1330482114196">Enter the external domain name of the service. If this parameter is left blank, the IP address of the load balancer is used by default. If you enable TLS termination, enter a domain name configured in the certificate for SNI domain name verification.</p>
</li><li id="asm_01_0057__li1230512118195"><strong id="asm_01_0057__b3304192131916">URL Matching Rule</strong><ul id="asm_01_0057__ul43041021141915"><li id="asm_01_0057__li193041021111910"><strong id="asm_01_0057__b1911861163410">Prefix match</strong>: A URL can be accessed if its prefix is the same as the URL you set. For example, if the URL is set to <strong id="asm_01_0057__b19458121723417">/healthz</strong>, <strong id="asm_01_0057__b144584176344">/healthz/v1</strong> and <strong id="asm_01_0057__b8458151720345">/healthz/v2</strong> can be accessed.</li><li id="asm_01_0057__li2304821181912"><strong id="asm_01_0057__b14157322133415">Full match</strong>: Only the URL that fully matches the URL you set can be accessed. For example, if the URL is set to <strong id="asm_01_0057__b1582612399341">/healthz</strong>, only <strong id="asm_01_0057__b2826339163411">/healthz</strong> can be accessed.</li></ul>
</li><li id="asm_01_0057__li1305192141912"><strong id="asm_01_0057__b193051421101911">URL</strong><p id="asm_01_0057__p123051212194">Mapped URL that can access the target service, for example, <strong id="asm_01_0057__b19589191713243">/example</strong>.</p>
<div class="section" id="asm_01_0057__section8243022955"><h4 class="sectiontitle">Procedure</h4><ol id="asm_01_0057__ol4817103154612"><li id="asm_01_0057__li218910061117"><span>Log in to the ASM console and click the name of the target service mesh to go to its details page.</span></li><li id="asm_01_0057__li4563349450"><span>In the navigation pane on the left, choose <strong id="asm_01_0057__b1723779989102359">Gateway Management</strong>, select the target gateway, click <span class="uicontrol" id="asm_01_0057__uicontrol1443280921102359"><b>Add Route</b></span> in the <strong id="asm_01_0057__b1193311901102359">Operation</strong> column, and configure the following parameters:</span><p><ul id="asm_01_0057__ul43052021171916"><li id="asm_01_0057__li103041421111912"><strong id="asm_01_0057__b20304152120193">Domain Name</strong><p id="asm_01_0057__p1330482114196">Enter the external domain name of the service. If this parameter is left blank, the IP address of the load balancer is used by default. If you enable TLS termination, enter a domain name configured in the certificate for SNI domain name verification.</p>
</li><li id="asm_01_0057__li1230512118195"><strong id="asm_01_0057__b3304192131916">URL Matching Rule</strong><ul id="asm_01_0057__ul43041021141915"><li id="asm_01_0057__li193041021111910"><strong id="asm_01_0057__b962008790102359">Prefix</strong>: A URL can be accessed if its prefix is the same as that you configure. For example, <strong id="asm_01_0057__b518106701102359">/healthz/v1</strong> and <strong id="asm_01_0057__b1301388330102359">/healthz/v2</strong>.</li><li id="asm_01_0057__li2304821181912"><strong id="asm_01_0057__b1070295332113">Exact</strong>: Only the URL that fully matches the values you set can be accessed. For example, if the URL is set to <strong id="asm_01_0057__b1560656592102359">/healthz</strong>, only <strong id="asm_01_0057__b592325887102359">/healthz</strong> can be accessed.</li></ul>
</li><li id="asm_01_0057__li1305192141912"><strong id="asm_01_0057__b193051421101911">URL</strong><p id="asm_01_0057__p123051212194">Mapping URL supported by the service, for example, <strong id="asm_01_0057__b1278776861102359">/example</strong>.</p>
<div class="note" id="asm_01_0057__note1841442516472"><img src="public_sys-resources/note_3.0-en-us.png"><span class="notetitle"> </span><div class="notebody"><p id="asm_01_0057__p19415112514478">The URLs of the same gateway must be unique.</p>
</div></div>
</li><li id="asm_01_0057__li133056214197"><strong id="asm_01_0057__b130522112199">Namespace</strong><p id="asm_01_0057__p18305421111919">Select the namespace that the gateway belongs to.</p>
</li><li id="asm_01_0057__li133056214197"><strong id="asm_01_0057__b130522112199">Namespace</strong><p id="asm_01_0057__p18305421111919">Select the namespace to which the gateway belongs.</p>
</li><li id="asm_01_0057__li33051621171912"><strong id="asm_01_0057__b11305121111916">Target Service</strong><p id="asm_01_0057__p134063347264">Service of the gateway. Select a value from the drop-down list box. The target service is filtered based on the corresponding gateway protocol. For details about the filtering rules, see <a href="asm_faq_0035.html">Why Cannot I Select the Corresponding Service When Adding a Route?</a>.</p>
<p id="asm_01_0057__p18216183513118">The service which configuration diagnosis fails cannot be selected. You need to fix the issues first. For details, see <a href="asm_01_0060.html">Fixing Items Manually</a> or <a href="asm_01_0065.html">Fixing Items Automatically</a>.</p>
<p id="asm_01_0057__p18216183513118">The service which configuration diagnosis fails cannot be selected. You need to fix the issues first. For details, see <a href="asm_01_0060.html">Manual Fixing Items</a> or <a href="asm_01_0065.html">Auto Fixing Items</a>.</p>
</li><li id="asm_01_0057__li10305621141916"><strong id="asm_01_0057__b5305121111910">Access Port</strong><p id="asm_01_0057__p9305182112191">Only ports that match external protocols are displayed.</p>
</li><li id="asm_01_0057__li8016197318"><strong id="asm_01_0057__b1986112519313">Rewrite</strong><p id="asm_01_0057__p42700201559">(This parameter is configurable when the external protocol is HTTP.)</p>
<p id="asm_01_0057__p149531923439">Rewrite the HTTP URI and host/authority header before forwarding. This option is disabled by default. To enable it, configure the following parameters:</p>
<ul id="asm_01_0057__ul147951020181917"><li id="asm_01_0057__li279572091910"><strong id="asm_01_0057__b7909141711237">URI</strong>: used to rewrite the URI or prefix. If the original path is matched by prefix, the value provided in this field replaces the corresponding matched prefix.</li><li id="asm_01_0057__li3390152618199"><strong id="asm_01_0057__b15841624102313">Host/Authority Header</strong>: used to rewrite the HTTP host/authority header.</li></ul>
<p id="asm_01_0057__p149531923439">Rewrite the HTTP URI and host/authority header before forwarding. Disabled by default. To enable it, configure the following parameters:</p>
<ul id="asm_01_0057__ul147951020181917"><li id="asm_01_0057__li279572091910">URI: This value is used to rewrite the URI or prefix.</li><li id="asm_01_0057__li3390152618199">Host/Authority Header: This value is used to rewrite the HTTP host/authority header.</li></ul>
</li></ul>
</p></li><li id="asm_01_0057__li1666416119713"><span>Click <span class="uicontrol" id="asm_01_0057__uicontrol8784608473"><b>OK</b></span>.</span></li></ol>
</div>

2
docs/asm/umn/asm_01_0060.html
View File

@ -1,6 +1,6 @@
<a name="asm_01_0060"></a><a name="asm_01_0060"></a>
<h1 class="topictitle1">Fixing Items Manually</h1>
<h1 class="topictitle1">Manual Fixing Items</h1>
<div id="body0000001175771819"></div>
<div>
<ul class="ullinks">

