feat: add OSM logs collector

[SanyaKochhar]

This PR adds collectors for OSM and SMI. SMI collector can be broken out into a separate PR as well.

• Flags: in aks-periscope.yaml, setting flags to OSM turns on both osm and smi collectors. SMI flag turns on just smi collector
• osm_collector collects the following for each Open Service Mesh present on the cluster:
  • ground truth - list/configs of all resources and mutating and validating webhook configurations
  • for each osm control plan namespace - pod configs and logs of OSM controller and OSM injector pods
  • for each namespace monitored by osm: metadata, services, endpoints, service accounts, configmaps, etc.
• [moving this into a separate PR] smi_collector collects the traffic targets, traffic splits, httproutegroups, tcproutes and udproutes for smi policies being applied.
  • this collector can be used by any service mesh, not just osm

[davidkydd]

Thanks @SanyaKochhar - very interesting!

PS I think you accidentally included a built periscope binary in your commit, which you will probably want to revert (mentioning here as github doesn't support direct comments on binary files)

[davidkydd]

I think we should look to introduce a couple of new core Periscope concepts: resourceCollector, and either meshCollector (which defines the fixed hierarchical relationship represented here) or some more general purpose "chainable" or "heirarchical" functionality for defining how the output of one collector can feed into another. The specific object names and selector strings would then be defined in the yaml rather than baking OSM specifics into the code

[Tatsinnit]

💡 Thank you so much for this, I have added initial thoughts for the key things like flag passing, and what all things you could explore:

few things as a checklist to make sure you have covered existing behaviours are:

✅ Make sure you run attributes of CI. (Adding more clarity: locally atleast initial infra e2-e test are passing and your forked branch ci-workflow is passing)
✅ Tip to locally test changes via image reside here: https://github.com/Azure/aks-periscope#programming-guide
* Above will be a very important scenario to test, and feel free to reach out to us for anything.

✅ If you find any new functionality could be easily extracted to UT (unit test) then feel enabled to do so.
✅ Once we have done all the above, we should have enough confidence to open PR for review.

(At least these are my initial thoughts) I will add more in case I forget anything.

Really appreciate it. @arnaud-tincelin and @JunSun17 Feel free to correct me or add anything else.

[SanyaKochhar]

Thanks folks for your thorough reviews and comments. Based on this, on our end we have been tracking and working on the following tasks, do let me know if anything is missing.

• Toggle osm collector with a feature flag (to come after @davidkydd 's PR Expose feature flags for collectors, diagnosers, exporters #52 is merged)
• Write unit tests if possible
• Extract methods into helpers.go as possible
• Implement on-failure return early

cc: @davidkydd @Tatsinnit

[Tatsinnit]

💡 Thank you for this. I have not done a detailed review because there are some higher level questions this PR needs to cater.

• I think you guys work with ARC team? if yes please liason with them, as their PR will be merged soon, ARC - PR already adds a feature flag which you could use. Some of my comments are specific to how the logic is constructed around the OSM and SMI flags and the built up.

• Please remove the aks-periscope Binary which is checked in with this PR.

• Side note: Is there any internal design doc you guys have for this work? (Something as basic of what OSM collector and SMI collector aim to achieve with what commands which are run)

  • it would help in understanding the nested for loops with in collectors as well etc.

Thank you. 🙏

[SanyaKochhar]

@Tatsinnit
Here is a short design doc to explain this work. Hopefully it explains all the loops and helps with the review process. Lmk if you have any questions.

Design

OSM work on AKS Periscope aims to add two new collectors to AKS Periscope that can be optionally enabled with flags when users wish to collect OSM and SMI data. These collectors will allow users to create a snapshot of their OSM instance(s) and SMI policies in their cluster to provide to the OSM team for troubleshooting. This is especially useful so that users do not need to provide access to their cluster for troubleshooting.

OSM Collector

The OSM collector can be turned on using the OSM flag. This will automatically also turn on the SMI collector to collect information about SMI policies being used in the cluster.

The OSM collector will look for all the OSM instances present in the cluster. For each mesh, it will collect the following information:

• Basic ground truth about the OSM instance
  • Mutating webhook configurations
  • Validating webhook configurations
  • List of all resources present with the label app.kubernetes.io/instance=<mesh name>
  • JSON/configs of all resources present with the label app.kubernetes.io/instance=<mesh name>
• Relevant data for all namespaces monitored by OSM:
  • For each pod's Envoy sidecar: config dump, clusters, listeners, ready and stats
  • Metadata, services, endpoints, ConfigMaps, ingresses and service accounts
  • List of all pods present and config of each pod
• Relevant data for all OSM controller namespaces:
  • Logs of each pod in the controller namespace (i.e., logs for osm-controller and osm-injector)
  • Metadata, services, endpoints, ConfigMaps, ingresses and service accounts
  • List of all pods present and config of each pod

SMI Collector

The SMI collector can be enabled using the SMI flag to collect information about Service Mesh Interface policies being used in the cluster for any service mesh, not just OSM. It is, however, automatically turned on if the OSM collector is enabled. The SMI collector collects lists and configs of the following resources:

• HTTP route groups
• TCP routes
• Traffic splits
• Traffic targets
• Traffic access
• UDP routes

Helpers

The following helpers are needed to achieve the above work:

• utils.GetResourceList() expects a kubectl command including a resource type and namespace. Returns a list of all resources of the given type in the specified namespace
• utils.RunCommandOnContainerWithOutputStreams() a modified version of utils.RunCommandOnContainer that returns both the stdout and stderr output streams from the given command. This is used by GetResourceList to make sure an error is documented if a resource is not found and thus empty collector files are not erroneously created for resources that do not exist
• utils.RunBackgroundCommand() starts running a command on a container and returns its process ID. It does not wait for the command to return. This is used to run kubectl port-forward to collect Envoy information
• utils.KillProcess() is used to kill a process by PID (used in conjunction with background commands)
• collector.CollectKubectlOutputToCollectorFiles() - expects a kubectl command, rootpath and filename. It runs the command and saves the output to a file in that collector's file directory

[SanyaKochhar]

• I think you guys work with ARC team? if yes please liason with them, as their PR will be merged soon, ARC - PR already adds a feature flag which you could use. Some of my comments are specific to how the logic is constructed around the OSM and SMI flags and the built up.

Makes sense to reuse their flag. I have left a comment on their PR about using a generic flag name that would make sense for us to reuse. Of course we can also change it after their PR is merged. The comments above and design doc hopefully explain the logic/interaction behind the two flags

• Please remove the aks-periscope Binary which is checked in with this PR.

Accidental addition, removed now!

[Tatsinnit]

💡 Thank you and looks much better, and great to see how everything has come together, few things I have mentioned in my review.

As original logic with regards to the nitty-gritty for the specific commands for ism collector I believe that you should make sure that you guys are satisfied.

• Please do test your changes with local image and I will try as well.

Thank you 🙏

[Tatsinnit]

👍 Thank you for this, really appreciate it. Approved it and will await till evening for few more eyes. Thank you @SanyaKochhar for testing them locally as well.

[SanyaKochhar]

@arnaud-tincelin thanks for your comments, I've just resolved them. Would appreciate if you could re-review when you get a chance