-
Notifications
You must be signed in to change notification settings - Fork 17
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
adds istio ambient stack with additional observability component Signed-off-by: John Pease <[email protected]>
- Loading branch information
Showing
8 changed files
with
323 additions
and
0 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,32 @@ | ||
# Istio-Ambient Stack | ||
|
||
This stack contains installation of Istio Ambient as well as supporting observability tooling so traffic, metrics, and traces can be observed | ||
|
||
|
||
## Modules | ||
- istio-base | ||
- installs istio ambient and no additional observability tooling | ||
- observability | ||
- grafana - provides UI for tracing & prometheus metrics | ||
- tempo - collects traces for grafana | ||
- prometheus - required for kiali to display data | ||
- opentelemetry - used to collect traces from istio and forward to tempo | ||
|
||
## Installation | ||
|
||
# Install base istio with no observability | ||
|
||
`idpbuilder create -p https://github.com/cnoe-io/stacks//isto-ambient/istio-base` | ||
|
||
# Install istio along with observability components | ||
|
||
`idpbuilder create -p https://github.com/cnoe-io/stacks//isto-ambient/istio-base -p https://github.com/cnoe-io/stacks//isto-ambient/observability` | ||
|
||
|
||
# Observability UIs | ||
|
||
Kiali: https://kiali.cnoe.localtest.me:8443/ | ||
|
||
Grafana: https://grafana.cnoe.localtest.me:8443/ | ||
|
||
# Example Gateway and Application coming soon |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,64 @@ | ||
apiVersion: argoproj.io/v1alpha1 | ||
kind: Application | ||
metadata: | ||
name: 'istio-system' | ||
namespace: argocd | ||
spec: | ||
project: default | ||
sources: | ||
- repoURL: 'https://istio-release.storage.googleapis.com/charts' | ||
targetRevision: 1.24.1 | ||
helm: | ||
parameters: | ||
- name: 'profile' | ||
value: 'ambient' | ||
chart: cni | ||
- repoURL: 'https://istio-release.storage.googleapis.com/charts' | ||
targetRevision: 1.24.1 | ||
helm: | ||
parameters: | ||
- name: 'profile' | ||
value: 'ambient' | ||
chart: base | ||
- repoURL: 'https://istio-release.storage.googleapis.com/charts' | ||
targetRevision: 1.24.1 | ||
chart: ztunnel | ||
helm: | ||
parameters: | ||
- name: 'profile' | ||
value: 'ambient' | ||
- repoURL: 'https://istio-release.storage.googleapis.com/charts' | ||
targetRevision: 1.24.1 | ||
chart: istiod | ||
helm: | ||
parameters: | ||
- name: 'profile' | ||
value: 'ambient' | ||
# Tracing Config | ||
valuesObject: | ||
meshConfig: | ||
defaultProviders: | ||
metrics: | ||
- prometheus | ||
enableTracing: true | ||
extensionProviders: | ||
- name: otel | ||
opentelemetry: | ||
port: 4317 | ||
service: otel-opentelemetry-collector.observability.svc.cluster.local | ||
resource_detectors: | ||
environment: {} | ||
# Add Gateway API CRDs | ||
- repoURL: 'https://github.com/kubernetes-sigs/gateway-api/' | ||
targetRevision: v1.2.1 | ||
path: ./config/crd | ||
destination: | ||
server: "https://kubernetes.default.svc" | ||
namespace: istio-system | ||
syncPolicy: | ||
automated: | ||
prune: true | ||
# Turned off, validating webhook shows out of sync when setup in idpbuilder | ||
selfHeal: false | ||
syncOptions: | ||
- CreateNamespace=true |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,71 @@ | ||
apiVersion: argoproj.io/v1alpha1 | ||
kind: Application | ||
metadata: | ||
name: grafana | ||
namespace: argocd | ||
spec: | ||
destination: | ||
namespace: observability | ||
server: "https://kubernetes.default.svc" | ||
sources: | ||
- repoURL: 'https://grafana.github.io/helm-charts' | ||
targetRevision: 1.10.3 | ||
helm: | ||
values: | | ||
fullnameOverride: tempo | ||
service: | ||
type: ClusterIP | ||
chart: tempo | ||
- repoURL: 'https://grafana.github.io/helm-charts' | ||
targetRevision: 8.5.1 | ||
helm: | ||
values: | | ||
env: | ||
GF_AUTH_ANONYMOUS_ENABLED: true | ||
GF_AUTH_ANONYMOUS_ORG_ROLE: 'Admin' | ||
GF_AUTH_DISABLE_LOGIN_FORM: true | ||
datasources: | ||
datasources.yaml: | ||
apiVersion: 1 | ||
datasources: | ||
- name: Tempo | ||
type: tempo | ||
access: proxy | ||
orgId: 1 | ||
url: http://tempo:3100 | ||
basicAuth: false | ||
isDefault: true | ||
version: 1 | ||
editable: false | ||
apiVersion: 1 | ||
uid: tempo | ||
- name: Prometheus | ||
type: prometheus | ||
access: proxy | ||
# Access mode - proxy (server in the UI) or direct (browser in the UI). | ||
url: http://prometheus-server.observability.svc | ||
jsonData: | ||
httpMethod: POST | ||