2
docs/asm/umn/asm_01_0061.html
View File

@ -25,7 +25,7 @@
</div>
<div>
<div class="familylinks">
<div class="parentlink"><strong>Parent topic:</strong> <a href="asm_01_0060.html">Fixing Items Manually</a></div>
<div class="parentlink"><strong>Parent topic:</strong> <a href="asm_01_0060.html">Manual Fixing Items</a></div>
</div>
</div>

2
docs/asm/umn/asm_01_0062.html
View File

@ -25,7 +25,7 @@
</div>
<div>
<div class="familylinks">
<div class="parentlink"><strong>Parent topic:</strong> <a href="asm_01_0060.html">Fixing Items Manually</a></div>
<div class="parentlink"><strong>Parent topic:</strong> <a href="asm_01_0060.html">Manual Fixing Items</a></div>
</div>
</div>

18
docs/asm/umn/asm_01_0063.html
View File

@ -3,13 +3,13 @@
<h1 class="topictitle1">All Pods Have Sidecars Injected</h1>
<div id="body0000001175772865"><div class="section" id="asm_01_0063__section146041745338"><h4 class="sectiontitle">Description</h4><p id="asm_01_0063__p1487717583317">An <strong id="asm_01_0063__b8850152035217">istio-proxy</strong> container must exist in all pods of a Service. Otherwise, this item is abnormal.</p>
</div>
<div class="section" id="asm_01_0063__section1457519694110"><h4 class="sectiontitle">Rectification Guide</h4><ol id="asm_01_0063__ol11865432551"><li id="asm_01_0063__li12186243175513"><span>Log in to the ASM console and click the name of the service mesh that the Service is added to. In the navigation pane, choose <strong id="asm_01_0063__b913273845519">Mesh Configuration</strong>. On the displayed page, click the <strong id="asm_01_0063__b11321438195516">Sidecar Management</strong> tab. Then, check whether a sidecar is injected into the namespace that the Service belongs to.</span><p><ul id="asm_01_0063__ul1680513160015"><li id="asm_01_0063__li1680515161008">If the sidecar is not injected into the namespace, go to <a href="#asm_01_0063__li1665121115612">2</a>.</li><li id="asm_01_0063__li198192408015">If the sidecar has been injected into the namespace, go to <a href="#asm_01_0063__li127525055610">3</a>.<p id="asm_01_0063__p1515351917258">Check method:</p>
<div class="section" id="asm_01_0063__section1457519694110"><h4 class="sectiontitle">Rectification Guide</h4><ol id="asm_01_0063__ol11865432551"><li id="asm_01_0063__li12186243175513"><span>Log in to the ASM console and click the name of the service mesh that the Service is added to. Choose <strong id="asm_01_0063__b761794971520">Mesh Configuration</strong> in the navigation pane, click the <strong id="asm_01_0063__b861824921513">Sidecar Management</strong> tab, and check whether a sidecar is injected into the namespace that the Service belongs to.</span><p><ul id="asm_01_0063__ul1680513160015"><li id="asm_01_0063__li1680515161008">If the sidecar is not injected into the namespace, go to <a href="#asm_01_0063__li1665121115612">2</a>.</li><li id="asm_01_0063__li198192408015">If the sidecar has been injected into the namespace, go to <a href="#asm_01_0063__li127525055610">3</a>.<p id="asm_01_0063__p1515351917258">Check method:</p>
<p id="asm_01_0063__p42381524122517">On the CCE console, click the cluster name to access the cluster console. In the navigation pane, choose <strong id="asm_01_0063__b11801397414">Namespaces</strong>. On the displayed page, locate your namespace and click <strong id="asm_01_0063__b9613112883416">Edit YAML</strong> in the <strong id="asm_01_0063__b15711152403411">Operation</strong> column. If there is the <strong id="asm_01_0063__b175091651103918">istio.io/rev=&lt;revision&gt;</strong> or <strong id="asm_01_0063__b20795258123916">istio-injection=enabled</strong> label, the sidecar has been injected.</p>
<div class="note" id="asm_01_0063__note87391512153111"><img src="public_sys-resources/note_3.0-en-us.png"><span class="notetitle"> </span><div class="notebody"><ul id="asm_01_0063__ul12328442183114"><li id="asm_01_0063__li832864243112">There must the <strong id="asm_01_0063__b128477083514">istio-injection=enabled</strong> label for Istio 1.13.9-r3 and earlier versions, as well as Istio 1.15.5-r2 and earlier versions. Note that the version numbers are combined by hyphens (-).</li><li id="asm_01_0063__li89671844113111">There must be the <strong id="asm_01_0063__b198671148379">istio.io/rev=&lt;revision&gt;</strong> label for Istio later than 1.13.9-r3, Istio later than 1.15.5-r2, and all Istio 1.18 versions. Note that the version numbers are combined by hyphens (-).<p id="asm_01_0063__p1336942717254"><span><img id="asm_01_0063__image4821824135818" src="en-us_image_0000002086005592.png"></span></p>
</li></ul>
</div></div>
</li></ul>
</p></li><li id="asm_01_0063__li1665121115612"><a name="asm_01_0063__li1665121115612"></a><a name="li1665121115612"></a><span>Inject a sidecar into a workload or inject sidecars into the pods of all workloads in the namespace.</span><p><p id="asm_01_0063__p126911222119">Injection methods:</p>
</p></li><li id="asm_01_0063__li1665121115612"><a name="asm_01_0063__li1665121115612"></a><a name="li1665121115612"></a><span>Inject a sidecar into a workload or inject sidecars into the pods of all workloads in the namespace. For details, see <a href="asm_01_0041.html#asm_01_0041__section65931513505">Injecting a Sidecar</a>.</span><p><p id="asm_01_0063__p126911222119">Injection methods:</p>
<ul id="asm_01_0063__ul142566176620"><li id="asm_01_0063__li1717131013105">To inject sidecars into the pods of all workloads in the namespace, run the following command to add a label to the namespace (the label varies depending on the Istio version):<pre class="screen" id="asm_01_0063__screen1281611095517"><strong id="asm_01_0063__b1181951015558">kubectl label ns</strong> &lt;namespace&gt; istio-injection=enabled</pre>
<p id="asm_01_0063__p19362226185219">Or</p>
<pre class="screen" id="asm_01_0063__screen1788741815554"><strong id="asm_01_0063__b128882181554">kubectl label ns</strong> &lt;namespace&gt; istio.io/rev=&lt;revision&gt;</pre>
@ -18,24 +18,22 @@
</div>
</div></div>
</li></ul>
<ul id="asm_01_0063__ul77018142713"><li id="asm_01_0063__li168449341119">Injecting a sidecar into a workload<p id="asm_01_0063__p10496970111"><a name="asm_01_0063__li168449341119"></a><a name="li168449341119"></a>On the CCE console, locate the target workload, choose <strong id="asm_01_0063__b4452123114113">More</strong> &gt; <strong id="asm_01_0063__b109016381012">Edit YAML</strong> in the <strong id="asm_01_0063__b157254481818">Operation</strong> column, and manually add the <strong id="asm_01_0063__b250343594810">annotations</strong> or <strong id="asm_01_0063__b672144111486">labels</strong> field based on your Istio version.</p>
<ul id="asm_01_0063__ul1915643412531"><li id="asm_01_0063__li169663217532">For 1.13.9-r3 and later versions, 1.15.5-r2 and later versions, and all 1.18 versions, the configuration is follows:<pre class="screen" id="asm_01_0063__screen83914201599"> labels:
istio.io/rev=&lt;revision&gt;</pre>
</li><li id="asm_01_0063__li12491642185318">For 1.13.9-r3 and earlier versions as well as 1.15.5-r2 and earlier versions, the configuration is follows:<pre class="screen" id="asm_01_0063__screen10491442125313"> annotations:
istio-injection: enabled</pre>
</li></ul>
<ul id="asm_01_0063__ul77018142713"><li id="asm_01_0063__li168449341119">Injecting a sidecar into a workload<div class="p" id="asm_01_0063__p10496970111"><a name="asm_01_0063__li168449341119"></a><a name="li168449341119"></a>On the CCE console, locate the target workload, choose <strong id="asm_01_0063__b4452123114113">More</strong> &gt; <strong id="asm_01_0063__b109016381012">Edit YAML</strong> in the <strong id="asm_01_0063__b157254481818">Operation</strong> column, and manually add the <strong id="asm_01_0063__b04982581119">annotations</strong> field.<pre class="screen" id="asm_01_0063__screen575018269110"> annotations:
sidecar.istio.io/inject: 'true'</pre>
</div>
<p id="asm_01_0063__p1794791520305"><span><img id="asm_01_0063__image115521522121112" src="en-us_image_0000001394586873.png"></span></p>
</li></ul>
<p id="asm_01_0063__p18904104210315">For more details about sidecar injection, see <a href="https://istio.io/latest/docs/setup/additional-setup/sidecar-injection/" target="_blank" rel="noopener noreferrer">Installing the Sidecar</a>.</p>
</p></li><li id="asm_01_0063__li127525055610"><a name="asm_01_0063__li127525055610"></a><a name="li127525055610"></a><span>If namespace injection is enabled for the cluster but no sidecar is injected into the pod, you need to manually restart the pod on the CCE console as follows:</span><p><p id="asm_01_0063__p6931112013420">On the CCE console, choose <strong id="asm_01_0063__b51514267743241">More</strong> &gt; <strong id="asm_01_0063__b185900250343241">Redeploy</strong> in the <strong id="asm_01_0063__b143167820043241">Operation</strong> column of the target workload.</p>
</p></li><li id="asm_01_0063__li10713191914412"><span>Check whether the host network mode is configured for the workload as follows:</span><p><p id="asm_01_0063__p31276451075">On the CCE console, choose <strong id="asm_01_0063__b1371751914718">More</strong> &gt; <strong id="asm_01_0063__b15717191914719">Edit YAML</strong> in the <strong id="asm_01_0063__b07176192714">Operation</strong> column of the target workload, and check whether <strong id="asm_01_0063__b1178116582714">spec.template.spec.hostNetwork: true</strong> is configured. If yes, check whether this field can be deleted or set to <strong id="asm_01_0063__b1692120472143">false</strong>. Otherwise, sidecars cannot be injected.</p>
<p id="asm_01_0063__p196591218181315"><span><img id="asm_01_0063__image1665921861311" src="en-us_image_0000001344069664.png"></span></p>
</p></li><li id="asm_01_0063__li127567207111"><span>Check whether the number of pods exceeds the service mesh scale.</span><p><p id="asm_01_0063__p1075619201610">If the number exceeds, the excess pods cannot be injected with sidecars.</p>
</p></li><li id="asm_01_0063__li127567207111"><span>Check whether the number of pods exceeds the service mesh scale.</span><p><p id="asm_01_0063__p1075619201610">If the number exceeds , the excess pods cannot be injected with sidecars.</p>
</p></li></ol>
</div>
</div>
<div>
<div class="familylinks">
<div class="parentlink"><strong>Parent topic:</strong> <a href="asm_01_0060.html">Fixing Items Manually</a></div>
<div class="parentlink"><strong>Parent topic:</strong> <a href="asm_01_0060.html">Manual Fixing Items</a></div>
</div>
</div>

