Skip to content

Commit

Permalink
feat: add istio-ambient stack
Browse files Browse the repository at this point in the history
adds istio ambient stack with additional observability component

Signed-off-by: John Pease <[email protected]>
  • Loading branch information
jaypz committed Dec 16, 2024
1 parent 80d62e3 commit 9da013d
Show file tree
Hide file tree
Showing 8 changed files with 323 additions and 0 deletions.
32 changes: 32 additions & 0 deletions istio-ambient/README.md
Original file line number Diff line number Diff line change
@@ -0,0 +1,32 @@
# Istio-Ambient Stack

This stack contains installation of Istio Ambient as well as supporting observability tooling so traffic, metrics, and traces can be observed


## Modules
- istio-base
- installs istio ambient and no additional observability tooling
- observability
- grafana - provides UI for tracing & prometheus metrics
- tempo - collects traces for grafana
- prometheus - required for kiali to display data
- opentelemetry - used to collect traces from istio and forward to tempo

## Installation

# Install base istio with no observability

`idpbuilder create -p https://github.com/cnoe-io/stacks//isto-ambient/istio-base`

# Install istio along with observability components

`idpbuilder create -p https://github.com/cnoe-io/stacks//isto-ambient/istio-base -p https://github.com/cnoe-io/stacks//isto-ambient/observability`


