Proxy Based Stackdriver Telemetry

Proxy Based Stackdriver Telemetry

From 1.4, Istio supports exporting Stackdriver telemetry (metrics, logs, trace spans, and context graph) directly from proxy instead.

Metrics and Log

To enable metrics and logs, add the following options into istioctl control plane configuration, or set them in istioctl command line:

values:
  telemetry:
    enabled: true
    v2:
      enabled: true
      stackdriver:
        enabled: true  # This enables Stackdriver metrics
        logging: true  # This enables Stackdriver server access logging

Or you can add the equivalent command line arguments to istioctl command --set values.telemetry.enabled=true --set values.telemetry.v2.enabled=true --set values.telemetry.v2.stackdriver.enabled=true --set values.telemetry.stackdriver.logging=true.

This will apply several EnvoyFilters to your cluster to enabled Metadata exchange filter and Stackdriver filter inside proxy. After enabling, in Stackdriver UI you will find:

• istio.io prefixed metrics be reported
• Server access log named as server-accesslog-stackdriver for every mesh request. Here is an example log entry

{
  insertId: "1d4cjxifryjkrl"
  httpRequest: {
    requestMethod: "GET"
    requestUrl: "http://svc03-0-4-0:8080/"
    requestSize: "669"
    status: 200
    responseSize: "2362"
    remoteIp: "10.56.8.154:58868"
    serverIp: "10.56.6.150:8080"
    latency: "0.000645167s"
    protocol: "http"
  }
  resource: {
    type: "k8s_container"
    labels: {
      ...
    }
  }
  timestamp: "2020-04-08T17:40:12.776414Z"
  severity: "INFO"
  labels: {
    mesh_uid: "xxx"
    destination_namespace: "service-graph03"
    request_id: "980a5285-1ee7-4552-9400-65dc3fbc1c61"
    source_principal: "spiffe://cluster.local/ns/service-graph03/sa/default"
    destination_workload: "svc03-0-4-0"
    destination_version: "v1"
    source_namespace: "service-graph03"
    destination_name: "svc03-0-4-0-b686cb5bb-8cpd2"
    source_workload: "svc03-0-4"
    destination_app: "svc03-0-4-0"
    destination_principal: "spiffe://cluster.local/ns/service-graph03/sa/default"
    response_flag: "-"
    source_version: "v1"
    source_app: "svc03-0-4"
    destination_service_host: "svc03-0-4-0.service-graph03.svc.cluster.local"
    service_authentication_policy: "MUTUAL_TLS"
    source_name: "svc03-0-4-85996f476b-xlbj2"
  }
  logName: "projects/xxxx/logs/server-accesslog-stackdriver"
  receiveTimestamp: "2020-04-08T17:40:12.983094053Z"
}

Helm installation does not support these options. If you are using Helm, alternatively you could generate the manifest with istioctl, extract out the necessary EnvoyFilter configuration, and apply them manually. Specifically run istioctl manifest generate with the aforementioned values, look for and apply versioned Stackdriver and Metadata Exchange EnvoyFilter, e.g. stackdriver-filter-1.5, metadata-exchange-1.5.

Trace

To enable tracing, set the following options in istioctl installation: --set values.global.enableTracing=true --set values.global.proxy.tracer=stackdriver. This will enable Envoy proxy to export traces directly to Stackdriver. You can adjust sampling rate using pilot.traceSampling option as other tracers.

Context Graph (Topology)

To enable tracing, set the following options in istioctl installation: --set value s.telemetry.v2.stackdriver.topology=true. This will enable Envoy proxy to export context graph edge to Stackdriver.