From 002dd6f5b6db556530ea06cf46d94bcee8ab7777 Mon Sep 17 00:00:00 2001 From: zirain Date: Wed, 22 Nov 2023 20:33:39 +0800 Subject: [PATCH 1/6] support stats compression --- pkg/bootstrap/config.go | 7 +++++++ pkg/bootstrap/option/instances.go | 4 ++++ tools/packaging/common/envoy_bootstrap.json | 20 +++++++++++++++++++- 3 files changed, 30 insertions(+), 1 deletion(-) diff --git a/pkg/bootstrap/config.go b/pkg/bootstrap/config.go index 4c06c656d470..a3c752ae5b39 100644 --- a/pkg/bootstrap/config.go +++ b/pkg/bootstrap/config.go @@ -274,6 +274,12 @@ func getStatsOptions(meta *model.BootstrapNodeMetadata) []option.Instance { } } + var compression string + // TODO: move annotation to api repo + if statsCompression, ok := meta.Annotations["sidecar.istio.io/statsCompression"]; ok { + compression = statsCompression + } + return []option.Instance{ option.EnvoyStatsMatcherInclusionPrefix(parseOption(prefixAnno, requiredEnvoyStatsMatcherInclusionPrefixes, proxyConfigPrefixes)), @@ -282,6 +288,7 @@ func getStatsOptions(meta *model.BootstrapNodeMetadata) []option.Instance { option.EnvoyStatsMatcherInclusionRegexp(parseOption(RegexAnno, requiredEnvoyStatsMatcherInclusionRegexes, proxyConfigRegexps)), option.EnvoyExtraStatTags(extraStatTags), option.EnvoyHistogramBuckets(buckets), + option.EnvoyStatsCompression(compression), } } diff --git a/pkg/bootstrap/option/instances.go b/pkg/bootstrap/option/instances.go index 2d819af4491a..11d7055a1701 100644 --- a/pkg/bootstrap/option/instances.go +++ b/pkg/bootstrap/option/instances.go @@ -280,3 +280,7 @@ type HistogramBucket struct { func EnvoyHistogramBuckets(value []HistogramBucket) Instance { return newOption("histogram_buckets", value) } + +func EnvoyStatsCompression(value string) Instance { + return newOption("stats_compression", value) +} diff --git a/tools/packaging/common/envoy_bootstrap.json b/tools/packaging/common/envoy_bootstrap.json index b1e42f872d97..33a1c4ef3680 100644 --- a/tools/packaging/common/envoy_bootstrap.json +++ b/tools/packaging/common/envoy_bootstrap.json @@ -543,7 +543,25 @@ } ] }, - "http_filters": [{ + "http_filters": [ + {{- if .stats_compression }} + {{- if eq .stats_compression "gzip"}} + { + "name": "envoy.filters.http.compressor", + "typed_config": { + "@type": "type.googleapis.com/envoy.extensions.filters.http.compressor.v3.Compressor", + "compressor_library": { + "name": "text_optimized", + "typed_config": { + "@type": "type.googleapis.com/envoy.extensions.compression.gzip.compressor.v3.Gzip" + } + }, + "remove_accept_encoding_header": true + } + }, + {{- end }} + {{- end }} + { "name": "envoy.filters.http.router", "typed_config": { "@type": "type.googleapis.com/envoy.extensions.filters.http.router.v3.Router" From 0009d8652831869f9b53cb1501e81f2d4e95c198 Mon Sep 17 00:00:00 2001 From: zirain Date: Wed, 22 Nov 2023 21:06:16 +0800 Subject: [PATCH 2/6] gen --- pkg/bootstrap/testdata/all_golden.json | 3 ++- pkg/bootstrap/testdata/auth_golden.json | 3 ++- pkg/bootstrap/testdata/authsds_golden.json | 3 ++- pkg/bootstrap/testdata/default_golden.json | 3 ++- pkg/bootstrap/testdata/lrs_golden.json | 3 ++- pkg/bootstrap/testdata/metrics_no_statsd_golden.json | 3 ++- pkg/bootstrap/testdata/running_golden.json | 3 ++- pkg/bootstrap/testdata/runningsds_golden.json | 3 ++- pkg/bootstrap/testdata/stats_inclusion_golden.json | 3 ++- pkg/bootstrap/testdata/tracing_datadog_golden.json | 3 ++- pkg/bootstrap/testdata/tracing_lightstep_golden.json | 3 ++- pkg/bootstrap/testdata/tracing_none_golden.json | 3 ++- pkg/bootstrap/testdata/tracing_opencensusagent_golden.json | 3 ++- pkg/bootstrap/testdata/tracing_stackdriver_golden.json | 3 ++- pkg/bootstrap/testdata/tracing_tls_custom_sni_golden.json | 3 ++- pkg/bootstrap/testdata/tracing_tls_golden.json | 3 ++- pkg/bootstrap/testdata/tracing_zipkin_golden.json | 3 ++- pkg/bootstrap/testdata/xdsproxy_golden.json | 3 ++- 18 files changed, 36 insertions(+), 18 deletions(-) diff --git a/pkg/bootstrap/testdata/all_golden.json b/pkg/bootstrap/testdata/all_golden.json index 9382dff6f43e..0b548f16960b 100644 --- a/pkg/bootstrap/testdata/all_golden.json +++ b/pkg/bootstrap/testdata/all_golden.json @@ -431,7 +431,8 @@ } ] }, - "http_filters": [{ + "http_filters": [ + { "name": "envoy.filters.http.router", "typed_config": { "@type": "type.googleapis.com/envoy.extensions.filters.http.router.v3.Router" diff --git