4
docs/asm/umn/asm_01_0065.html
View File

@ -1,6 +1,6 @@
<a name="asm_01_0065"></a><a name="asm_01_0065"></a>
<h1 class="topictitle1">Fixing Items Automatically</h1>
<h1 class="topictitle1">Auto Fixing Items</h1>
<div id="body0000001175891735"></div>
<div>
<ul class="ullinks">
@ -8,7 +8,7 @@
</li>
<li class="ulchildlink"><strong><a href="asm_01_0067.html">The Service Selector Cannot Contain version Labels</a></strong><br>
</li>
<li class="ulchildlink"><strong><a href="asm_01_0069.html">The Service Is Configured with a Default-Version Route and the Route Configuration Is Correct</a></strong><br>
<li class="ulchildlink"><strong><a href="asm_01_0069.html">The Service Is Configured with a Default-version Route and The Route Configuration Is Correct</a></strong><br>
</li>
</ul>

4
docs/asm/umn/asm_01_0066.html
View File

@ -6,13 +6,13 @@
<p id="asm_01_0066__p0468101021218"><strong id="asm_01_0066__b1009304413102627">&lt;protocol&gt;</strong> can be <strong id="asm_01_0066__b2134182545102627">http</strong>, <strong id="asm_01_0066__b426502840102627">tcp</strong>, or <strong id="asm_01_0066__b1310352250102627">grpc</strong>. Istio provides routing capabilities based on protocols defined on ports. For example, <strong id="asm_01_0066__b413874376102627">name: http-service0</strong> and <strong id="asm_01_0066__b1009174383102627">name: tcp</strong> are valid port names, while <strong id="asm_01_0066__b1702190975102627">name: httpforecast</strong> is not.</p>
<p id="asm_01_0066__p122601816122117">If the Service port name is invalid, this item is abnormal.</p>
</div>
<div class="section" id="asm_01_0066__section727870104217"><h4 class="sectiontitle">Rectification Guide</h4><ol id="asm_01_0066__ol1727810104213"><li id="asm_01_0066__li102781407429"><span>Log in to the CCE console and click the cluster name to go to the cluster console.</span></li><li id="asm_01_0066__li52781302422"><span>In the navigation pane, choose <strong id="asm_01_0066__b236423932019">Services &amp; Ingresses</strong>. On the <strong id="asm_01_0066__b474713414458">Service</strong> tab, search for the Service by cluster name and namespace, and click <strong id="asm_01_0066__b862745419249">Edit YAML</strong>. Then, view and modify the Service protocol and add the protocol type before the Service name.</span><p><p id="asm_01_0066__p142784012424"><span><img id="asm_01_0066__image112786012424" src="en-us_image_0000001254992703.png"></span></p>
<div class="section" id="asm_01_0066__section727870104217"><h4 class="sectiontitle">Rectification Guide</h4><ol id="asm_01_0066__ol1727810104213"><li id="asm_01_0066__li102781407429"><span>Log in to the CCE console and click the cluster name to go to the cluster console.</span></li><li id="asm_01_0066__li52781302422"><span>In the navigation pane, choose <strong id="asm_01_0066__b236423932019">Services &amp; Ingresses</strong>. Click the <strong id="asm_01_0066__b474713414458">Service</strong> tab, search for the Service by cluster name and namespace, and click <strong id="asm_01_0066__b862745419249">Edit YAML</strong>. Then, view the Service protocol and add a protocol type before the Service name.</span><p><p id="asm_01_0066__p142784012424"><span><img id="asm_01_0066__image112786012424" src="en-us_image_0000001254992703.png"></span></p>
</p></li><li id="asm_01_0066__li9278600425"><span>Click <strong id="asm_01_0066__b1508075284102627">OK</strong>.</span></li></ol>
</div>
</div>
<div>
<div class="familylinks">
<div class="parentlink"><strong>Parent topic:</strong> <a href="asm_01_0065.html">Fixing Items Automatically</a></div>
<div class="parentlink"><strong>Parent topic:</strong> <a href="asm_01_0065.html">Auto Fixing Items</a></div>
</div>
</div>

