From 5b63a4e67c5eeb3992870cb9e6ff4d3c062a111e Mon Sep 17 00:00:00 2001 From: Xinnan Wen Date: Wed, 4 Dec 2019 18:18:27 -0800 Subject: [PATCH 1/5] update telemetryv2 templates --- global.yaml | 1 + .../istio-discovery/metadata-exchange-v2.yaml | 24 -- .../istio-discovery/stats-filter-v2.yaml | 84 ------- .../templates/telemetryv2.yaml | 235 +++++++++++++++++- istio-control/istio-discovery/values.yaml | 22 +- 5 files changed, 254 insertions(+), 112 deletions(-) delete mode 100644 istio-control/istio-discovery/metadata-exchange-v2.yaml delete mode 100644 istio-control/istio-discovery/stats-filter-v2.yaml diff --git a/global.yaml b/global.yaml index 56f4f528..65c1f3c1 100644 --- a/global.yaml +++ b/global.yaml @@ -28,6 +28,7 @@ global: policyNamespace: istio-system + configRootNamespace: istio-system ## End new settings ## After this line we have the old Istio settings. diff --git a/istio-control/istio-discovery/metadata-exchange-v2.yaml b/istio-control/istio-discovery/metadata-exchange-v2.yaml deleted file mode 100644 index 9b587da0..00000000 --- a/istio-control/istio-discovery/metadata-exchange-v2.yaml +++ /dev/null @@ -1,24 +0,0 @@ -apiVersion: networking.istio.io/v1alpha3 -kind: EnvoyFilter -metadata: - name: metadata-exchange -spec: - configPatches: - - applyTo: HTTP_FILTER - match: - context: ANY # inbound, outbound, and gateway - listener: - filterChain: - filter: - name: "envoy.http_connection_manager" - patch: - operation: INSERT_BEFORE - value: - name: envoy.filters.http.wasm - config: - config: - configuration: envoy.wasm.metadata_exchange - vm_config: - runtime: envoy.wasm.runtime.null - code: - inline_string: envoy.wasm.metadata_exchange \ No newline at end of file diff --git a/istio-control/istio-discovery/stats-filter-v2.yaml b/istio-control/istio-discovery/stats-filter-v2.yaml deleted file mode 100644 index 4bbb580f..00000000 --- a/istio-control/istio-discovery/stats-filter-v2.yaml +++ /dev/null @@ -1,84 +0,0 @@ -apiVersion: networking.istio.io/v1alpha3 -kind: EnvoyFilter -metadata: - name: stats-filter -spec: - configPatches: - - applyTo: HTTP_FILTER - match: - context: SIDECAR_OUTBOUND - listener: - filterChain: - filter: - name: "envoy.http_connection_manager" - subFilter: - name: "envoy.router" - patch: - operation: INSERT_BEFORE - value: - name: envoy.filters.http.wasm - config: - config: - root_id: stats_outbound - configuration: | - { - "debug": "false", - "stat_prefix": "istio", - } - vm_config: - vm_id: stats_outbound - runtime: envoy.wasm.runtime.null - code: - inline_string: envoy.wasm.stats - - applyTo: HTTP_FILTER - match: - context: SIDECAR_INBOUND - listener: - filterChain: - filter: - name: "envoy.http_connection_manager" - subFilter: - name: "envoy.router" - patch: - operation: INSERT_BEFORE - value: - name: envoy.filters.http.wasm - config: - config: - root_id: stats_inbound - configuration: | - { - "debug": "false", - "stat_prefix": "istio", - } - vm_config: - vm_id: stats_inbound - runtime: envoy.wasm.runtime.null - code: - inline_string: envoy.wasm.stats - - applyTo: HTTP_FILTER - match: - context: GATEWAY - listener: - filterChain: - filter: - name: "envoy.http_connection_manager" - subFilter: - name: "envoy.router" - patch: - operation: INSERT_BEFORE - value: - name: envoy.filters.http.wasm - config: - config: - root_id: stats_outbound - configuration: | - { - "debug": "false", - "stat_prefix": "istio", - } - vm_config: - vm_id: stats_outbound - runtime: envoy.wasm.runtime.null - code: - inline_string: envoy.wasm.stats \ No newline at end of file diff --git a/istio-control/istio-discovery/templates/telemetryv2.yaml b/istio-control/istio-discovery/templates/telemetryv2.yaml index 64771426..f55eec98 100644 --- a/istio-control/istio-discovery/templates/telemetryv2.yaml +++ b/istio-control/istio-discovery/templates/telemetryv2.yaml @@ -1,5 +1,234 @@ {{- if and .Values.telemetry.enabled .Values.telemetry.v2.enabled }} -{{ .Files.Get "metadata-exchange-v2.yaml" }} +apiVersion: networking.istio.io/v1alpha3 +kind: EnvoyFilter +metadata: + name: metadata-exchange + {{- if .Values.global.configRootNamespace }} + namespace: {{ .Values.global.configRootNamespace }} + {{- else }} + namespace: {{ .Release.Namespace }} + {{- end }} +spec: + configPatches: + - applyTo: HTTP_FILTER + match: + context: ANY # inbound, outbound, and gateway + proxy: + proxyVersion: {{ .Values.telemetry.v2.proxyMatch.proxyVersion }} + listener: + filterChain: + filter: + name: "envoy.http_connection_manager" + patch: + operation: INSERT_BEFORE + value: + name: envoy.filters.http.wasm + config: + config: + configuration: envoy.wasm.metadata_exchange + vm_config: + runtime: envoy.wasm.runtime.null + code: + inline_string: envoy.wasm.metadata_exchange --- -{{ .Files.Get "stats-filter-v2.yaml" }} -{{- end }} \ No newline at end of file +{{- if .Values.telemetry.v2.prometheus.enabled }} +apiVersion: networking.istio.io/v1alpha3 +kind: EnvoyFilter +metadata: + name: stats-filter + {{- if .Values.global.configRootNamespace }} + namespace: {{ .Values.global.configRootNamespace }} + {{- else }} + namespace: {{ .Release.Namespace }} + {{- end }} +spec: + configPatches: + - applyTo: HTTP_FILTER + match: + context: SIDECAR_OUTBOUND + proxy: + proxyVersion: {{ .Values.telemetry.v2.proxyMatch.proxyVersion }} + listener: + filterChain: + filter: + name: "envoy.http_connection_manager" + subFilter: + name: "envoy.router" + patch: + operation: INSERT_BEFORE + value: + name: envoy.filters.http.wasm + config: + config: + root_id: stats_outbound + configuration: | + { + "debug": "false", + "stat_prefix": "istio", + } + vm_config: + vm_id: stats_outbound + runtime: envoy.wasm.runtime.null + code: + inline_string: envoy.wasm.stats + - applyTo: HTTP_FILTER + match: + context: SIDECAR_INBOUND + proxy: + proxyVersion: {{ .Values.telemetry.v2.proxyMatch.proxyVersion }} + listener: + filterChain: + filter: + name: "envoy.http_connection_manager" + subFilter: + name: "envoy.router" + patch: + operation: INSERT_BEFORE + value: + name: envoy.filters.http.wasm + config: + config: + root_id: stats_inbound + configuration: | + { + "debug": "false", + "stat_prefix": "istio", + } + vm_config: + vm_id: stats_inbound + runtime: envoy.wasm.runtime.null + code: + inline_string: envoy.wasm.stats + - applyTo: HTTP_FILTER + match: + context: GATEWAY + proxy: + proxyVersion: {{ .Values.telemetry.v2.proxyMatch.proxyVersion }} + listener: + filterChain: + filter: + name: "envoy.http_connection_manager" + subFilter: + name: "envoy.router" + patch: + operation: INSERT_BEFORE + value: + name: envoy.filters.http.wasm + config: + config: + root_id: stats_outbound + configuration: | + { + "debug": "false", + "stat_prefix": "istio", + } + vm_config: + vm_id: stats_outbound + runtime: envoy.wasm.runtime.null + code: + inline_string: envoy.wasm.stats +--- +{{- end }} + +{{- if .Values.telemetry.v2.stackdriver.enabled }} +apiVersion: networking.istio.io/v1alpha3 +kind: EnvoyFilter +metadata: + name: stackdriver-filter + {{- if .Values.global.configRootNamespace }} + namespace: {{ .Values.global.configRootNamespace }} + {{- else }} + namespace: {{ .Release.Namespace }} + {{- end }} +spec: + configPatches: + - applyTo: HTTP_FILTER + match: + context: SIDECAR_OUTBOUND + proxy: + proxyVersion: {{ .Values.telemetry.v2.proxyMatch.proxyVersion }} + listener: + filterChain: + filter: + name: "envoy.http_connection_manager" + subFilter: + name: "envoy.router" + patch: + operation: INSERT_BEFORE + value: + name: envoy.filters.http.wasm + config: + config: + root_id: stackdriver_outbound + configuration: | + {{- if not .Values.telemetry.v2.stackdriver.configOverride }} + {"enable_mesh_edges_reporting": {{ .Values.telemetry.v2.stackdriver.topology }}, "disable_server_access_logging": {{ not .Values.telemetry.v2.stackdriver.logging }}, "meshEdgesReportingDuration": "600s"} + {{- else }} + {{ toJson .Values.telemetry.v2.stackdriver.configOverride | indent 16 }} + {{- end }} + vm_config: + vm_id: stackdriver_outbound + runtime: envoy.wasm.runtime.null + code: + inline_string: envoy.wasm.null.stackdriver + - applyTo: HTTP_FILTER + match: + context: SIDECAR_INBOUND + proxy: + proxyVersion: {{ .Values.telemetry.v2.proxyMatch.proxyVersion }} + listener: + filterChain: + filter: + name: "envoy.http_connection_manager" + subFilter: + name: "envoy.router" + patch: + operation: INSERT_BEFORE + value: + name: envoy.filters.http.wasm + config: + config: + root_id: stackdriver_inbound + configuration: | + {{- if not .Values.telemetry.v2.stackdriver.configOverride }} + {"enable_mesh_edges_reporting": {{ .Values.telemetry.v2.stackdriver.topology }}, "disable_server_access_logging": {{ not .Values.telemetry.v2.stackdriver.logging }}, "meshEdgesReportingDuration": "600s"} + {{- else }} + {{ toJson .Values.telemetry.v2.stackdriver.configOverride | indent 16 }} + {{- end }} + vm_config: + vm_id: stackdriver_inbound + runtime: envoy.wasm.runtime.null + code: + inline_string: envoy.wasm.null.stackdriver + - applyTo: HTTP_FILTER + match: + context: GATEWAY + proxy: + proxyVersion: {{ .Values.telemetry.v2.proxyMatch.proxyVersion }} + listener: + filterChain: + filter: + name: "envoy.http_connection_manager" + subFilter: + name: "envoy.router" + patch: + operation: INSERT_BEFORE + value: + name: envoy.filters.http.wasm + config: + config: + root_id: stackdriver_outbound + configuration: | + {{- if not .Values.telemetry.v2.stackdriver.configOverride }} + {"enable_mesh_edges_reporting": {{ .Values.telemetry.v2.stackdriver.topology }}, "disable_server_access_logging": {{ not .Values.telemetry.v2.stackdriver.logging }}, "meshEdgesReportingDuration": "600s", "disable_host_header_fallback": true} + {{- else }} + {{ toJson .Values.telemetry.v2.stackdriver.configOverride | indent 16 }} + {{- end }} + vm_config: + vm_id: stackdriver_outbound + runtime: envoy.wasm.runtime.null + code: + inline_string: envoy.wasm.null.stackdriver +--- +{{- end}} +{{- end}} \ No newline at end of file diff --git a/istio-control/istio-discovery/values.yaml b/istio-control/istio-discovery/values.yaml index 5de653fa..046f6fc4 100644 --- a/istio-control/istio-discovery/values.yaml +++ b/istio-control/istio-discovery/values.yaml @@ -124,4 +124,24 @@ telemetry: v2: # For Null VM case now. If enabled, will set disableMixerHttpReports to true and not define mixerReportServer # also enable metadata exchange and stats filter. - enabled: false \ No newline at end of file + enabled: true + proxyMatch: + # golang regular expression to be used to select proxies to apply telemetry v2 envoy filters. + # e.g. '1\.4.*', would only select 1.4 proxies. + proxyVersion: '1\.4.*' + # Indicate if prometheus stats filter is enabled or not + prometheus: + enabled: false + # stackdriver filter settings. + stackdriver: + enabled: true + logging: true + monitoring: true + topology: true + # configOverride parts give you the ability to override the low level configuration params passed to envoy filter. + # e.g. + # configOverride: + # enable_mesh_edges_reporting: true + # disable_server_access_logging: false + # meshEdgesReportingDuration: 500s + # disable_host_header_fallback: true \ No newline at end of file From c2809c3cad963d9fb144a6e8b99c22a3ab858f93 Mon Sep 17 00:00:00 2001 From: Xinnan Wen Date: Thu, 5 Dec 2019 10:53:24 -0800 Subject: [PATCH 2/5] Fix lint --- .../istio-discovery/templates/telemetryv2.yaml | 2 +- istio-control/istio-discovery/values.yaml | 13 +++++++------ 2 files changed, 8 insertions(+), 7 deletions(-) diff --git a/istio-control/istio-discovery/templates/telemetryv2.yaml b/istio-control/istio-discovery/templates/telemetryv2.yaml index