a/pkg/bootstrap/testdata/auth_golden.json b/pkg/bootstrap/testdata/auth_golden.json index 4b559d6a77a4..5ce57c64b0eb 100644 --- a/pkg/bootstrap/testdata/auth_golden.json +++ b/pkg/bootstrap/testdata/auth_golden.json @@ -347,7 +347,8 @@ } ] }, - "http_filters": [{ + "http_filters": [ + { "name": "envoy.filters.http.router", "typed_config": { "@type": "type.googleapis.com/envoy.extensions.filters.http.router.v3.Router" diff --git a/pkg/bootstrap/testdata/authsds_golden.json b/pkg/bootstrap/testdata/authsds_golden.json index 3ba78adfb991..43ab6bd93aa0 100644 --- a/pkg/bootstrap/testdata/authsds_golden.json +++ b/pkg/bootstrap/testdata/authsds_golden.json @@ -347,7 +347,8 @@ } ] }, - "http_filters": [{ + "http_filters": [ + { "name": "envoy.filters.http.router", "typed_config": { "@type": "type.googleapis.com/envoy.extensions.filters.http.router.v3.Router" diff --git a/pkg/bootstrap/testdata/default_golden.json b/pkg/bootstrap/testdata/default_golden.json index bd3a71bf7cc9..5215e49ee2e6 100644 --- a/pkg/bootstrap/testdata/default_golden.json +++ b/pkg/bootstrap/testdata/default_golden.json @@ -347,7 +347,8 @@ } ] }, - "http_filters": [{ + "http_filters": [ + { "name": "envoy.filters.http.router", "typed_config": { "@type": "type.googleapis.com/envoy.extensions.filters.http.router.v3.Router" diff --git a/pkg/bootstrap/testdata/lrs_golden.json b/pkg/bootstrap/testdata/lrs_golden.json index ecae0c480a96..bd78e3037ec9 100644 --- a/pkg/bootstrap/testdata/lrs_golden.json +++ b/pkg/bootstrap/testdata/lrs_golden.json @@ -347,7 +347,8 @@ } ] }, - "http_filters": [{ + "http_filters": [ + { "name": "envoy.filters.http.router", "typed_config": { "@type": "type.googleapis.com/envoy.extensions.filters.http.router.v3.Router" diff --git a/pkg/bootstrap/testdata/metrics_no_statsd_golden.json b/pkg/bootstrap/testdata/metrics_no_statsd_golden.json index bcfebbb2c8f2..3f51a4d40796 100644 --- a/pkg/bootstrap/testdata/metrics_no_statsd_golden.json +++ b/pkg/bootstrap/testdata/metrics_no_statsd_golden.json @@ -378,7 +378,8 @@ } ] }, - "http_filters": [{ + "http_filters": [ + { "name": "envoy.filters.http.router", "typed_config": { "@type": "type.googleapis.com/envoy.extensions.filters.http.router.v3.Router" diff --git a/pkg/bootstrap/testdata/running_golden.json b/pkg/bootstrap/testdata/running_golden.json index e959c986b3ca..dc5ca3db901d 100644 --- a/pkg/bootstrap/testdata/running_golden.json +++ b/pkg/bootstrap/testdata/running_golden.json @@ -375,7 +375,8 @@ } ] }, - "http_filters": [{ + "http_filters": [ + { "name": "envoy.filters.http.router", "typed_config": { "@type": "type.googleapis.com/envoy.extensions.filters.http.router.v3.Router" diff --git a/pkg/bootstrap/testdata/runningsds_golden.json b/pkg/bootstrap/testdata/runningsds_golden.json index ed34780df045..596a188380df 100644 --- a/pkg/bootstrap/testdata/runningsds_golden.json +++ b/pkg/bootstrap/testdata/runningsds_golden.json @@ -375,7 +375,8 @@ } ] }, - "http_filters": [{ + "http_filters": [ + { "name": "envoy.filters.http.router", "typed_config": { "@type": "type.googleapis.com/envoy.extensions.filters.http.router.v3.Router" diff --git a/pkg/bootstrap/testdata/stats_inclusion_golden.json b/pkg/bootstrap/testdata/stats_inclusion_golden.json index 5a5f5020586e..7c12f7cddef9 100644 --- a/pkg/bootstrap/testdata/stats_inclusion_golden.json +++ b/pkg/bootstrap/testdata/stats_inclusion_golden.json @@ -441,7 +441,8 @@ } ] }, - "http_filters": [{ + "http_filters": [ + { "name": "envoy.filters.http.router", "typed_config": { "@type": "type.googleapis.com/envoy.extensions.filters.http.router.v3.Router" diff --git a/pkg/bootstrap/testdata/tracing_datadog_golden.json b/pkg/bootstrap/testdata/tracing_datadog_golden.json index 9c9f4c98edf1..213f0a222805 100644 --- a/pkg/bootstrap/testdata/tracing_datadog_golden.json +++ b/pkg/bootstrap/testdata/tracing_datadog_golden.json @@ -369,7 +369,8 @@ } ] }, - "http_filters": [{ + "http_filters": [ + { "name": "envoy.filters.http.router", "typed_config": { "@type": "type.googleapis.com/envoy.extensions.filters.http.router.v3.Router" diff --git a/pkg/bootstrap/testdata/tracing_lightstep_golden.json b/pkg/bootstrap/testdata/tracing_lightstep_golden.json index 4a7835942548..bea72c5c88c5 100644 --- a/pkg/bootstrap/testdata/tracing_lightstep_golden.json +++ b/pkg/bootstrap/testdata/tracing_lightstep_golden.json @@ -377,7 +377,8 @@ } ] }, - "http_filters": [{ + "http_filters": [ + { "name": "envoy.filters.http.router", "typed_config": { "@type": "type.googleapis.com/envoy.extensions.filters.http.router.v3.Router" diff --git a/pkg/bootstrap/testdata/tracing_none_golden.json b/pkg/bootstrap/testdata/tracing_none_golden.json index 63b90137ebf3..ae5c50c6d398 100644 --- a/pkg/bootstrap/testdata/tracing_none_golden.json +++ b/pkg/bootstrap/testdata/tracing_none_golden.json @@ -347,7 +347,8 @@ } ] }, - "http_filters": [{ + "http_filters": [ + { "name": "envoy.filters.http.router", "typed_config": { "@type": "type.googleapis.com/envoy.extensions.filters.http.router.v3.Router" diff --git a/pkg/bootstrap/testdata/tracing_opencensusagent_golden.json b/pkg/bootstrap/testdata/tracing_opencensusagent_golden.json index ed196aaf8de2..7e57c289a222 100644 --- a/pkg/bootstrap/testdata/tracing_opencensusagent_golden.json +++ b/pkg/bootstrap/testdata/tracing_opencensusagent_golden.json @@ -347,7 +347,8 @@ } ] }, - "http_filters": [{ + "http_filters": [ + { "name": "envoy.filters.http.router", "typed_config": { "@type": "type.googleapis.com/envoy.extensions.filters.http.router.v3.Router" diff --git a/pkg/bootstrap/testdata/tracing_stackdriver_golden.json b/pkg/bootstrap/testdata/tracing_stackdriver_golden.json index d0dd510d51e8..dec715544d0d 100644 --- a/pkg/bootstrap/testdata/tracing_stackdriver_golden.json +++ b/pkg/bootstrap/testdata/tracing_stackdriver_golden.json @@ -347,7 +347,8 @@ } ] }, - "http_filters": [{ + "http_filters": [ + { "name": "envoy.filters.http.router", "typed_config": { "@type": "type.googleapis.com/envoy.extensions.filters.http.router.v3.Router" diff --git a/pkg/bootstrap/testdata/tracing_tls_custom_sni_golden.json b/pkg/bootstrap/testdata/tracing_tls_custom_sni_golden.json index 5b623128558b..8cb98324c883 100644 --- a/pkg/bootstrap/testdata/tracing_tls_custom_sni_golden.json +++ b/pkg/bootstrap/testdata/tracing_tls_custom_sni_golden.json @@ -371,7 +371,8 @@ } ] }, - "http_filters": [{ + "http_filters": [ + { "name": "envoy.filters.http.router", "typed_config": { "@type": "type.googleapis.com/envoy.extensions.filters.http.router.v3.Router" diff --git a/pkg/bootstrap/testdata/tracing_tls_golden.json b/pkg/bootstrap/testdata/tracing_tls_golden.json index 91047d375498..90db880f0e97 100644 --- a/pkg/bootstrap/testdata/tracing_tls_golden.json +++ b/pkg/bootstrap/testdata/tracing_tls_golden.json @@ -371,7 +371,8 @@ } ] }, - "http_filters": [{ + "http_filters": [ + { "name": "envoy.filters.http.router", "typed_config": { "@type": "type.googleapis.com/envoy.extensions.filters.http.router.v3.Router" diff --git a/pkg/bootstrap/testdata/tracing_zipkin_golden.json b/pkg/bootstrap/testdata/tracing_zipkin_golden.json index 269b6cefaa51..fa0e6d23c125 100644 --- a/pkg/bootstrap/testdata/tracing_zipkin_golden.json +++ b/pkg/bootstrap/testdata/tracing_zipkin_golden.json @@ -370,7 +370,8 @@ } ] }, - "http_filters": [{ + "http_filters": [ + { "name": "envoy.filters.http.router", "typed_config": { "@type": "type.googleapis.com/envoy.extensions.filters.http.router.v3.Router" diff --git a/pkg/bootstrap/testdata/xdsproxy_golden.json b/pkg/bootstrap/testdata/xdsproxy_golden.json index f5eb41580180..c668d620c06f 100644 --- a/pkg/bootstrap/testdata/xdsproxy_golden.json +++ b/pkg/bootstrap/testdata/xdsproxy_golden.json @@ -347,7 +347,8 @@ } ] }, - "http_filters": [{ + "http_filters": [ + { "name": "envoy.filters.http.router", "typed_config": { "@type": "type.googleapis.com/envoy.extensions.filters.http.router.v3.Router" From 699c311e9f7b0acdcf6840cd5f64c544f7c2a9bc Mon Sep 17 00:00:00 2001 From: zirain Date: Wed, 22 Nov 2023 21:16:42 +0800 Subject: [PATCH 3/6] gen test --- pkg/bootstrap/instance_test.go | 6 + .../testdata/stats_compression_gzip.proxycfg | 14 + .../stats_compression_gzip_golden.json | 566 ++++++++++++++++++ 3 files changed, 586 insertions(+) create mode 100644 pkg/bootstrap/testdata/stats_compression_gzip.proxycfg create mode 100644 pkg/bootstrap/testdata/stats_compression_gzip_golden.json diff --git a/pkg/bootstrap/instance_test.go b/pkg/bootstrap/instance_test.go index 318e906ddbe3..1e8e1e8fd09a 100644 --- a/pkg/bootstrap/instance_test.go +++ b/pkg/bootstrap/instance_test.go @@ -285,6 +285,12 @@ func TestGolden(t *testing.T) { "ISTIO_META_LOAD_STATS_CONFIG_JSON": `{"api_type": "GRPC", "transport_api_version": "V3"}`, }, }, + { + base: "stats_compression_gzip", + annotations: map[string]string{ + "sidecar.istio.io/statsCompression": "gzip", + }, + }, } test.SetForTest(t, &version.Info.Version, "binary-1.0") diff --git a/pkg/bootstrap/testdata/stats_compression_gzip.proxycfg b/pkg/bootstrap/testdata/stats_compression_gzip.proxycfg new file mode 100644 index 000000000000..2b9b504c5088 --- /dev/null +++ b/pkg/bootstrap/testdata/stats_compression_gzip.proxycfg @@ -0,0 +1,14 @@ +config_path: "/etc/istio/proxy" +binary_path: "/usr/local/bin/envoy" +service_cluster: "istio-proxy" +drain_duration: {seconds: 5} +discovery_address: "mypilot:15011" +statsd_udp_address: "10.1.1.1:9125" +envoy_metrics_service: {address: "metrics-service:15000", tls_settings: { mode: MUTUAL, client_certificate: "/etc/istio/ms/client.pem", private_key: "/etc/istio/ms/key.pem", ca_certificates: "/etc/istio/ms/ca.pem"}} +envoy_access_log_service: {address: "accesslog-service:15000"} +proxy_admin_port: 15005 +control_plane_auth_policy: MUTUAL_TLS +stat_name_length: 200 +tracing: { zipkin: { address: "localhost:6000" } } + +# Sets all relevant options to values different than default diff --git a/pkg/bootstrap/testdata/stats_compression_gzip_golden.json b/pkg/bootstrap/testdata/stats_compression_gzip_golden.json new file mode 100644 index 000000000000..8fae3e9bfc73 --- /dev/null +++ b/pkg/bootstrap/testdata/stats_compression_gzip_golden.json @@ -0,0 +1,566 @@ +{ + "node": { + "id": "sidecar~1.2.3.4~foo~bar", + "cluster": "istio-proxy", + "locality": { + }, + "metadata": {"ANNOTATIONS":{"sidecar.istio.io/statsCompression":"gzip"},"ENVOY_PROMETHEUS_PORT":15090,"ENVOY_STATUS_PORT":15021,"INSTANCE_IPS":"10.3.3.3,10.4.4.4,10.5.5.5,10.6.6.6","ISTIO_VERSION":"binary-1.0","OUTLIER_LOG_PATH":"/dev/stdout","PILOT_SAN":["spiffe://cluster.local/ns/istio-system/sa/istio-pilot-service-account"],"PROXY_CONFIG":{"binaryPath":"/usr/local/bin/envoy","configPath":"/tmp/bootstrap/stats_compression_gzip","controlPlaneAuthPolicy":"MUTUAL_TLS","customConfigFile":"envoy_bootstrap.json","discoveryAddress":"mypilot:15011","drainDuration":"5s","envoyAccessLogService":{"address":"accesslog-service:15000"},"envoyMetricsService":{"address":"metrics-service:15000","tlsSettings":{"caCertificates":"/etc/istio/ms/ca.pem","clientCertificate":"/etc/istio/ms/client.pem","mode":"MUTUAL","privateKey":"/etc/istio/ms/key.pem"}},"proxyAdminPort":15005,"serviceCluster":"istio-proxy","statNameLength":200,"statsdUdpAddress":"10.1.1.1:9125","statusPort":15020,"tracing":{"zipkin":{"address":"localhost:6000"}}},"sidecar.istio.io/statsCompression":"gzip"} + }, + "layered_runtime": { + "layers": [ + { + "name": "global config", + "static_layer": {"envoy.deprecated_features:envoy.config.listener.v3.Listener.hidden_envoy_deprecated_use_original_dst":true,"envoy.reloadable_features.http_reject_path_with_fragment":false,"overload.global_downstream_max_connections":"2147483647","re2.max_program_size.error_level":"32768"} + }, + { + "name": "admin", + "admin_layer": {} + } + ] + }, + "bootstrap_extensions": [ + { + "name": "envoy.bootstrap.internal_listener", + "typed_config": { + "@type":"type.googleapis.com/udpa.type.v1.TypedStruct", + "type_url": "type.googleapis.com/envoy.extensions.bootstrap.internal_listener.v3.InternalListener", + "value": { + "buffer_size_kb": 64 + } + } + } + ], + "stats_config": { + "use_all_default_tags": false, + "stats_tags": [ + { + "tag_name": "cluster_name", + "regex": "^cluster\\.((.+?(\\..+?\\.svc\\.cluster\\.local)?)\\.)" + }, + { + "tag_name": "tcp_prefix", + "regex": "^tcp\\.((.*?)\\.)\\w+?$" + }, + { + "regex": "_rq(_(\\d{3}))$", + "tag_name": "response_code" + }, + { + "tag_name": "response_code_class", + "regex": "_rq(_(\\dxx))$" + }, + { + "tag_name": "http_conn_manager_listener_prefix", + "regex": "^listener(?=\\.).*?\\.http\\.(((?:[_.[:digit:]]*|[_\\[\\]aAbBcCdDeEfF[:digit:]]*))\\.)" + }, + { + "tag_name": "http_conn_manager_prefix", + "regex": "^http\\.(((?:[_.[:digit:]]*|[_\\[\\]aAbBcCdDeEfF[:digit:]]*))\\.)" + }, + { + "tag_name": "listener_address", + "regex": "^listener\\.(((?:[_.[:digit:]]*|[_\\[\\]aAbBcCdDeEfF[:digit:]]*))\\.)" + }, + { + "tag_name": "mongo_prefix", + "regex": "^mongo\\.(.+?)\\.(collection|cmd|cx_|op_|delays_|decoding_)(.*?)$" + }, + { + "regex": "(cache\\.(.+?)\\.)", + "tag_name": "cache" + }, + { + "regex": "(component\\.(.+?)