4
docs/asm/umn/asm_01_0067.html
View File

@ -3,13 +3,13 @@
<h1 class="topictitle1">The Service Selector Cannot Contain version Labels</h1>
<div id="body0000001175892785"><div class="section" id="asm_01_0067__section53791230142415"><h4 class="sectiontitle">Description</h4><p id="asm_01_0067__p18675632152410">The <strong id="asm_01_0067__b9712182727">spec.selector</strong> of a Service cannot be labeled with <strong id="asm_01_0067__b127131229217">version</strong>. Otherwise, this item is abnormal.</p>
</div>
<div class="section" id="asm_01_0067__section1746811221448"><h4 class="sectiontitle">Rectification Guide</h4><ol id="asm_01_0067__ol2046892274413"><li id="asm_01_0067__li194682224444"><span>Log in to the CCE console and click the cluster name to go to the cluster console.</span></li><li id="asm_01_0067__li134681722134416"><span>In the navigation pane, choose <strong id="asm_01_0067__b1982141613293">Services &amp; Ingresses</strong>. On the <strong id="asm_01_0067__b13800823104714">Service</strong> tab, search for the Service by cluster name and namespace, click <strong id="asm_01_0067__b1641517485317">Edit YAML</strong>. Then, view <strong id="asm_01_0067__b12282102411321">spec.selector</strong> and delete the <strong id="asm_01_0067__b27141245113215">version</strong> label.</span><p><p id="asm_01_0067__p74682223442"><span><img id="asm_01_0067__image11468192210442" src="en-us_image_0000001254992865.png"></span></p>
<div class="section" id="asm_01_0067__section1746811221448"><h4 class="sectiontitle">Rectification Guide</h4><ol id="asm_01_0067__ol2046892274413"><li id="asm_01_0067__li194682224444"><span>Log in to the CCE console and click the cluster name to go to the cluster console.</span></li><li id="asm_01_0067__li134681722134416"><span>In the navigation pane, choose <strong id="asm_01_0067__b1982141613293">Services &amp; Ingresses</strong>. Click the <strong id="asm_01_0067__b13800823104714">Service</strong> tab, search for the Service by cluster name and namespace, click <strong id="asm_01_0067__b1641517485317">Edit YAML</strong>. Then, view <strong id="asm_01_0067__b12282102411321">spec.selector</strong> and delete the <strong id="asm_01_0067__b27141245113215">version</strong> label.</span><p><p id="asm_01_0067__p74682223442"><span><img id="asm_01_0067__image11468192210442" src="en-us_image_0000001254992865.png"></span></p>
</p></li></ol>
</div>
</div>
<div>
<div class="familylinks">
<div class="parentlink"><strong>Parent topic:</strong> <a href="asm_01_0065.html">Fixing Items Automatically</a></div>
<div class="parentlink"><strong>Parent topic:</strong> <a href="asm_01_0065.html">Auto Fixing Items</a></div>
</div>
</div>

4
docs/asm/umn/asm_01_0069.html
View File

@ -1,6 +1,6 @@
<a name="asm_01_0069"></a><a name="asm_01_0069"></a>
<h1 class="topictitle1">The Service Is Configured with a Default-Version Route and the Route Configuration Is Correct</h1>
<h1 class="topictitle1">The Service Is Configured with a Default-version Route and The Route Configuration Is Correct</h1>
<div id="body0000001129693296"><div class="section" id="asm_01_0069__section338613811422"><h4 class="sectiontitle">Description</h4><p id="asm_01_0069__p73411754171">Istio defines service traffic routing rules in <strong id="asm_01_0069__b327293546102357">VirtualService</strong> and <strong id="asm_01_0069__b1336703240102357">DestinationRule</strong>. Therefore, you need to configure <strong id="asm_01_0069__b1307529050102357">VirtualService</strong> and <strong id="asm_01_0069__b531862740102357">DestinationRule</strong> for each service. The following rules must be met:</p>
<ul id="asm_01_0069__ul14631191075912"><li id="asm_01_0069__li26691915135918">All ports of a Service must be configured in <strong id="asm_01_0069__b840689012102357">VirtualService</strong>.</li><li id="asm_01_0069__li56311510165920">The protocol type in <strong id="asm_01_0069__b303546881102357">VirtualService</strong> must be the same as that of the ports of a Service.</li><li id="asm_01_0069__li332613014131">The default service version must be configured in <strong id="asm_01_0069__b946334923102357">VirtualService</strong> and <strong id="asm_01_0069__b252832806102357">DestinationRule</strong>.</li></ul>
<div class="note" id="asm_01_0069__note8326150111318"><img src="public_sys-resources/note_3.0-en-us.png"><span class="notetitle"> </span><div class="notebody"><p id="asm_01_0069__p77811347151319">If the check result changes, the port number or port name of a Service may be changed.</p>
@ -14,7 +14,7 @@
</div>
<div>
<div class="familylinks">
<div class="parentlink"><strong>Parent topic:</strong> <a href="asm_01_0065.html">Fixing Items Automatically</a></div>
<div class="parentlink"><strong>Parent topic:</strong> <a href="asm_01_0065.html">Auto Fixing Items</a></div>
</div>
</div>

2
docs/asm/umn/asm_01_0095.html
View File

@ -1,7 +1,7 @@
<a name="asm_01_0095"></a><a name="asm_01_0095"></a>
<h1 class="topictitle1">Features in v1.15</h1>
<div id="body0000001509781437"><ul id="asm_01_0095__ul9461425169"><li id="asm_01_0095__li114615221619">Istio 1.15.7 is supported.</li><li id="asm_01_0095__li572016471613">CCE Turbo clusters v1.21, v1.23, v1.25, and v1.27 are supported.</li><li id="asm_01_0095__li24721410161617">CCE clusters v1.21, v1.23, v1.25, and v1.27 are supported.</li><li id="asm_01_0095__li9405152166">Security vulnerabilities, such as CVE-2023-44487, CVE-2023-39325 and CVE-2023-27487, are fixed.</li></ul>
<div id="body0000001509781437"><ul id="asm_01_0095__ul9461425169"><li id="asm_01_0095__li114615221619">Istio 1.15.7 is supported.</li><li id="asm_01_0095__li572016471613">CCE Turbo clusters v1.21, v1.23, v1.25, and v1.27 are supported.</li><li id="asm_01_0095__li24721410161617">CCE clusters v1.21, v1.23, v1.25, and v1.27 are supported.</li><li id="asm_01_0095__li9405152166">Security vulnerabilities such as CVE-2023-44487, CVE-2023-39325 and CVE-2023-27487 are fixed.</li></ul>
<p id="asm_01_0095__p124581357171516">For details, visit <a href="https://istio.io/latest/news/releases/1.15.x/announcing-1.15.7/" target="_blank" rel="noopener noreferrer">https://istio.io/latest/news/releases/1.15.x/announcing-1.15.7/</a>.</p>
</div>
<div>

2
docs/asm/umn/asm_01_0124.html
View File

@ -1,7 +1,7 @@
<a name="asm_01_0124"></a><a name="asm_01_0124"></a>
<h1 class="topictitle1">Features in v1.18</h1>
<div id="body0000001737146797"><ul id="asm_01_0124__ul1742120185319"><li id="asm_01_0124__li1842160195316">Istio 1.18 is supported.</li><li id="asm_01_0124__li1036314425311">CCE Turbo clusters v1.25, v1.27, v1.28, v1.29, v1.30, and v1.31, as well as v1.32 and v1.33 are supported.</li><li id="asm_01_0124__li6393101715319">CCE clusters v1.25, v1.27, v1.28, v1.29, v1.30, and v1.31 , as well as v1.32 and v1.33 are supported.</li><li id="asm_01_0124__li1910522175320">Kubernetes Gateway API is supported.</li></ul>
<div id="body0000001737146797"><ul id="asm_01_0124__ul1742120185319"><li id="asm_01_0124__li1842160195316">Istio 1.18 is supported.</li><li id="asm_01_0124__li1036314425311">CCE Turbo clusters v1.25, v1.27, v1.28, v1.29, and v1.30 are supported.</li><li id="asm_01_0124__li6393101715319">CCE clusters v1.25, v1.27, v1.28, v1.29, and v1.30 are supported.</li><li id="asm_01_0124__li1910522175320">Kubernetes Gateway API is supported.</li></ul>
<p id="asm_01_0124__p58433415527">For details, visit <a href="https://istio.io/latest/news/releases/1.18.x/" target="_blank" rel="noopener noreferrer">https://istio.io/latest/news/releases/1.18.x/</a>.</p>
</div>
<div>