f55eec98..eefc6fcb 100644 --- a/istio-control/istio-discovery/templates/telemetryv2.yaml +++ b/istio-control/istio-discovery/templates/telemetryv2.yaml @@ -164,7 +164,7 @@ spec: {{- if not .Values.telemetry.v2.stackdriver.configOverride }} {"enable_mesh_edges_reporting": {{ .Values.telemetry.v2.stackdriver.topology }}, "disable_server_access_logging": {{ not .Values.telemetry.v2.stackdriver.logging }}, "meshEdgesReportingDuration": "600s"} {{- else }} - {{ toJson .Values.telemetry.v2.stackdriver.configOverride | indent 16 }} + {{ toJson .Values.telemetry.v2.stackdriver.configOverride | indent 8 }} {{- end }} vm_config: vm_id: stackdriver_outbound diff --git a/istio-control/istio-discovery/values.yaml b/istio-control/istio-discovery/values.yaml index 046f6fc4..957f23ed 100644 --- a/istio-control/istio-discovery/values.yaml +++ b/istio-control/istio-discovery/values.yaml @@ -139,9 +139,10 @@ telemetry: monitoring: true topology: true # configOverride parts give you the ability to override the low level configuration params passed to envoy filter. - # e.g. - # configOverride: - # enable_mesh_edges_reporting: true - # disable_server_access_logging: false - # meshEdgesReportingDuration: 500s - # disable_host_header_fallback: true \ No newline at end of file + + configOverride: {} + # e.g. + # enable_mesh_edges_reporting: true + # disable_server_access_logging: false + # meshEdgesReportingDuration: 500s + # disable_host_header_fallback: true \ No newline at end of file From eb8bb39db96a42405c3d88c99fd04b873a62f80b Mon Sep 17 00:00:00 2001 From: Xinnan Wen Date: Thu, 5 Dec 2019 12:25:29 -0800 Subject: [PATCH 3/5] add version for templates --- ...{telemetryv2.yaml => telemetryv2_1.4.yaml} | 21 ++++++++++--------- istio-control/istio-discovery/values.yaml | 4 ---- test/noauth.mk | 2 +- 3 files changed, 12 insertions(+), 15 deletions(-) rename istio-control/istio-discovery/templates/{telemetryv2.yaml => telemetryv2_1.4.yaml} (92%) diff --git a/istio-control/istio-discovery/templates/telemetryv2.yaml b/istio-control/istio-discovery/templates/telemetryv2_1.4.yaml similarity index 92% rename from istio-control/istio-discovery/templates/telemetryv2.yaml rename to istio-control/istio-discovery/templates/telemetryv2_1.4.yaml index eefc6fcb..74550f2b 100644 --- a/istio-control/istio-discovery/templates/telemetryv2.yaml +++ b/istio-control/istio-discovery/templates/telemetryv2_1.4.yaml @@ -1,8 +1,9 @@ +# these EnvoyFilter templates work for release 1.4 only {{- if and .Values.telemetry.enabled .Values.telemetry.v2.enabled }} apiVersion: networking.istio.io/v1alpha3 kind: EnvoyFilter metadata: - name: metadata-exchange + name: metadata-exchange-1.4 {{- if .Values.global.configRootNamespace }} namespace: {{ .Values.global.configRootNamespace }} {{- else }} @@ -14,7 +15,7 @@ spec: match: context: ANY # inbound, outbound, and gateway proxy: - proxyVersion: {{ .Values.telemetry.v2.proxyMatch.proxyVersion }} + proxyVersion: '1\.4.*' listener: filterChain: filter: @@ -35,7 +36,7 @@ spec: apiVersion: networking.istio.io/v1alpha3 kind: EnvoyFilter metadata: - name: stats-filter + name: stats-filter-1.4 {{- if .Values.global.configRootNamespace }} namespace: {{ .Values.global.configRootNamespace }} {{- else }} @@ -47,7 +48,7 @@ spec: match: context: SIDECAR_OUTBOUND proxy: - proxyVersion: {{ .Values.telemetry.v2.proxyMatch.proxyVersion }} + proxyVersion: '1\.4.*' listener: filterChain: filter: @@ -75,7 +76,7 @@ spec: match: context: SIDECAR_INBOUND proxy: - proxyVersion: {{ .Values.telemetry.v2.proxyMatch.proxyVersion }} + proxyVersion: '1\.4.*' listener: filterChain: filter: @@ -103,7 +104,7 @@ spec: match: context: GATEWAY proxy: - proxyVersion: {{ .Values.telemetry.v2.proxyMatch.proxyVersion }} + proxyVersion: '1\.4.