manageAlerts: true | ||
prometheusType: Prometheus | ||
prometheusVersion: 2.55.0 | ||
cacheLevel: 'High' | ||
disableRecordingRules: false | ||
incrementalQueryOverlapWindow: 10m | ||
chart: grafana | ||
- repoURL: cnoe://grafana | ||
targetRevision: HEAD | ||
# with path set to '.' and cnoe://manifests. we are wanting ArgoCD to sync from the ./manifests directory. | ||
path: "." | ||
project: default | ||
syncPolicy: | ||
managedNamespaceMetadata: | ||
labels: | ||
istio.io/dataplane-mode: 'ambient' | ||
automated: | ||
selfHeal: true | ||
prune: true | ||
syncOptions: | ||
- CreateNamespace=true |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,17 @@ | ||
apiVersion: networking.k8s.io/v1 | ||
kind: Ingress | ||
metadata: | ||
name: grafana-ingress | ||
spec: | ||
ingressClassName: nginx | ||
rules: | ||
- host: grafana.cnoe.localtest.me | ||
http: | ||
paths: | ||
- backend: | ||
service: | ||
name: grafana | ||
port: | ||
number: 80 | ||
path: / | ||
pathType: Prefix |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,40 @@ | ||
apiVersion: argoproj.io/v1alpha1 | ||
kind: Application | ||
metadata: | ||
name: 'istio-kiali' | ||
namespace: argocd | ||
spec: | ||
project: default | ||
destination: | ||
server: "https://kubernetes.default.svc" | ||
namespace: istio-system | ||
syncPolicy: | ||
automated: | ||
prune: true | ||
selfHeal: true | ||
syncOptions: | ||
- CreateNamespace=true | ||
sources: | ||
- repoURL: cnoe://kiali | ||
targetRevision: HEAD | ||
path: "." | ||
- repoURL: 'https://kiali.org/helm-charts' | ||
targetRevision: v2.0.0 | ||
path: 'kiali/kiali-operator' | ||
helm: | ||
valuesObject: | ||
cr: | ||
create: 'true' | ||
namespace: 'istio-system' | ||
spec: | ||
auth: | ||
strategy: 'anonymous' | ||
external_services: | ||
prometheus: | ||
url: "http://prometheus-server.observability.svc" | ||
grafana: | ||
enabled: true | ||
internal_url: 'http://tempo-grafana.observability.svc' | ||
# Public facing URL of Grafana | ||
external_url: 'https://tracing.cnoe.localtest.me:8443/' | ||
chart: kiali-operator |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,17 @@ | ||
apiVersion: networking.k8s.io/v1 | ||
kind: Ingress | ||
metadata: | ||
name: kiali-ingress | ||
spec: | ||
ingressClassName: nginx | ||
rules: | ||
- host: kiali.cnoe.localtest.me | ||
http: | ||
paths: | ||
- backend: | ||
service: | ||
name: kiali | ||
port: | ||
number: 20001 | ||
path: / | ||
pathType: Prefix |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,62 @@ | ||
apiVersion: argoproj.io/v1alpha1 | ||
kind: Application | ||
metadata: | ||
name: otel | ||
namespace: argocd | ||
spec: | ||
destination: | ||
namespace: observability | ||
server: "https://kubernetes.default.svc" | ||
sources: | ||
- repoURL: 'https://open-telemetry.github.io/opentelemetry-helm-charts' | ||
targetRevision: 0.73.0 | ||
helm: | ||
valuesObject: | ||
mode: deployment | ||
config: | ||
exporters: | ||
logging: | ||
loglevel: debug | ||
otlp: | ||
endpoint: tempo.observability.svc:4317 | ||
tls: | ||
insecure: true | ||
extensions: | ||
# The health_check extension is mandatory for this chart. | ||
# Without the health_check extension the collector will fail the readiness and liveliness probes. | ||
# The health_check extension can be modified, but should never be removed. | ||
health_check: {} | ||
receivers: | ||
otlp: | ||
protocols: | ||
grpc: | ||
endpoint: ${env:MY_POD_IP}:4317 | ||
http: | ||
endpoint: ${env:MY_POD_IP}:4318 | ||
service: | ||
extensions: | ||
- health_check | ||
pipelines: | ||
metrics: | ||
receivers: | ||
- otlp | ||
logs: | ||
receivers: [otlp] | ||
exporters: [logging] | ||
traces: | ||
receivers: | ||
- otlp | ||
exporters: | ||
- logging | ||
- otlp | ||
chart: opentelemetry-collector | ||
project: default | ||
syncPolicy: | ||
managedNamespaceMetadata: | ||
labels: | ||
istio.io/dataplane-mode: 'ambient' | ||
automated: | ||
selfHeal: true | ||
prune: true | ||
syncOptions: | ||
- CreateNamespace=true |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,20 @@ | ||
apiVersion: argoproj.io/v1alpha1 | ||
kind: Application | ||
metadata: | ||
name: prometheus | ||
namespace: argocd | ||
spec: | ||
destination: | ||
namespace: observability | ||
server: "https://kubernetes.default.svc" | ||
sources: | ||
- repoURL: 'https://prometheus-community.github.io/helm-charts' | ||
targetRevision: 25.28.0 | ||
chart: prometheus | ||
project: default | ||
syncPolicy: | ||
automated: | ||
selfHeal: true | ||
prune: true | ||
syncOptions: | ||
- CreateNamespace=true |