4
docs/asm/umn/asm_01_0133.html
View File

@ -2,12 +2,14 @@
<h1 class="topictitle1">Service Mesh Events</h1>
<div id="body0000001698194042"><div class="section" id="asm_01_0133__en-us_topic_0000001245220449_section4882153517306"><h4 class="sectiontitle">Scenarios</h4><p id="asm_01_0133__en-us_topic_0000001245220449_p6387194691713">ASM supports the event center, which allows you to query details about important operations such as service mesh creation and deletion and gateway creation and deletion.</p>
<div class="note" id="asm_01_0133__note198721932184717"><img src="public_sys-resources/note_3.0-en-us.png"><span class="notetitle"> </span><div class="notebody"><p id="asm_01_0133__p10331731132415">You can view events in a Basic service mesh of 1.15 or later.</p>
<div class="note" id="asm_01_0133__note198721932184717"><img src="public_sys-resources/note_3.0-en-us.png"><span class="notetitle"> </span><div class="notebody"><p id="asm_01_0133__p10331731132415">You can view events in a Basic service mesh (based on Istio 1.15 or later).</p>
</div></div>
</div>
<div class="section" id="asm_01_0133__section655465134710"><h4 class="sectiontitle">Procedure</h4><ol id="asm_01_0133__en-us_topic_0000001245220449_ol3932132211530"><li id="asm_01_0133__en-us_topic_0000001245220449_li3932122212534"><span>Log in to the ASM console and search for the Basic service mesh by edition.</span></li><li id="asm_01_0133__en-us_topic_0000001245220449_li10538191319558"><span>Click <span><img id="asm_01_0133__image689423910493" src="en-us_image_0000001698197390.png"></span> in the upper right corner. In the window that slides out from the right, view service mesh events.</span><p><p id="asm_01_0133__p1728984312421"></p>
</p></li></ol>
<p id="asm_01_0133__p539616711425"></p>
</div>
<p id="asm_01_0133__p8060118"></p>
</div>
<div>
<div class="familylinks">

17
docs/asm/umn/asm_01_0141.html
View File

@ -1,17 +0,0 @@
<a name="asm_01_0141"></a><a name="asm_01_0141"></a>
<h1 class="topictitle1">Using IAM to Grant Access to ASM</h1>
<div id="body0000002494975758"></div>
<div>
<ul class="ullinks">
<li class="ulchildlink"><strong><a href="asm_01_0145.html">Using IAM Roles or Policies to Grant Access to ASM</a></strong><br>
</li>
<li class="ulchildlink"><strong><a href="asm_01_0146.html">Using IAM Identity Policies to Grant Access to ASM</a></strong><br>
</li>
</ul>
<div class="familylinks">
<div class="parentlink"><strong>Parent topic:</strong> <a href="en-us_topic_0000001627845328.html">User Guide</a></div>
</div>
</div>

