-
Notifications
You must be signed in to change notification settings - Fork 17
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
feat: add istio-ambient stack #49
base: main
Are you sure you want to change the base?
Changes from 1 commit
9da013d
aeb9caa
9bb4565
27d37b0
64d8088
File filter
Filter by extension
Conversations
Jump to
Diff view
Diff view
There are no files selected for viewing
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,32 @@ | ||
# Istio-Ambient Stack | ||
|
||
This stack contains installation of Istio Ambient as well as supporting observability tooling so traffic, metrics, and traces can be observed | ||
|
||
|
||
## Modules | ||
- istio-base | ||
- installs istio ambient and no additional observability tooling | ||
- observability | ||
- grafana - provides UI for tracing & prometheus metrics | ||
- tempo - collects traces for grafana | ||
- prometheus - required for kiali to display data | ||
- opentelemetry - used to collect traces from istio and forward to tempo | ||
|
||
## Installation | ||
|
||
# Install base istio with no observability | ||
|
||
`idpbuilder create -p https://github.com/cnoe-io/stacks//isto-ambient/istio-base` | ||
|
||
# Install istio along with observability components | ||
|
||
`idpbuilder create -p https://github.com/cnoe-io/stacks//isto-ambient/istio-base -p https://github.com/cnoe-io/stacks//isto-ambient/observability` | ||
|
||
|
||
# Observability UIs | ||
|
||
Kiali: https://kiali.cnoe.localtest.me:8443/ | ||
|
||
Grafana: https://grafana.cnoe.localtest.me:8443/ | ||
|
||
# Example Gateway and Application coming soon |
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,64 @@ | ||
apiVersion: argoproj.io/v1alpha1 | ||
kind: Application | ||
metadata: | ||
name: 'istio-system' | ||
namespace: argocd | ||
spec: | ||
project: default | ||
sources: | ||
- repoURL: 'https://istio-release.storage.googleapis.com/charts' | ||
targetRevision: 1.24.1 | ||
helm: | ||
parameters: | ||
jaypz marked this conversation as resolved.
Show resolved
Hide resolved
|
||
- name: 'profile' | ||
value: 'ambient' | ||
chart: cni | ||
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. I am curious if the CNI helm chart conflicts with other CNIs I think according to https://istio.io/latest/docs/setup/additional-setup/cni/#prerequisites-for-use we should be fine here since we are in a kind cluster. There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. It shouldn't unless its a fairly obscure CNI, this isn't a CNI in itself but a cni plugin - most CNIs such as Cilium, AWS, Calico, Kind's etc. all work without any issues 👍 |
||
- repoURL: 'https://istio-release.storage.googleapis.com/charts' | ||
targetRevision: 1.24.1 | ||
helm: | ||
parameters: | ||
- name: 'profile' | ||
value: 'ambient' | ||
chart: base | ||
- repoURL: 'https://istio-release.storage.googleapis.com/charts' | ||
targetRevision: 1.24.1 | ||
chart: ztunnel | ||
helm: | ||
parameters: | ||
- name: 'profile' | ||
value: 'ambient' | ||
- repoURL: 'https://istio-release.storage.googleapis.com/charts' | ||
targetRevision: 1.24.1 | ||
chart: istiod | ||
helm: | ||
parameters: | ||
- name: 'profile' | ||
value: 'ambient' | ||
# Tracing Config | ||
valuesObject: | ||
meshConfig: | ||
defaultProviders: | ||
metrics: | ||
- prometheus | ||
enableTracing: true | ||
extensionProviders: | ||
- name: otel | ||
opentelemetry: | ||
port: 4317 | ||
service: otel-opentelemetry-collector.observability.svc.cluster.local | ||
resource_detectors: | ||
environment: {} | ||
# Add Gateway API CRDs | ||
- repoURL: 'https://github.com/kubernetes-sigs/gateway-api/' | ||
targetRevision: v1.2.1 | ||
path: ./config/crd | ||
destination: | ||
server: "https://kubernetes.default.svc" | ||
namespace: istio-system | ||
syncPolicy: | ||
automated: | ||
prune: true | ||
# Turned off, validating webhook shows out of sync when setup in idpbuilder | ||
jaypz marked this conversation as resolved.