# Observability UIs

Kiali: https://kiali.cnoe.localtest.me:8443/

Grafana: https://grafana.cnoe.localtest.me:8443/

# Example Gateway and Application coming soon
64 changes: 64 additions & 0 deletions istio-ambient/istio-base/istio.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,64 @@
apiVersion: argoproj.io/v1alpha1
kind: Application
metadata:
name: 'istio-system'
namespace: argocd
spec:
project: default
sources:
- repoURL: 'https://istio-release.storage.googleapis.com/charts'
targetRevision: 1.24.1
helm:
parameters:
- name: 'profile'
value: 'ambient'
chart: cni
- repoURL: 'https://istio-release.storage.googleapis.com/charts'
targetRevision: 1.24.1
helm:
parameters:
- name: 'profile'
value: 'ambient'
chart: base
- repoURL: 'https://istio-release.storage.googleapis.com/charts'
targetRevision: 1.24.1
chart: ztunnel
helm:
parameters:
- name: 'profile'
value: 'ambient'
- repoURL: 'https://istio-release.storage.googleapis.com/charts'
targetRevision: 1.24.1
chart: istiod
helm:
parameters:
- name: 'profile'
value: 'ambient'
# Tracing Config
valuesObject:
meshConfig:
defaultProviders:
metrics:
- prometheus
enableTracing: true
extensionProviders:
- name: otel
opentelemetry:
port: 4317
service: otel-opentelemetry-collector.observability.svc.cluster.local
resource_detectors:
environment: {}
# Add Gateway API CRDs
- repoURL: 'https://github.com/kubernetes-sigs/gateway-api/'
targetRevision: v1.2.1
path: ./config/crd
destination:
server: "https://kubernetes.default.svc"
namespace: istio-system
syncPolicy:
automated:
prune: true
# Turned off, validating webhook shows out of sync when setup in idpbuilder
selfHeal: false
syncOptions:
- CreateNamespace=true
71 changes: 71 additions & 0 deletions istio-ambient/observability/grafana.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,71 @@
apiVersion: argoproj.io/v1alpha1
kind: Application
metadata:
name: grafana
namespace: argocd
spec:
destination:
namespace: observability
server: "https://kubernetes.default.svc"
sources:
- repoURL: 'https://grafana.github.io/helm-charts'
targetRevision: 1.10.3
helm:
values: |
fullnameOverride: tempo
service:
type: ClusterIP
chart: tempo
- repoURL: 'https://grafana.github.io/helm-charts'
targetRevision: 8.5.1
helm:
values: |
env:
GF_AUTH_ANONYMOUS_ENABLED: true
GF_AUTH_ANONYMOUS_ORG_ROLE: 'Admin'
GF_AUTH_DISABLE_LOGIN_FORM: true
datasources:
datasources.yaml:
apiVersion: 1
datasources:
- name: Tempo
type: tempo
access: proxy
orgId: 1
url: http://tempo:3100
basicAuth: false
isDefault: true
version: 1
editable: false
apiVersion: 1
uid: tempo
- name: Prometheus
type: prometheus
access: proxy
# Access mode - proxy (server in the UI) or direct (browser in the UI).
url: http://prometheus-server.observability.svc
jsonData:
httpMethod: POST
manageAlerts: true
prometheusType: Prometheus
prometheusVersion: 2.55.0
cacheLevel: 'High'
disableRecordingRules: false
incrementalQueryOverlapWindow: 10m
chart: grafana
- repoURL: cnoe://grafana
targetRevision: HEAD
# with path set to '.' and cnoe://manifests. we are wanting ArgoCD to sync from the ./manifests directory.
path: "."
project: default
syncPolicy:
managedNamespaceMetadata:
labels:
istio.io/dataplane-mode: 'ambient'
automated:
selfHeal: true
prune: true
syncOptions:
- CreateNamespace=true
17 changes: 17 additions & 0 deletions istio-ambient/observability/grafana/ingress.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,17 @@
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: grafana-ingress
spec:
ingressClassName: nginx
rules:
- host: grafana.cnoe.localtest.me
http:
paths:
- backend:
service:
name: grafana
port:
number: 80
path: /
pathType: Prefix
40 changes: 40 additions & 0 deletions istio-ambient/observability/istio-kiali.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,40 @@
apiVersion: argoproj.io/v1alpha1
kind: Application
metadata:
name: 'istio-kiali'
namespace: argocd
spec:
project: default
destination:
server: "https://kubernetes.default.svc"
namespace: istio-system
syncPolicy:
automated:
prune: true
selfHeal: true
syncOptions:
- CreateNamespace=true
sources:
- repoURL: cnoe://kiali
targetRevision: HEAD
path: "."
- repoURL: 'https://kiali.org/helm-charts'
targetRevision: v2.0.0
path: 'kiali/kiali-operator'
helm:
valuesObject:
cr:
create: 'true'
namespace: 'istio-system'
spec:
auth:
strategy: 'anonymous'
external_services:
prometheus:
url: "http://prometheus-server.observability.svc"
grafana:
enabled: true
internal_url: 'http://tempo-grafana.observability.svc'
# Public facing URL of Grafana
external_url: 'https://tracing.cnoe.localtest.me:8443/'
chart: kiali-operator
17 changes: 17 additions & 0 deletions istio-ambient/observability/kiali/ingress.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,17 @@
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: kiali-ingress
spec:
ingressClassName: nginx
rules:
- host: kiali.cnoe.localtest.me
http:
paths:
- backend:
service:
name: kiali
port:
number: 20001
path: /
pathType: Prefix
62 changes: 62 additions & 0 deletions istio-ambient/observability/opentelemetry.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,62 @@
apiVersion: argoproj.io/v1alpha1
kind: Application
metadata:
name: otel
namespace: argocd
spec:
destination:
namespace: observability
server: "https://kubernetes.default.svc"
sources:
- repoURL: 'https://open-telemetry.github.io/opentelemetry-helm-charts'
targetRevision: 0.73.0
helm:
valuesObject:
mode: deployment
config:
exporters:
logging:
loglevel: debug
otlp:
endpoint: tempo.observability.svc:4317
tls:
insecure: true
extensions:
# The health_check extension is mandatory for this chart.
# Without the health_check extension the collector will fail the readiness and liveliness probes.
# The health_check extension can be modified, but should never be removed.
health_check: {}
receivers:
otlp:
protocols:
grpc:
endpoint: ${env:MY_POD_IP}:4317
http:
endpoint: ${env:MY_POD_IP}:4318
service:
extensions:
- health_check
pipelines:
metrics:
receivers:
- otlp
logs:
receivers: [otlp]
exporters: [logging]
traces:
receivers:
- otlp
exporters:
- logging
- otlp
chart: opentelemetry-collector
project: default
syncPolicy:
managedNamespaceMetadata:
labels:
istio.io/dataplane-mode: 'ambient'
automated:
selfHeal: true
prune: true
syncOptions:
- CreateNamespace=true
20 changes: 20 additions & 0 deletions istio-ambient/observability/prometheus.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,20 @@
apiVersion: argoproj.io/v1alpha1
kind: Application
metadata:
name: prometheus
namespace: argocd
spec:
destination:
namespace: observability
server: "https://kubernetes.default.svc"
sources:
- repoURL: 'https://prometheus-community.github.io/helm-charts'
targetRevision: 25.28.0
chart: prometheus
project: default
syncPolicy:
automated:
selfHeal: true
prune: true
syncOptions:
- CreateNamespace=true

0 comments on commit 9da013d

Please sign in to comment.