66
docs/asm/umn/asm_01_0145.html
View File

@ -1,66 +0,0 @@
<a name="asm_01_0145"></a><a name="asm_01_0145"></a>
<h1 class="topictitle1">Using IAM Roles or Policies to Grant Access to ASM</h1>
<div id="body0000002526896091"><p id="asm_01_0145__en-us_topic_0000001489537442_p198079372297">System-defined permissions in provided by <a href="https://docs.otc.t-systems.com/en-us/usermanual/iam/iam_01_0026.html" target="_blank" rel="noopener noreferrer">Identity and Access Management (IAM)</a> let you control access to ASM. With IAM, you can:</p>
<ul id="asm_01_0145__en-us_topic_0000001489537442_ul1848820457453"><li id="asm_01_0145__en-us_topic_0000001489537442_li348974516454">Create IAM users for personnel based on your enterprise's organizational structure. Each IAM user has their own identity credentials for accessing ASM resources.</li><li id="asm_01_0145__en-us_topic_0000001489537442_li11681126173515">Grant users only the permissions required to perform a given task based on their job responsibilities.</li><li id="asm_01_0145__en-us_topic_0000001489537442_li12185165313915">Entrust an account or a cloud service to perform efficient O&amp;M on your ASM resources.</li></ul>
<p id="asm_01_0145__en-us_topic_0000001489537442_p14662743155318">If your account meets your permissions requirements, you can skip this section.</p>
<p id="asm_01_0145__en-us_topic_0000001489537442_p158501603165"><a href="#asm_01_0145__en-us_topic_0000001489537442_fig1351611812271">Figure 1</a> shows the process flow of role/policy-based authorization.</p>
<div class="section" id="asm_01_0145__en-us_topic_0000001489537442_section17723185741610"><h4 class="sectiontitle">Prerequisites</h4><p id="asm_01_0145__en-us_topic_0000001489537442_p17286682272">Before granting permissions to user groups, learn about system-defined permissions in for ASM. To grant permissions for other services, learn about all <a href="https://docs.otc.t-systems.com/permissions/index.html" target="_blank" rel="noopener noreferrer">permissions</a> supported by IAM.</p>
</div>
<div class="section" id="asm_01_0145__en-us_topic_0000001489537442_section1189416161520"><h4 class="sectiontitle">Process Flow</h4><div class="fignone" id="asm_01_0145__en-us_topic_0000001489537442_fig1351611812271"><a name="asm_01_0145__en-us_topic_0000001489537442_fig1351611812271"></a><a name="en-us_topic_0000001489537442_fig1351611812271"></a><span class="figcap"><b>Figure 1 </b>Process of granting ASM permissions using role/policy-based authorization</span><br><span><img id="asm_01_0145__en-us_topic_0000001489537442_image35161382273" src="en-us_image_0000002526896489.png"></span></div>
<ol id="asm_01_0145__en-us_topic_0000001489537442_ol10176191312813"><li id="asm_01_0145__en-us_topic_0000001489537442_li10176121316284"><a name="asm_01_0145__en-us_topic_0000001489537442_li10176121316284"></a><a name="en-us_topic_0000001489537442_li10176121316284"></a>On the IAM console, <a href="https://docs.otc.t-systems.com/usermanual/iam/iam_01_0030.html" target="_blank" rel="noopener noreferrer">create a user group and assign permissions to it</a>.<p id="asm_01_0145__en-us_topic_0000001489537442_p41762137286">Create a user group on the IAM console, and assign the <strong id="asm_01_0145__b18180133023513">ASM ReadOnlyAccess</strong> permissions to the group.</p>
</li><li id="asm_01_0145__en-us_topic_0000001489537442_li181761413162818"><a href="https://docs.otc.t-systems.com/usermanual/iam/iam_01_0031.html" target="_blank" rel="noopener noreferrer">Create an IAM user and add it to the user group</a>.<p id="asm_01_0145__en-us_topic_0000001489537442_p16177613182816">On the IAM console, create a user and add it to the user group created in <a href="#asm_01_0145__en-us_topic_0000001489537442_li10176121316284">1</a>.</p>
</li><li id="asm_01_0145__en-us_topic_0000001489537442_li1177513202816"><a href="https://docs.otc.t-systems.com/usermanual/iam/iam_01_0032.html" target="_blank" rel="noopener noreferrer">Log in as the IAM user</a> and verify permissions.<p id="asm_01_0145__en-us_topic_0000001489537442_p1317741312289">In the authorized region, perform the following operations:</p>
<ul id="asm_01_0145__en-us_topic_0000001489537442_ul1692751312242"><li id="asm_01_0145__en-us_topic_0000001489537442_li205729227246">Choose <strong id="asm_01_0145__b1623482611425">Service List</strong> &gt; <strong id="asm_01_0145__b11306103015437">Application Service Mesh</strong>. Click <strong id="asm_01_0145__b2155175674318">Buy Mesh</strong> on the ASM console. If a message appears indicating that you have insufficient permissions to perform the operation, the <strong id="asm_01_0145__b7209151616449">ASM ReadOnlyAccess</strong> policy is in effect.</li><li id="asm_01_0145__en-us_topic_0000001489537442_li1857212212418">Choose another service from <strong id="asm_01_0145__b1545117611422">Service List</strong>. If a message appears indicating that you have insufficient permissions to access the service, the <strong id="asm_01_0145__b104520624218">ASM ReadOnlyAccess</strong> policy is in effect.</li></ul>
</li></ol>
</div>
<div class="section" id="asm_01_0145__en-us_topic_0000001489537442_section7529733164812"><h4 class="sectiontitle">Example Custom Policies</h4><p id="asm_01_0145__p576211773818">You can create custom policies to supplement the system-defined policies of ASM. For details about actions supported in custom policies, see .</p>
<p id="asm_01_0145__en-us_topic_0000001489537442_p1391019913815">To create a custom policy, choose either visual editor or JSON.</p>
<ul id="asm_01_0145__en-us_topic_0000001489537442_ul1146431393818"><li id="asm_01_0145__en-us_topic_0000001489537442_li5764181518386">Visual editor: Select cloud services, actions, resources, and request conditions. This does not require knowledge of policy grammar.</li><li id="asm_01_0145__en-us_topic_0000001489537442_li546410135389">JSON: Create a JSON policy or edit an existing one.</li></ul>
<p id="asm_01_0145__p2477135725615">For details, see .</p>
<p id="asm_01_0145__p10716518386">The following lists examples of common ASM custom policies.</p>
<ul id="asm_01_0145__en-us_topic_0000001489537442_ul2504185715494"><li id="asm_01_0145__en-us_topic_0000001489537442_li5504357164912">Example 1: Grant permissions to create service meshes.<pre class="screen" id="asm_01_0145__en-us_topic_0000001489537442_screen48273211535">{
"Version": "1.1",
"Statement": [
{
"Effect": "Allow",
"Action": [
"asm:mesh:create"
]
}
]
}</pre>
</li><li id="asm_01_0145__en-us_topic_0000001489537442_li3652938178">Example 2: Grant permissions to deny service mesh deletion.<p id="asm_01_0145__en-us_topic_0000001489537442_p1892813119464"><a name="asm_01_0145__en-us_topic_0000001489537442_li3652938178"></a><a name="en-us_topic_0000001489537442_li3652938178"></a>A policy with only "Deny" permissions must be used together with other policies. If the permissions granted to an IAM user contain both "Allow" and "Deny", the "Deny" permissions take precedence over the "Allow" permissions.</p>
<pre class="screen" id="asm_01_0145__en-us_topic_0000001489537442_screen39281011144617">{
"Version": "1.1",
"Statement": [
{
"Effect": "Deny",
"Action": [
"asm:mesh:createGateway"
]
}
]
}</pre>
</li><li id="asm_01_0145__en-us_topic_0000001489537442_li8475316125413">Example 3: Create a custom policy containing multiple actions.<p id="asm_01_0145__en-us_topic_0000001489537442_p466319313484"><a name="asm_01_0145__en-us_topic_0000001489537442_li8475316125413"></a><a name="en-us_topic_0000001489537442_li8475316125413"></a>A custom policy can contain the actions of one or multiple services that are of the same type (global or project-level). Example policy containing actions of multiple services:</p>
<pre class="screen" id="asm_01_0145__screen125841914164916">{
"Version": "1.1",
"Statement": [
{
"Effect": "Allow",
"Action": [
"cce:cluster:create"
"asm:mesh:create"
]
}
]
}</pre>
</li></ul>
</div>
</div>
<div>
<div class="familylinks">
<div class="parentlink"><strong>Parent topic:</strong> <a href="asm_01_0141.html">Using IAM to Grant Access to ASM</a></div>
</div>
</div>

