diff --git a/istio-ambient/README.md b/istio-ambient/README.md new file mode 100644 index 0000000..9643091 --- /dev/null +++ b/istio-ambient/README.md @@ -0,0 +1,32 @@ +# Istio-Ambient Stack + +This stack contains installation of Istio Ambient as well as supporting observability tooling so traffic, metrics, and traces can be observed + + +## Modules +- istio-base + - installs istio ambient and no additional observability tooling +- observability + - grafana - provides UI for tracing & prometheus metrics + - tempo - collects traces for grafana + - prometheus - required for kiali to display data + - opentelemetry - used to collect traces from istio and forward to tempo + +## Installation + +# Install base istio with no observability + +`idpbuilder create -p https://github.com/cnoe-io/stacks//isto-ambient/istio-base` + +# Install istio along with observability components + +`idpbuilder create -p https://github.com/cnoe-io/stacks//isto-ambient/istio-base -p https://github.com/cnoe-io/stacks//isto-ambient/observability` + + +# Observability UIs + +Kiali: https://kiali.cnoe.localtest.me:8443/ + +Grafana: https://grafana.cnoe.localtest.me:8443/ + +# Example Gateway and Application coming soon \ No newline at end of file diff --git a/istio-ambient/istio-base/istio.yaml b/istio-ambient/istio-base/istio.yaml new file mode 100644 index 0000000..ee51734 --- /dev/null +++ b/istio-ambient/istio-base/istio.yaml @@ -0,0 +1,64 @@ +apiVersion: argoproj.io/v1alpha1 +kind: Application +metadata: + name: 'istio-system' + namespace: argocd +spec: + project: default + sources: + - repoURL: 'https://istio-release.storage.googleapis.com/charts' + targetRevision: 1.24.1 + helm: + parameters: + - name: 'profile' + value: 'ambient' + chart: cni + - repoURL: 'https://istio-release.storage.googleapis.com/charts' + targetRevision: 1.24.1 + helm: + parameters: + - name: 'profile' + value: 'ambient' + chart: base + - repoURL: 'https://istio-release.storage.googleapis.com/charts' + targetRevision: 1.24.1 + chart: ztunnel + helm: + parameters: + - name: 'profile' + value: 'ambient' + - repoURL: 'https://istio-release.storage.googleapis.com/charts' + targetRevision: 1.24.1 + chart: istiod + helm: + parameters: + - name: 'profile' + value: 'ambient' + # Tracing Config + valuesObject: + meshConfig: + defaultProviders: + metrics: + - prometheus + enableTracing: true + extensionProviders: + - name: otel + opentelemetry: + port: 4317 + service: otel-opentelemetry-collector.observability.svc.cluster.local + resource_detectors: + environment: {} + # Add Gateway API CRDs + - repoURL: 'https://github.com/kubernetes-sigs/gateway-api/' + targetRevision: v1.2.1 + path: ./config/crd + destination: + server: "https://kubernetes.default.svc" + namespace: istio-system + syncPolicy: + automated: + prune: true + # Turned off, validating webhook shows out of sync when setup in idpbuilder + selfHeal: false + syncOptions: + - CreateNamespace=true diff --git a/istio-ambient/observability/grafana.yaml b/istio-ambient/observability/grafana.yaml new file mode 100644 index 0000000..e1acc07 --- /dev/null +++ b/istio-ambient/observability/grafana.yaml @@ -0,0 +1,71 @@ +apiVersion: argoproj.io/v1alpha1 +kind: Application +metadata: + name: grafana + namespace: argocd +spec: + destination: + namespace: observability + server: "https://kubernetes.default.svc" + sources: + - repoURL: 'https://grafana.github.io/helm-charts' + targetRevision: 1.10.3 + helm: + values: | + fullnameOverride: tempo + service: + type: ClusterIP + chart: tempo + - repoURL: 'https://grafana.github.io/helm-charts' + targetRevision: 8.5.1 + helm: + values: | + env: + GF_AUTH_ANONYMOUS_ENABLED: true + GF_AUTH_ANONYMOUS_ORG_ROLE: 'Admin' + GF_AUTH_DISABLE_LOGIN_FORM: true + + datasources: + datasources.yaml: + apiVersion: 1 + + datasources: + - name: Tempo + type: tempo + access: proxy + orgId: 1 + url: http://tempo:3100 + basicAuth: false + isDefault: true + version: 1 + editable: false + apiVersion: 1 + uid: tempo + - name: Prometheus + type: prometheus + access: proxy + # Access mode - proxy (server in the UI) or direct (browser in the UI). + url: http://prometheus-server.observability.svc + jsonData: + httpMethod: POST + manageAlerts: true + prometheusType: Prometheus + prometheusVersion: 2.55.0 + cacheLevel: 'High' + disableRecordingRules: false + incrementalQueryOverlapWindow: 10m + chart: grafana + - repoURL: cnoe://grafana + targetRevision: HEAD + # with path set to '.' and cnoe://manifests. we are wanting ArgoCD to sync from the ./manifests