*' listener: filterChain: filter: @@ -134,7 +135,7 @@ spec: apiVersion: networking.istio.io/v1alpha3 kind: EnvoyFilter metadata: - name: stackdriver-filter + name: stackdriver-filter-1.4 {{- if .Values.global.configRootNamespace }} namespace: {{ .Values.global.configRootNamespace }} {{- else }} @@ -146,7 +147,7 @@ spec: match: context: SIDECAR_OUTBOUND proxy: - proxyVersion: {{ .Values.telemetry.v2.proxyMatch.proxyVersion }} + proxyVersion: '1\.4.*' listener: filterChain: filter: @@ -175,7 +176,7 @@ spec: match: context: SIDECAR_INBOUND proxy: - proxyVersion: {{ .Values.telemetry.v2.proxyMatch.proxyVersion }} + proxyVersion: '1\.4.*' listener: filterChain: filter: @@ -204,7 +205,7 @@ spec: match: context: GATEWAY proxy: - proxyVersion: {{ .Values.telemetry.v2.proxyMatch.proxyVersion }} + proxyVersion: '1\.4.*' listener: filterChain: filter: diff --git a/istio-control/istio-discovery/values.yaml b/istio-control/istio-discovery/values.yaml index 957f23ed..84e8cc0c 100644 --- a/istio-control/istio-discovery/values.yaml +++ b/istio-control/istio-discovery/values.yaml @@ -125,10 +125,6 @@ telemetry: # For Null VM case now. If enabled, will set disableMixerHttpReports to true and not define mixerReportServer # also enable metadata exchange and stats filter. enabled: true - proxyMatch: - # golang regular expression to be used to select proxies to apply telemetry v2 envoy filters. - # e.g. '1\.4.*', would only select 1.4 proxies. - proxyVersion: '1\.4.*' # Indicate if prometheus stats filter is enabled or not prometheus: enabled: false diff --git a/test/noauth.mk b/test/noauth.mk index fbe7f728..0ad1357a 100644 --- a/test/noauth.mk +++ b/test/noauth.mk @@ -64,7 +64,7 @@ run-test-knative: run-build-cluster run-build-minimal run-build-ingress # Install pilot, ingress - using a kustomization that installs them in istio-micro instead of istio-system # The kustomization installs a modified istio-ingress+istio-pilot, using separate namespace kubectl apply -k test/knative - kubectl wait deployments istio-ingressgateway istio-pilot -n istio-micro --for=condition=available --timeout=${WAIT_TIMEOUT} + kubectl wait deployments istio-ingressgateway istio-pilot -n istio-micro --for=condition=available --timeout=360s # Set host port 30090, for the ingressateway in istio-micro kubectl apply -f test/kind/ingress-service-micro.yaml From 9a140ebca220330797159000ad3d9a2708848d48 Mon Sep 17 00:00:00 2001 From: Xinnan Wen Date: Thu, 5 Dec 2019 17:16:08 -0800 Subject: [PATCH 4/5] make v2 default as false --- istio-control/istio-discovery/values.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/istio-control/istio-discovery/values.yaml b/istio-control/istio-discovery/values.yaml index 84e8cc0c..b78cdc32 100644 --- a/istio-control/istio-discovery/values.yaml +++ b/istio-control/istio-discovery/values.yaml @@ -124,7 +124,7 @@ telemetry: v2: # For Null VM case now. If enabled, will set disableMixerHttpReports to true and not define mixerReportServer # also enable metadata exchange and stats filter. - enabled: true + enabled: false # Indicate if prometheus stats filter is enabled or not prometheus: enabled: false From de12c32f34cf6d2767f1c97bbed54a66578d8c1e Mon Sep 17 00:00:00 2001 From: Xinnan Wen Date: Fri, 6 Dec 2019 11:03:41 -0800 Subject: [PATCH 5/5] update sd default settings --- istio-control/istio-discovery/values.yaml | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/istio-control/istio-discovery/values.yaml b/istio-control/istio-discovery/values.yaml index b78cdc32..b0e73632 100644 --- a/istio-control/istio-discovery/values.yaml +++ b/istio-control/istio-discovery/values.yaml @@ -130,10 +130,10 @@ telemetry: enabled: false # stackdriver filter settings. stackdriver: - enabled: true - logging: true - monitoring: true - topology: true + enabled: false + logging: false + monitoring: false + topology: false # configOverride parts give you the ability to override the low level configuration params passed to envoy filter. configOverride: {}