Show resolved
Hide resolved
|
||
selfHeal: false | ||
syncOptions: | ||
- CreateNamespace=true |
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,71 @@ | ||
apiVersion: argoproj.io/v1alpha1 | ||
kind: Application | ||
metadata: | ||
name: grafana | ||
namespace: argocd | ||
spec: | ||
destination: | ||
namespace: observability | ||
server: "https://kubernetes.default.svc" | ||
sources: | ||
- repoURL: 'https://grafana.github.io/helm-charts' | ||
targetRevision: 1.10.3 | ||
helm: | ||
values: | | ||
fullnameOverride: tempo | ||
service: | ||
type: ClusterIP | ||
chart: tempo | ||
- repoURL: 'https://grafana.github.io/helm-charts' | ||
targetRevision: 8.5.1 | ||
helm: | ||
values: | | ||
env: | ||
GF_AUTH_ANONYMOUS_ENABLED: true | ||
GF_AUTH_ANONYMOUS_ORG_ROLE: 'Admin' | ||
GF_AUTH_DISABLE_LOGIN_FORM: true | ||
|
||
datasources: | ||
datasources.yaml: | ||
apiVersion: 1 | ||
|
||
datasources: | ||
- name: Tempo | ||
type: tempo | ||
access: proxy | ||
orgId: 1 | ||
url: http://tempo:3100 | ||
basicAuth: false | ||
isDefault: true | ||
version: 1 | ||
editable: false | ||
apiVersion: 1 | ||
uid: tempo | ||
- name: Prometheus | ||
type: prometheus | ||
access: proxy | ||
# Access mode - proxy (server in the UI) or direct (browser in the UI). | ||
url: http://prometheus-server.observability.svc | ||
jsonData: | ||
httpMethod: POST | ||
manageAlerts: true | ||
prometheusType: Prometheus | ||
prometheusVersion: 2.55.0 | ||
cacheLevel: 'High' | ||
disableRecordingRules: false | ||
incrementalQueryOverlapWindow: 10m | ||
chart: grafana | ||
- repoURL: cnoe://grafana | ||
targetRevision: HEAD | ||
# with path set to '.' and cnoe://manifests. we are wanting ArgoCD to sync from the ./manifests directory. | ||
path: "." | ||
project: default | ||
syncPolicy: | ||
managedNamespaceMetadata: | ||
labels: | ||
istio.io/dataplane-mode: 'ambient' | ||
automated: | ||
selfHeal: true | ||
prune: true | ||
syncOptions: | ||
- CreateNamespace=true |
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,17 @@ | ||
apiVersion: networking.k8s.io/v1 | ||
kind: Ingress | ||
metadata: | ||
name: grafana-ingress | ||
spec: | ||
ingressClassName: nginx | ||
rules: | ||
- host: grafana.cnoe.localtest.me | ||
http: | ||
paths: | ||
- backend: | ||
service: | ||
name: grafana | ||
port: | ||
number: 80 | ||
path: / | ||
pathType: Prefix |
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,40 @@ | ||
apiVersion: argoproj.io/v1alpha1 | ||
kind: Application | ||
metadata: | ||
name: 'istio-kiali' | ||
namespace: argocd | ||
spec: | ||
project: default | ||
destination: | ||
server: "https://kubernetes.default.svc" | ||
namespace: istio-system | ||
syncPolicy: | ||
automated: | ||
prune: true | ||
selfHeal: true | ||
syncOptions: | ||
- CreateNamespace=true | ||
sources: | ||
- repoURL: cnoe://kiali | ||
targetRevision: HEAD | ||
path: "." | ||
- repoURL: 'https://kiali.org/helm-charts' | ||
targetRevision: v2.0.0 | ||
path: 'kiali/kiali-operator' | ||
helm: | ||
valuesObject: | ||
cr: | ||
create: 'true' | ||
namespace: 'istio-system' | ||
spec: | ||
auth: | ||
strategy: 'anonymous' | ||
external_services: | ||
prometheus: | ||
url: "http://prometheus-server.observability.svc" | ||
grafana: | ||
enabled: true | ||
internal_url: 'http://tempo-grafana.observability.svc' | ||
# Public facing URL of Grafana | ||
external_url: 'https://tracing.cnoe.localtest.me:8443/' | ||
chart: kiali-operator |
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,17 @@ | ||
apiVersion: networking.k8s.io/v1 | ||
kind: Ingress | ||
metadata: | ||
name: kiali-ingress | ||
spec: | ||
ingressClassName: nginx | ||
rules: | ||
- host: kiali.cnoe.localtest.me | ||
http: | ||
paths: | ||
- backend: | ||
service: | ||
name: kiali | ||
port: | ||
number: 20001 | ||
path: / | ||
pathType: Prefix |
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,62 @@ | ||
apiVersion: argoproj.io/v1alpha1 | ||
kind: Application | ||
metadata: | ||
name: otel | ||
namespace: argocd | ||
spec: | ||
destination: | ||
namespace: observability | ||
server: "https://kubernetes.default.svc" | ||
sources: | ||
- repoURL: 'https://open-telemetry.github.io/opentelemetry-helm-charts' | ||
targetRevision: 0.73.0 | ||
helm: | ||
valuesObject: | ||
mode: deployment | ||
config: | ||
exporters: | ||
logging: | ||
loglevel: debug | ||
otlp: | ||
endpoint: tempo.observability.svc:4317 | ||
tls: | ||
insecure: true | ||
extensions: | ||
# The health_check extension is mandatory for this chart. | ||
# Without the health_check extension the collector will fail the readiness and liveliness probes. | ||
# The health_check extension can be modified, but should never be removed. | ||
health_check: {} | ||
receivers: | ||
otlp: | ||
protocols: | ||
grpc: | ||
endpoint: ${env:MY_POD_IP}:4317 | ||
http: | ||
endpoint: ${env:MY_POD_IP}:4318 | ||
service: | ||
extensions: | ||
- health_check | ||
pipelines: | ||
metrics: | ||
receivers: | ||
- otlp | ||
logs: | ||
receivers: [otlp] | ||
exporters: [logging] | ||
traces: | ||
receivers: | ||
- otlp | ||
exporters: | ||
- logging | ||
- otlp | ||
chart: opentelemetry-collector | ||
project: default | ||
syncPolicy: | ||
managedNamespaceMetadata: | ||
labels: | ||
istio.io/dataplane-mode: 'ambient' | ||
automated: | ||
selfHeal: true | ||
prune: true | ||
syncOptions: | ||
- CreateNamespace=true |
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,20 @@ | ||
apiVersion: argoproj.io/v1alpha1 | ||
kind: Application | ||
metadata: | ||
name: prometheus | ||
namespace: argocd | ||
spec: | ||
destination: | ||
namespace: observability | ||
server: "https://kubernetes.default.svc" | ||
sources: | ||
- repoURL: 'https://prometheus-community.github.io/helm-charts' | ||
targetRevision: 25.28.0 | ||
chart: prometheus | ||
project: default | ||
syncPolicy: | ||
automated: | ||
selfHeal: true | ||
prune: true | ||
syncOptions: | ||
- CreateNamespace=true |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This may be a good idea to put the details of what the urls are on path based routing (if that is supported) or note that only host based routing is supported
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I've added a note on this; I've not tested the built-in path based routing feature