directory. + path: "." + project: default + syncPolicy: + managedNamespaceMetadata: + labels: + istio.io/dataplane-mode: 'ambient' + automated: + selfHeal: true + prune: true + syncOptions: + - CreateNamespace=true diff --git a/istio-ambient/observability/grafana/ingress.yaml b/istio-ambient/observability/grafana/ingress.yaml new file mode 100644 index 0000000..098244f --- /dev/null +++ b/istio-ambient/observability/grafana/ingress.yaml @@ -0,0 +1,17 @@ +apiVersion: networking.k8s.io/v1 +kind: Ingress +metadata: + name: grafana-ingress +spec: + ingressClassName: nginx + rules: + - host: grafana.cnoe.localtest.me + http: + paths: + - backend: + service: + name: grafana + port: + number: 80 + path: / + pathType: Prefix diff --git a/istio-ambient/observability/istio-kiali.yaml b/istio-ambient/observability/istio-kiali.yaml new file mode 100644 index 0000000..6de603c --- /dev/null +++ b/istio-ambient/observability/istio-kiali.yaml @@ -0,0 +1,40 @@ +apiVersion: argoproj.io/v1alpha1 +kind: Application +metadata: + name: 'istio-kiali' + namespace: argocd +spec: + project: default + destination: + server: "https://kubernetes.default.svc" + namespace: istio-system + syncPolicy: + automated: + prune: true + selfHeal: true + syncOptions: + - CreateNamespace=true + sources: + - repoURL: cnoe://kiali + targetRevision: HEAD + path: "." + - repoURL: 'https://kiali.org/helm-charts' + targetRevision: v2.0.0 + path: 'kiali/kiali-operator' + helm: + valuesObject: + cr: + create: 'true' + namespace: 'istio-system' + spec: + auth: + strategy: 'anonymous' + external_services: + prometheus: + url: "http://prometheus-server.observability.svc" + grafana: + enabled: true + internal_url: 'http://tempo-grafana.observability.svc' + # Public facing URL of Grafana + external_url: 'https://tracing.cnoe.localtest.me:8443/' + chart: kiali-operator diff --git a/istio-ambient/observability/kiali/ingress.yaml b/istio-ambient/observability/kiali/ingress.yaml new file mode 100644 index 0000000..ed42de9 --- /dev/null +++ b/istio-ambient/observability/kiali/ingress.yaml @@ -0,0 +1,17 @@ +apiVersion: networking.k8s.io/v1 +kind: Ingress +metadata: + name: kiali-ingress +spec: + ingressClassName: nginx + rules: + - host: kiali.cnoe.localtest.me + http: + paths: + - backend: + service: + name: kiali + port: + number: 20001 + path: / + pathType: Prefix diff --git a/istio-ambient/observability/opentelemetry.yaml b/istio-ambient/observability/opentelemetry.yaml new file mode 100644 index 0000000..7b9e31f --- /dev/null +++ b/istio-ambient/observability/opentelemetry.yaml @@ -0,0 +1,62 @@ +apiVersion: argoproj.io/v1alpha1 +kind: Application +metadata: + name: otel + namespace: argocd +spec: + destination: + namespace: observability + server: "https://kubernetes.default.svc" + sources: + - repoURL: 'https://open-telemetry.github.io/opentelemetry-helm-charts' + targetRevision: 0.73.0 + helm: + valuesObject: + mode: deployment + config: + exporters: + logging: + loglevel: debug + otlp: + endpoint: tempo.observability.svc:4317 + tls: + insecure: true + extensions: + # The health_check extension is mandatory for this chart. + # Without the health_check extension the collector will fail the readiness and liveliness probes. + # The health_check extension can be modified, but should never be removed. + health_check: {} + receivers: + otlp: + protocols: + grpc: + endpoint: ${env:MY_POD_IP}:4317 + http: + endpoint: ${env:MY_POD_IP}:4318 + service: + extensions: + - health_check + pipelines: + metrics: + receivers: + - otlp + logs: + receivers: [otlp] + exporters: [logging] + traces: + receivers: + - otlp + exporters: + - logging + - otlp + chart: opentelemetry-collector + project: default + syncPolicy: + managedNamespaceMetadata: + labels: + istio.io/dataplane-mode: 'ambient' + automated: + selfHeal: true + prune: true + syncOptions: + - CreateNamespace=true diff --git a/istio-ambient/observability/prometheus.yaml b/istio-ambient/observability/prometheus.yaml new file mode 100644 index 0000000..9ff84c6 --- /dev/null +++ b/istio-ambient/observability/prometheus.yaml @@ -0,0 +1,20 @@ +apiVersion: argoproj.io/v1alpha1 +kind: Application +metadata: + name: prometheus + namespace: argocd +spec: + destination: + namespace: observability + server: "https://kubernetes.default.svc" + sources: + - repoURL: 'https://prometheus-community.github.io/helm-charts' + targetRevision: 25.28.0 + chart: prometheus + project: default + syncPolicy: + automated: + selfHeal: true + prune: true + syncOptions: + - CreateNamespace=true