70
docs/asm/umn/asm_01_0146.html
View File

@ -1,70 +0,0 @@
<a name="asm_01_0146"></a><a name="asm_01_0146"></a>
<h1 class="topictitle1">Using IAM Identity Policies to Grant Access to ASM</h1>
<div id="body0000002494976322"><p id="asm_01_0146__en-us_topic_0000001543558165_p198079372297">System-defined permissions in provided by <a href="https://docs.otc.t-systems.com/usermanual/iam/iam_01_0026.html" target="_blank" rel="noopener noreferrer">Identity and Access Management (IAM)</a> let you control access to ASM. With IAM, you can:</p>
<ul id="asm_01_0146__en-us_topic_0000001543558165_ul1848820457453"><li id="asm_01_0146__en-us_topic_0000001543558165_li348974516454">Create IAM users or user groups for personnel based on your enterprise's organizational structure. Each IAM user has their own identity credentials for accessing ASM resources.</li><li id="asm_01_0146__en-us_topic_0000001543558165_li11681126173515">Grant users only the permissions required to perform a given task based on their job responsibilities.</li><li id="asm_01_0146__en-us_topic_0000001543558165_li12185165313915">Entrust an account or a cloud service to perform efficient O&amp;M on your ASM resources.</li></ul>
<p id="asm_01_0146__en-us_topic_0000001543558165_p14662743155318">If your account meets your permissions requirements, you can skip this section.</p>
<p id="asm_01_0146__en-us_topic_0000001543558165_p158501603165"><a href="#asm_01_0146__en-us_topic_0000001543558165_fig1351611812271">Figure 1</a> shows the process flow of identity policy-based authorization.</p>
<div class="section" id="asm_01_0146__en-us_topic_0000001543558165_section17723185741610"><h4 class="sectiontitle">Prerequisites</h4><p id="asm_01_0146__en-us_topic_0000001543558165_p17286682272">Before granting permissions, learn about system-defined permissions in . To grant permissions for other services, learn about all <a href="https://docs.otc.t-systems.com/permissions/index.html" target="_blank" rel="noopener noreferrer">permissions</a> supported by IAM.</p>
</div>
<div class="section" id="asm_01_0146__en-us_topic_0000001543558165_section1189416161520"><h4 class="sectiontitle">Process Flow</h4><div class="fignone" id="asm_01_0146__en-us_topic_0000001543558165_fig1351611812271"><a name="asm_01_0146__en-us_topic_0000001543558165_fig1351611812271"></a><a name="en-us_topic_0000001543558165_fig1351611812271"></a><span class="figcap"><b>Figure 1 </b>Process of granting ASM permissions using identity policy-based authorization</span><br><span><img id="asm_01_0146__en-us_topic_0000001543558165_image35161382273" src="en-us_image_0000002526896571.png"></span></div>
<ol id="asm_01_0146__en-us_topic_0000001543558165_ol10176191312813"><li id="asm_01_0146__en-us_topic_0000001543558165_li10176121316284">On the IAM console, .<p id="asm_01_0146__en-us_topic_0000001543558165_p41762137286"><a name="asm_01_0146__en-us_topic_0000001543558165_li10176121316284"></a><a name="en-us_topic_0000001543558165_li10176121316284"></a>Create a user or user group on the IAM console.</p>
</li><li id="asm_01_0146__en-us_topic_0000001543558165_li16925112804614"> (<strong id="asm_01_0146__b15261138162215">ASMReadOnlyPolicy</strong> as an example) to the user or user group.</li><li id="asm_01_0146__en-us_topic_0000001543558165_li1177513202816"><a href="https://docs.otc.t-systems.com/usermanual/iam/iam_01_0032.html" target="_blank" rel="noopener noreferrer">Log in as the IAM user</a> and verify permissions.<p id="asm_01_0146__en-us_topic_0000001543558165_p1317741312289">In the authorized region, perform the following operations:</p>
<ul id="asm_01_0146__en-us_topic_0000001543558165_ul1692751312242"><li id="asm_01_0146__en-us_topic_0000001543558165_li205729227246">Choose <strong id="asm_01_0146__b160142117265">Service List</strong> &gt; <strong id="asm_01_0146__b760112213264">Application Service Mesh</strong>. Click <strong id="asm_01_0146__b1660272114269">Buy Mesh</strong> on the ASM console. If a message appears indicating that you have insufficient permissions to perform the operation, <strong id="asm_01_0146__b160262182618">ASMReadOnlyPolicy</strong> is in effect.</li><li id="asm_01_0146__en-us_topic_0000001543558165_li1857212212418">Choose another service from <strong id="asm_01_0146__b113084327264">Service List</strong>. If a message appears indicating that you have insufficient permissions to access the service, <strong id="asm_01_0146__b030863242611">ASMReadOnlyPolicy</strong> is in effect.</li></ul>
</li></ol>
</div>
<div class="section" id="asm_01_0146__en-us_topic_0000001543558165_section7529733164812"><h4 class="sectiontitle">Example Custom Identity Policies</h4><p id="asm_01_0146__p19154121744816">You can create custom identity policies to supplement the system-defined identity policies of ASM. For details about actions supported in custom identity policies, see .</p>
<p id="asm_01_0146__en-us_topic_0000001543558165_p1391019913815">To create a custom identity policy, choose either visual editor or JSON.</p>
<ul id="asm_01_0146__en-us_topic_0000001543558165_ul1146431393818"><li id="asm_01_0146__en-us_topic_0000001543558165_li5764181518386">Visual editor: Select cloud services, actions, resources, and request conditions. This does not require knowledge of policy grammar.</li><li id="asm_01_0146__en-us_topic_0000001543558165_li546410135389">JSON: Create a JSON policy or edit an existing one.</li></ul>
<p id="asm_01_0146__p160623765212">For details, see .</p>
<p id="asm_01_0146__p17139055195519">When creating a custom identity policy, use the Resource element to specify the resources the identity policy applies to and use the Condition element (service-specific condition keys) to control when the identity policy is in effect. For details about the supported resource types and condition keys, see .</p>
<p id="asm_01_0146__p310122114562">The following provides examples of custom ASM identity policies.</p>
<ul id="asm_01_0146__en-us_topic_0000001543558165_ul2504185715494"><li id="asm_01_0146__en-us_topic_0000001543558165_li5504357164912">Example 1: Grant permissions to create service meshes.<pre class="screen" id="asm_01_0146__en-us_topic_0000001543558165_screen25351137165916">{
"Version": "5.0",
"Statement": [
{
"Effect": "Allow",
"Action": [
"asm:mesh:create",
"asm:mesh:createGateway"
]
}
]
}</pre>
</li><li id="asm_01_0146__en-us_topic_0000001543558165_li8475316125413">Example 2: Create a custom identity policy containing multiple actions.<p id="asm_01_0146__en-us_topic_0000001543558165_p164313514480"><a name="asm_01_0146__en-us_topic_0000001543558165_li8475316125413"></a><a name="en-us_topic_0000001543558165_li8475316125413"></a></p>
<p id="asm_01_0146__en-us_topic_0000001543558165_p466319313484">A custom identity policy can contain the actions of one or more services. Example identity policy containing multiple actions:</p>
<pre class="screen" id="asm_01_0146__en-us_topic_0000001543558165_screen46646311485">{
"Version": "5.0",
"Statement": [
{
"Effect": "Allow",
"Action": [
"asm:mesh:create",
"asm:mesh:createGateway"
]
},
{
"Effect": "Allow",
"Action": [
"evs:volumes:create",
"evs:volumes:list"
]
},
{
"Effect": "Allow",
"Action": [
"ecs:cloudServers:createServers",
"ecs:cloudServers:listServersDetails"
]
}
]
}</pre>
</li></ul>
</div>
</div>
<div>
<div class="familylinks">
<div class="parentlink"><strong>Parent topic:</strong> <a href="asm_01_0141.html">Using IAM to Grant Access to ASM</a></div>
</div>
</div>

4
docs/asm/umn/asm_bestpractice_1009.html
View File

@ -4,7 +4,7 @@
<div id="body0000001735119876"><p id="asm_bestpractice_1009__p1629514211458">You can create a CCE cluster with IPv4/IPv6 dual stack enabled and enable IPv4/IPv6 dual stack for the service mesh that the cluster is added to. IPv4/IPv6 dual stack allows services in the service mesh to use both IPv4 and IPv6 addresses for service-to-service interactions. After an IPv4/IPv6 dual-stack gateway is added for the service mesh, you can provide services for users using an IPv6 client. This section describes how you can create a service mesh with IPv4/IPv6 dual stack, so that services in the service mesh can communicate with each other using IPv6 addresses.</p>
<div class="section" id="asm_bestpractice_1009__section241033319520"><h4 class="sectiontitle">Application Scenarios</h4><ul id="asm_bestpractice_1009__ul1891110468467"><li id="asm_bestpractice_1009__li1191184617465">If an IPv6 address is required for service access and traffic management, you can enable IPv4/IPv6 dual stack.</li><li id="asm_bestpractice_1009__li162511452164617">If you provide services for users who use IPv6 clients, you can create a gateway for a service mesh with IPv4/IPv6 dual stack enabled.</li></ul>
</div>
<div class="section" id="asm_bestpractice_1009__section10909135625310"><h4 class="sectiontitle">Notes and Constraints</h4><ul id="asm_bestpractice_1009__ul89074563534"><li id="asm_bestpractice_1009__li490735665310">Conditions for enabling IPv4/IPv6 dual stack for a service mesh</li></ul>
<div class="section" id="asm_bestpractice_1009__section10909135625310"><h4 class="sectiontitle">Constraints</h4><ul id="asm_bestpractice_1009__ul89074563534"><li id="asm_bestpractice_1009__li490735665310">Conditions for enabling IPv4/IPv6 dual stack for a service mesh</li></ul>
<div class="tablenoborder"><table cellpadding="4" cellspacing="0" summary="" id="asm_bestpractice_1009__table990895610539" frame="border" border="1" rules="all"><thead align="left"><tr id="asm_bestpractice_1009__row179081156175318"><th align="left" class="cellrowborder" valign="top" width="12.379999999999999%" id="mcps1.3.3.3.1.6.1.1"><p id="asm_bestpractice_1009__p89071156165312">Service Mesh Edition</p>
</th>
@ -68,7 +68,7 @@
<p id="asm_bestpractice_1009__p266122616264"></p>
<p id="asm_bestpractice_1009__p943184717542"></p>
<p id="asm_bestpractice_1009__p1029714339528">Configure other parameters based on site requirements.</p>
</p></li><li id="asm_bestpractice_1009__li1229773335218"><span id="asm_bestpractice_1009__p4163181041415">Click the service mesh name to access the details page.</span><p><p id="asm_bestpractice_1009__li1229773335218p0">On the <strong id="asm_bestpractice_1009__b1390431534617">Basic Information</strong> tab (<strong id="asm_bestpractice_1009__b070135181319">Mesh Configuration</strong> &gt; <strong id="asm_bestpractice_1009__b18828199101318">Basic Information</strong>), you can see that IPv4/IPv6 dual stack has been enabled.</p>
</p></li><li id="asm_bestpractice_1009__li1229773335218"><span id="asm_bestpractice_1009__p4163181041415">Click the service mesh name to access the details page.</span><p><p id="asm_bestpractice_1009__li1229773335218p0">On the <strong id="asm_bestpractice_1009__b070135181319">Mesh Configuration</strong> &gt; <strong id="asm_bestpractice_1009__b18828199101318">Basic Information</strong> tab, you can see that IPv4/IPv6 dual stack has been enabled.</p>
<p id="asm_bestpractice_1009__p4297103325211"></p>
</p></li></ol>
</div>

