forked from aliyun/ros-templates
-
Notifications
You must be signed in to change notification settings - Fork 1
/
service-mesh.yml
155 lines (155 loc) · 4.18 KB
/
service-mesh.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
ROSTemplateFormatVersion: '2015-09-01'
Description: ASM ServiceMesh resource example
Parameters:
Name:
Type: String
Description: The name of the ASM instance.
VpcId:
Type: String
Description: The ID of the virtual private cloud (VPC).
VSwitches:
Type: CommaDelimitedList
Description: 'The ID of the vSwitch, eg: ["vsw-xzegf5dndkbf4m6eg****"]'
OPA:
Type: Json
Description: OPA settings.
Default: null
EnableAudit:
Type: Boolean
Description: |-
Specifies whether to enable the mesh audit feature. To enable this feature, make sure
that you have activated Alibaba Cloud Log Service.
Valid values: true and false. Default value: false.
Default: false
AllowedValues:
- true
- false
AuditProject:
Type: String
Description: |-
The name of the Log Service project that is used for mesh audit.
Default value: mesh-log-{meshId}.
Default: null
IstioVersion:
Type: String
Description: The Istio version of the ASM instance.
Default: null
ApiServerPublicEip:
Type: Boolean
Description: |-
Specifies whether to expose the API server to the Internet.
Valid values: true and false. Default value: false.
If you do not set this parameter, the API server of clusters added to the ASM instance
cannot be accessed from the Internet.
Default: false
AllowedValues:
- true
- false
LocalityLoadBalancing:
Type: Boolean
Description: |-
Specifies whether to route traffic to the nearest instance.
Valid values: true and false. Default value: false.
Default: false
AllowedValues:
- true
- false
Telemetry:
Type: Boolean
Description: Specifies whether to enable Prometheus monitoring. We recommend that
you use Application Real-Time Monitoring Service (ARMS).
Default: false
AllowedValues:
- true
- false
OutboundTrafficPolicy:
Type: String
Description: The outbound traffic policy of the ASM instance.
Default: null
TraceSampling:
Type: Number
Description: The sampling percentage of tracing.
Default: null
Proxy:
Type: Json
Description: 'Proxy settings. '
Default: null
PilotPublicEip:
Type: Boolean
Description: |-
Specifies whether to expose Istio Pilot to the Internet.
Valid values: true and false. Default value: false.
If you do not set this parameter, only clusters in the same VPC as the ASM instance
can access Istio Pilot of the instance.
Default: false
AllowedValues:
- true
- false
IncludeIPRanges:
Type: String
Description: |-
The Classless Inter-Domain Routing (CIDR) block in the ASM instance that are denied
to access external services.
Default: null
Tracing:
Type: Boolean
Description: |-
Specifies whether to enable the tracing feature. To enable this feature, make sure
that you have activated Alibaba Cloud Tracing Analysis.
Valid values: true and false. Default value: false.
Default: false
AllowedValues:
- true
- false
CustomizedZipkin:
Type: Boolean
Description: Specifies whether to use a user-created Zipkin system.
Default: false
AllowedValues:
- true
- false
Resources:
ServiceMesh:
Type: ALIYUN::ASM::ServiceMesh
Properties:
VpcId:
Ref: VpcId
OPA:
Ref: OPA
EnableAudit:
Ref: EnableAudit
IstioVersion:
Ref: IstioVersion
ApiServerPublicEip:
Ref: ApiServerPublicEip
LocalityLoadBalancing:
Ref: LocalityLoadBalancing
Telemetry:
Ref: Telemetry
OutboundTrafficPolicy:
Ref: OutboundTrafficPolicy
AuditProject:
Ref: AuditProject
TraceSampling:
Ref: TraceSampling
Name:
Ref: Name
Proxy:
Ref: Proxy
PilotPublicEip:
Ref: PilotPublicEip
IncludeIPRanges:
Ref: IncludeIPRanges
VSwitches:
Ref: VSwitches
Tracing:
Ref: Tracing
CustomizedZipkin:
Ref: CustomizedZipkin
Outputs:
ServiceMeshId:
Description: The ID of the ASM instance.
Value:
Fn::GetAtt:
- ServiceMesh
- ServiceMeshId