6
docs/asm/umn/asm_bestpractice_3002.html
View File

@ -1,9 +1,9 @@
<a name="asm_bestpractice_3002"></a><a name="asm_bestpractice_3002"></a>
<h1 class="topictitle1">Introduction</h1>
<div id="body1568601267887"><p id="asm_bestpractice_3002__p637810612810">Dubbo is a special protocol. The following functions must be provided:</p>
<ul id="asm_bestpractice_3002__ul419611400289"><li id="asm_bestpractice_3002__li19196840112810">Envoy on the service mesh data plane parses protocols and manages traffic of Dubbo.</li><li id="asm_bestpractice_3002__li5893131682919">The service mesh control plane supports Dubbo governance rules and service management such as grayscale release, load balancing, and access authorization.</li></ul>
<p id="asm_bestpractice_3002__p163331137142817">In addition, the service discovery model of Dubbo is different from that of Kubernetes or Spring Cloud. Additional processing is required.</p>
<div id="body1568601267887"><p id="asm_bestpractice_3002__p637810612810">Dubbo is a special protocol which needs the following supports:</p>
<ul id="asm_bestpractice_3002__ul419611400289"><li id="asm_bestpractice_3002__li19196840112810">Envoy on the service mesh data plane supports the parsing and traffic management of the Dubbo protocol.</li><li id="asm_bestpractice_3002__li5893131682919">The mesh control plane supports the configuration of Dubbo governance rules to manage services such as grayscale release, load balancing, and access authorization.</li></ul>
<p id="asm_bestpractice_3002__p163331137142817">In addition, the service discovery model of Dubbo is different from that of Kubernetes and Spring Cloud. Therefore, additional processing is required.</p>
</div>
<div>
<div class="familylinks">

2
docs/asm/umn/asm_faq_0001.html
View File

@ -8,7 +8,7 @@
</li>
<li class="ulchildlink"><strong><a href="asm_faq_0004.html">Why Does It Take a Long Time to Start the Demo Application in Experiencing Service Mesh in One Click?</a></strong><br>
</li>
<li class="ulchildlink"><strong><a href="asm_faq_0005.html">Why Cannot I Access the Page of the Deployed Demo Application?</a></strong><br>
<li class="ulchildlink"><strong><a href="asm_faq_0005.html">Why Cannot I Access the page of the Demo Application After It Is Successfully Deployed?</a></strong><br>
</li>
<li class="ulchildlink"><strong><a href="asm_faq_0035.html">Why Cannot I Select the Corresponding Service When Adding a Route?</a></strong><br>
</li>

4
docs/asm/umn/asm_faq_0005.html
View File

@ -1,7 +1,7 @@
<a name="asm_faq_0005"></a><a name="asm_faq_0005"></a>
<h1 class="topictitle1">Why Cannot I Access the Page of the Deployed Demo Application?</h1>
<div id="body1546055873319"><div class="section" id="asm_faq_0005__section48145132817"><h4 class="sectiontitle">Symptom</h4><p id="asm_faq_0005__p224713620288">The page of the deployed demo application cannot be accessed.</p>
<h1 class="topictitle1">Why Cannot I Access the page of the Demo Application After It Is Successfully Deployed?</h1>
<div id="body1546055873319"><div class="section" id="asm_faq_0005__section48145132817"><h4 class="sectiontitle">Symptom</h4><p id="asm_faq_0005__p224713620288">The page of the demo application cannot be accessed after the application is successfully deployed.</p>
</div>
<div class="section" id="asm_faq_0005__section957651892820"><h4 class="sectiontitle">Analysis</h4><p id="asm_faq_0005__p721722012812">The load balancer configured for the application does not listen to the port.</p>
</div>

2
docs/asm/umn/asm_faq_0006.html
View File

@ -4,7 +4,7 @@
<div id="body1554353306515"></div>
<div>
<ul class="ullinks">
<li class="ulchildlink"><strong><a href="asm_faq_0007.html">Why Can't I Change the Image Used for the Grayscale Version When Performing a Grayscale Release?</a></strong><br>
<li class="ulchildlink"><strong><a href="asm_faq_0007.html">Why Can't I Change the Image Used for the Grayscale Version When Performing Grayscale Release?</a></strong><br>
</li>
<li class="ulchildlink"><strong><a href="asm_faq_0008.html">Why Does Not a Grayscale Policy that Based on Request Content Take Effect for Some Services?</a></strong><br>
</li>

8
docs/asm/umn/asm_faq_0007.html
View File

@ -1,11 +1,11 @@
<a name="asm_faq_0007"></a><a name="asm_faq_0007"></a>
<h1 class="topictitle1">Why Can't I Change the Image Used for the Grayscale Version When Performing a Grayscale Release?</h1>
<div id="body1545635500617"><div class="section" id="asm_faq_0007__section14328175311487"><h4 class="sectiontitle">Symptom</h4><p id="asm_faq_0007__p6673854124817">When I perform a grayscale release, the image used for the grayscale version cannot be changed.</p>
<h1 class="topictitle1">Why Can't I Change the Image Used for the Grayscale Version When Performing Grayscale Release?</h1>
<div id="body1545635500617"><div class="section" id="asm_faq_0007__section14328175311487"><h4 class="sectiontitle">Description</h4><p id="asm_faq_0007__p6673854124817">When I perform grayscale release, the image used for the grayscale version cannot be changed.</p>
</div>
<div class="section" id="asm_faq_0007__section1950487184920"><h4 class="sectiontitle">Analysis</h4><p id="asm_faq_0007__p77060834914">When performing the grayscale release on a service, you can only change the tags of the image used by the service.</p>
<div class="section" id="asm_faq_0007__section1950487184920"><h4 class="sectiontitle">Analysis</h4><p id="asm_faq_0007__p77060834914">When performing grayscale release on a service, you create a new version of the same service. Therefore, the image used by the service cannot be changed. Only image tags can be changed.</p>
</div>
<div class="section" id="asm_faq_0007__section647261714912"><h4 class="sectiontitle">Solution</h4><p id="asm_faq_0007__p135701818174918">Pack the required image into a different tag of the same image and push it to the image repository. Then, select the newly pushed image tag when you perform a grayscale release on the service.</p>
<div class="section" id="asm_faq_0007__section647261714912"><h4 class="sectiontitle">Solution</h4><p id="asm_faq_0007__p135701818174918">Pack the required image into a different tag of the same image and push it to the image repository. Then, select the newly pushed image tag when you perform grayscale release on the service.</p>
</div>
</div>
<div>

Some files were not shown because too many files have changed in this diff Show More