\\.)", + "tag_name": "component" + }, + { + "regex": "(tag\\.(.+?);\\.)", + "tag_name": "tag" + }, + { + "regex": "(wasm_filter\\.(.+?)\\.)", + "tag_name": "wasm_filter" + }, + { + "tag_name": "authz_enforce_result", + "regex": "rbac(\\.(allowed|denied))" + }, + { + "tag_name": "authz_dry_run_action", + "regex": "(\\.istio_dry_run_(allow|deny)_)" + }, + { + "tag_name": "authz_dry_run_result", + "regex": "(\\.shadow_(allowed|denied))" + } + ], + "stats_matcher": { + "inclusion_list": { + "patterns": [ + { + "prefix": "reporter=" + }, + { + "prefix": "cluster_manager" + }, + { + "prefix": "listener_manager" + }, + { + "prefix": "server" + }, + { + "prefix": "cluster.xds-grpc" + }, + { + "prefix": "wasm" + }, + { + "suffix": "rbac.allowed" + }, + { + "suffix": "rbac.denied" + }, + { + "suffix": "shadow_allowed" + }, + { + "suffix": "shadow_denied" + }, + { + "safe_regex": {"regex":"vhost\\.*\\.route\\.*"} + }, + { + "prefix": "component" + }, + { + "prefix": "istio" + } + ] + } + } + }, + "admin": { + "access_log": [ + { + "name": "envoy.access_loggers.file", + "typed_config": { + "@type": "type.googleapis.com/envoy.extensions.access_loggers.file.v3.FileAccessLog", + "path": "/dev/null" + } + } + ], + "profile_path": "/var/lib/istio/data/envoy.prof", + "address": { + "socket_address": { + "address": "127.0.0.1", + "port_value": 15005 + } + } + }, + "dynamic_resources": { + "lds_config": { + "ads": {}, + "initial_fetch_timeout": "0s", + "resource_api_version": "V3" + }, + "cds_config": { + "ads": {}, + "initial_fetch_timeout": "0s", + "resource_api_version": "V3" + }, + "ads_config": { + "api_type": "GRPC", + "set_node_on_first_message_only": true, + "transport_api_version": "V3", + "grpc_services": [ + { + "envoy_grpc": { + "cluster_name": "xds-grpc" + } + } + ] + } + }, + "static_resources": { + "clusters": [ + { + "name": "prometheus_stats", + "type": "STATIC", + "connect_timeout": "0.250s", + "lb_policy": "ROUND_ROBIN", + "load_assignment": { + "cluster_name": "prometheus_stats", + "endpoints": [{ + "lb_endpoints": [{ + "endpoint": { + "address":{ + "socket_address": { + "protocol": "TCP", + "address": "127.0.0.1", + "port_value": 15005 + } + } + } + }] + }] + } + }, + { + "name": "agent", + "type": "STATIC", + "connect_timeout": "0.250s", + "lb_policy": "ROUND_ROBIN", + "load_assignment": { + "cluster_name": "agent", + "endpoints": [{ + "lb_endpoints": [{ + "endpoint": { + "address":{ + "socket_address": { + "protocol": "TCP", + "address": "127.0.0.1", + "port_value": 15020 + } + } + } + }] + }] + } + }, + { + "name": "sds-grpc", + "type": "STATIC", + "typed_extension_protocol_options": { + "envoy.extensions.upstreams.http.v3.HttpProtocolOptions": { + "@type": "type.googleapis.com/envoy.extensions.upstreams.http.v3.HttpProtocolOptions", + "explicit_http_config": { + "http2_protocol_options": {} + } + } + }, + "connect_timeout": "1s", + "lb_policy": "ROUND_ROBIN", + "load_assignment": { + "cluster_name": "sds-grpc", + "endpoints": [{ + "lb_endpoints": [{ + "endpoint": { + "address":{ + "pipe": { + "path": "./var/run/secrets/workload-spiffe-uds/socket" + } + } + } + }] + }] + } + }, + { + "name": "xds-grpc", + "type" : "STATIC", + "connect_timeout": "1s", + "lb_policy": "ROUND_ROBIN", + "load_assignment": { + "cluster_name": "xds-grpc", + "endpoints": [{ + "lb_endpoints": [{ + "endpoint": { + "address":{ + "pipe": { + "path": "/tmp/XDS" + } + } + } + }] + }] + }, + "circuit_breakers": { + "thresholds": [ + { + "priority": "DEFAULT", + "max_connections": 100000, + "max_pending_requests": 100000, + "max_requests": 100000 + }, + { + "priority": "HIGH", + "max_connections": 100000, + "max_pending_requests": 100000, + "max_requests": 100000 + } + ] + }, + "upstream_connection_options": { + "tcp_keepalive": { + "keepalive_time": 300 + } + }, + "max_requests_per_connection": 1, + "typed_extension_protocol_options": { + "envoy.extensions.upstreams.http.v3.HttpProtocolOptions": { + "@type": "type.googleapis.com/envoy.extensions.upstreams.http.v3.HttpProtocolOptions", + "explicit_http_config": { + "http2_protocol_options": {} + } + } + } + } + + , + { + "name": "zipkin", + "type": "STRICT_DNS", + "respect_dns_ttl": true, + "dns_lookup_family": "V4_ONLY", + "dns_refresh_rate": "30s", + "connect_timeout": "1s", + "lb_policy": "ROUND_ROBIN", + "load_assignment": { + "cluster_name": "zipkin", + "endpoints": [{ + "lb_endpoints": [{ + "endpoint": { + "address":{ + "socket_address": {"address": "localhost", "port_value": 6000} + } + } + }] + }] + } + } + + , + { + "name": "envoy_metrics_service", + "type": "STRICT_DNS", + "transport_socket": {"name":"envoy.transport_sockets.tls","typed_config":{"@type":"type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.UpstreamTlsContext","common_tls_context":{"alpn_protocols":["h2"],"combined_validation_context":{"default_validation_context":{},"validation_context_sds_secret_config":{"name":"file-root:/etc/istio/ms/ca.pem","sds_config":{"api_config_source":{"api_type":"GRPC","grpc_services":[{"envoy_grpc":{"cluster_name":"sds-grpc"}}],"set_node_on_first_message_only":true,"transport_api_version":"V3"},"resource_api_version":"V3"}}},"tls_certificate_sds_secret_configs":[{"name":"file-cert:/etc/istio/ms/client.pem~/etc/istio/ms/key.pem","sds_config":{"api_config_source":{"api_type":"GRPC","grpc_services":[{"envoy_grpc":{"cluster_name":"sds-grpc"}}],"set_node_on_first_message_only":true,"transport_api_version":"V3"},"resource_api_version":"V3"}}]}}}, + "respect_dns_ttl": true, + "dns_lookup_family": "V4_ONLY", + "connect_timeout": "1s", + "lb_policy": "ROUND_ROBIN", + "typed_extension_protocol_options": { + "envoy.extensions.upstreams.http.v3.HttpProtocolOptions": { + "@type": "type.googleapis.com/envoy.extensions.upstreams.http.v3.HttpProtocolOptions", + "explicit_http_config": { + "http2_protocol_options": {} + } + } + }, + "load_assignment": { + "cluster_name": "envoy_metrics_service", + "endpoints": [{ + "lb_endpoints": [{ + "endpoint": { + "address":{ + "socket_address": {"address": "metrics-service", "port_value": 15000} + } + } + }] + }] + } + } + + + , + { + "name": "envoy_accesslog_service", + "type": "STRICT_DNS", + "respect_dns_ttl": true, + "dns_lookup_family": "V4_ONLY", + "connect_timeout": "1s", + "lb_policy": "ROUND_ROBIN", + "typed_extension_protocol_options": { + "envoy.extensions.upstreams.http.v3.HttpProtocolOptions": { + "@type": "type.googleapis.com/envoy.extensions.upstreams.http.v3.HttpProtocolOptions", + "explicit_http_config": { + "http2_protocol_options": {} + } + } + }, + "load_assignment": { + "cluster_name": "envoy_accesslog_service", + "endpoints": [{ + "lb_endpoints": [{ + "endpoint": { + "address":{ + "socket_address": {"address": "accesslog-service", "port_value": 15000} + } + } + }] + }] + } + } + + ], + "listeners":[ + { + "address": { + "socket_address": { + "protocol": "TCP", + "address": "0.0.0.0", + "port_value": 15090 + } + }, + "filter_chains": [ + { + "filters": [ + { + "name": "envoy.filters.network.http_connection_manager", + "typed_config": { + "@type": "type.googleapis.com/envoy.extensions.filters.network.http_connection_manager.v3.HttpConnectionManager", + "codec_type": "AUTO", + "stat_prefix": "stats", + "route_config": { + "virtual_hosts": [ + { + "name": "backend", + "domains": [ + "*" + ], + "routes": [ + { + "match": { + "prefix": "/stats/prometheus" + }, + "route": { + "cluster": "prometheus_stats" + } + } + ] + } + ] + }, + "http_filters": [ + { + "name": "envoy.filters.http.compressor", + "typed_config": { + "@type": "type.googleapis.com/envoy.extensions.filters.http.compressor.v3.Compressor", + "compressor_library": { + "name": "text_optimized", + "typed_config": { + "@type": "type.googleapis.com/envoy.extensions.compression.gzip.compressor.v3.Gzip" + } + }, + "remove_accept_encoding_header": true + } + }, + { + "name": "envoy.filters.http.router", + "typed_config": { + "@type": "type.googleapis.com/envoy.extensions.filters.http.router.v3.Router" + } + }] + } + } + ] + } + ] + }, + { + "address": { + "socket_address": { + "protocol": "TCP", + "address": "0.0.0.0", + "port_value": 15021 + } + }, + "filter_chains": [ + { + "filters": [ + { + "name": "envoy.filters.network.http_connection_manager", + "typed_config": { + "@type": "type.googleapis.com/envoy.extensions.filters.network.http_connection_manager.v3.HttpConnectionManager", + "codec_type": "AUTO", + "stat_prefix": "agent", + "route_config": { + "virtual_hosts": [ + { + "name": "backend", + "domains": [ + "*" + ], + "routes": [ + { + "match": { + "prefix": "/healthz/ready" + }, + "route": { + "cluster": "agent" + } + } + ] + } + ] + }, + "http_filters": [{ + "name": "envoy.filters.http.router", + "typed_config": { + "@type": "type.googleapis.com/envoy.extensions.filters.http.router.v3.Router" + } + }] + } + } + ] + } + ] + } + ] + } + , + "tracing": { + "http": { + "name": "envoy.tracers.zipkin", + "typed_config": { + "@type": "type.googleapis.com/envoy.config.trace.v3.ZipkinConfig", + "collector_cluster": "zipkin", + "collector_endpoint": "/api/v2/spans", + "collector_endpoint_version": "HTTP_JSON", + "trace_id_128bit": true, + "shared_span_context": false + } + } + } + + , + "stats_sinks": [ + + { + "name": "envoy.stat_sinks.metrics_service", + "typed_config": { + "@type": "type.googleapis.com/envoy.config.metrics.v3.MetricsServiceConfig", + "transport_api_version": "V3", + "grpc_service": { + "envoy_grpc": { + "cluster_name": "envoy_metrics_service" + } + } + } + } + + + , + + + { + "name": "envoy.stat_sinks.statsd", + "typed_config": { + "@type": "type.googleapis.com/envoy.config.metrics.v3.StatsdSink", + "address": { + "socket_address": {"address": "10.1.1.1", "port_value": 9125} + } + } + } + + ] + + + , + "cluster_manager": { + "outlier_detection": { + "event_log_path": "/dev/stdout" + } + } + +} From db1ef5221e50f15fb3b4bcd159c45b9f764a56b3 Mon Sep 17 00:00:00 2001 From: zirain Date: Thu, 23 Nov 2023 10:21:02 +0800 Subject: [PATCH 4/6] support more compressor lib --- pkg/bootstrap/config.go | 10 +- pkg/bootstrap/instance_test.go | 18 + .../stats_compression_brotli.proxycfg | 14 + .../stats_compression_brotli_golden.json | 565 ++++++++++++++++++ .../stats_compression_gzip_golden.json | 5 +- .../stats_compression_unknown.proxycfg | 14 + .../stats_compression_unknown_golden.json | 553 +++++++++++++++++ .../testdata/stats_compression_zstd.proxycfg | 14 + .../stats_compression_zstd_golden.json | 565 ++++++++++++++++++ tools/packaging/common/envoy_bootstrap.json | 23 +- 10 files changed, 1772 insertions(+), 9 deletions(-) create mode 100644 pkg/bootstrap/testdata/stats_compression_brotli.proxycfg create mode 100644 pkg/bootstrap/testdata/stats_compression_brotli_golden.json create mode 100644 pkg/bootstrap/testdata/stats_compression_unknown.proxycfg create mode 100644 pkg/bootstrap/testdata/stats_compression_unknown_golden.json create mode 100644 pkg/bootstrap/testdata/stats_compression_zstd.proxycfg create mode 100644 pkg/bootstrap/testdata/stats_compression_zstd_golden.json diff --git a/pkg/bootstrap/config.go b/pkg/bootstrap/config.go index a3c752ae5b39..921b3ed33bf5 100644 --- a/pkg/bootstrap/config.go +++ b/pkg/bootstrap/config.go @@ -276,7 +276,7 @@ func getStatsOptions(meta *model.BootstrapNodeMetadata) []option.Instance { var compression string // TODO: move annotation to api repo - if statsCompression, ok := meta.Annotations["sidecar.istio.io/statsCompression"]; ok { + if statsCompression, ok := meta.Annotations["sidecar.istio.io/statsCompression"]; ok && envoyWellKnownCompressorLibrary.Contains(statsCompression) { compression = statsCompression } @@ -292,6 +292,14 @@ func getStatsOptions(meta *model.BootstrapNodeMetadata) []option.Instance { } } +var ( + envoyWellKnownCompressorLibrary = sets.String{ + "gzip": {}, + "zstd": {}, + "brotli": {}, + } +) + func lightstepAccessTokenFile(config string) string { return path.Join(config, lightstepAccessTokenBase) } diff --git a/pkg/bootstrap/instance_test.go b/pkg/bootstrap/instance_test.go index 1e8e1e8fd09a..a8f9b1938c4a 100644 --- a/pkg/bootstrap/instance_test.go +++ b/pkg/bootstrap/instance_test.go @@ -291,6 +291,24 @@ func TestGolden(t *testing.T) { "sidecar.istio.io/statsCompression": "gzip", }, }, + { + base: "stats_compression_brotli", + annotations: map[string]string{ + "sidecar.istio.io/statsCompression": "brotli", + }, + }, + { + base: "stats_compression_zstd", + annotations: map[string]string{ + "sidecar.istio.io/statsCompression": "zstd", + }, + }, + { + base: "stats_compression_unknown", + annotations: map[string]string{ + "sidecar.istio.io/statsCompression": "unknown", + }, + }, } test.SetForTest(t, &version.Info.Version, "binary-1.0") diff --git a/pkg/bootstrap/testdata/stats_compression_brotli.proxycfg b/pkg/bootstrap/testdata/stats_compression_brotli.proxycfg new file mode 100644 index 000000000000..2b9b504c5088 --- /dev/null +++ b/pkg/bootstrap/testdata/stats_compression_brotli.proxycfg @@ -0,0 +1,14 @@ +config_path: "/etc/istio/proxy" +binary_path: "/usr/local/bin/envoy" +service_cluster: "istio-proxy" +drain_duration: {seconds: 5} +discovery_address: "mypilot:15011" +statsd_udp_address: "10.1.1.1:9125" +envoy_metrics_service: {address: "metrics-service:15000", tls_settings: { mode: MUTUAL, client_certificate: "/etc/istio/ms/client.pem", private_key: "/etc/istio/ms/key.pem", ca_certificates: "/etc/istio/ms/ca.pem"}} +envoy_access_log_service: {address: "accesslog-service:15000"} +proxy_admin_port: 15005 +control_plane_auth_policy: MUTUAL_TLS +stat_name_length: 200 +tracing: { zipkin: { address: "localhost:6000" } } + +# Sets all relevant options to values different than default diff --git a/pkg/bootstrap/testdata/stats_compression_brotli_golden.json b/pkg/bootstrap/testdata/stats_compression_brotli_golden.json new file mode 100644 index 000000000000..77526585b3de --- /dev/null +++ b/pkg/bootstrap/testdata/stats_compression_brotli_golden.json @@ -0,0 +1,565 @@ +{ + "node": { + "id": "sidecar~1.2.3.4~foo~bar", + "cluster": "istio-proxy", + "locality": { + }, + "metadata": {"ANNOTATIONS":{"sidecar.istio.io/statsCompression":"brotli"},"ENVOY_PROMETHEUS_PORT":15090,"ENVOY_STATUS_PORT":15021,"INSTANCE_IPS":"10.3.3.3,10.4.4.4,10.5.5.5,10.6.6.6","ISTIO_VERSION":"binary-1.0","OUTLIER_LOG_PATH":"/dev/stdout","PILOT_SAN":["spiffe://cluster.local/ns/istio-system/sa/istio-pilot-service-account"],"PROXY_CONFIG":{"binaryPath":"/usr/local/bin/envoy","configPath":"/tmp/bootstrap/stats_compression_brotli","controlPlaneAuthPolicy":"MUTUAL_TLS","customConfigFile":"envoy_bootstrap.json","discoveryAddress":"mypilot:15011","drainDuration":"5s","envoyAccessLogService":{"address":"accesslog-service:15000"},"envoyMetricsService":{"address":"metrics-service:15000","tlsSettings":{"caCertificates":"/etc/istio/ms/ca.pem","clientCertificate":"/etc/istio/ms/client.pem","mode":"MUTUAL","privateKey":"/etc/istio/ms/key.pem"}},"proxyAdminPort":15005,"serviceCluster":"istio-proxy","statNameLength":200,"statsdUdpAddress":"10.1.1.1:9125","statusPort":15020,"tracing":{"zipkin":{"address":"localhost:6000"}}},"sidecar.istio.io/statsCompression":"brotli"} + }, + "layered_runtime": { + "layers": [ + { + "name": "global config", + "static_layer": {"envoy.deprecated_features:envoy.config.listener.v3.Listener.hidden_envoy_deprecated_use_original_dst":true,"envoy.reloadable_features.http_reject_path_with_fragment":false,"overload.global_downstream_max_connections":"2147483647","re2.max_program_size.error_level":"32768"} + }, + { + "name": "admin", + "admin_layer": {} + } + ] + }, + "bootstrap_extensions": [ + { + "name": "envoy.bootstrap.internal_listener", + "typed_config": { + "@type":"type.googleapis.com/udpa.type.v1.TypedStruct", + "type_url": "type.googleapis.com/envoy.extensions.bootstrap.internal_listener.v3.InternalListener", + "value": { + "buffer_size_kb": 64 + } + } + } + ], + "stats_config": { + "use_all_default_tags": false, + "stats_tags": [ + { + "tag_name": "cluster_name", + "regex": "^cluster\\.((.+?(\\..+?\\.svc\\.cluster\\.local)?)\\.)" + }, + { + "tag_name": "tcp_prefix", + "regex": "^tcp\\.((.*?)\\.)\\w+?$" + }, + { + "regex": "_rq(_(\\d{3}))$", + "tag_name": "response_code" + }, + { + "tag_name": "response_code_class", + "regex": "_rq(_(\\dxx))$" + }, + { + "tag_name": "http_conn_manager_listener_prefix", + "regex": "^listener(?=\\.).*?\\.http\\.(((?:[_.[:digit:]]*|[_\\[\\]aAbBcCdDeEfF[:digit:]]*))\\.)" + }, + { + "tag_name": "http_conn_manager_prefix", + "regex": "^http\\.(((?:[_.[:digit:]]*|[_\\[\\]aAbBcCdDeEfF[:digit:]]*))\\.)" + }, + { + "tag_name": "listener_address", + "regex": "^listener\\.(((?:[_.[:digit:]]*|[_\\[\\]aAbBcCdDeEfF[:digit:]]*))\\.)" + }, + { + "tag_name": "mongo_prefix", + "regex": "^mongo\\.(.+?)\\.(collection|cmd|cx_|op_|delays_|decoding_)(.*?)$" + }, + { + "regex": "(cache\\.(.+?)\\.)", + "tag_name": "cache" + }, + { + "regex": "(component\\.(.+?)\\.)", + "tag_name": "component" + }, + { + "regex": "(tag\\.(.+?);\\.)", + "tag_name": "tag" + }, + { + "regex": "(wasm_filter\\.(.+?)\\.)", + "tag_name": "wasm_filter" + }, + { + "tag_name": "authz_enforce_result", + "regex": "rbac(\\.(allowed|denied))" + }, + { + "tag_name": "authz_dry_run_action", + "regex": "(\\.istio_dry_run_(allow|deny)_)" + }, + { + "tag_name": "authz_dry_run_result", + "regex": "(\\.shadow_(allowed|denied))" + } + ], + "stats_matcher": { + "inclusion_list": { + "patterns": [ + { + "prefix": "reporter=" + }, + { + "prefix": "cluster_manager" + }, + { + "prefix": "listener_manager" + }, + { + "prefix": "server" + }, + { + "prefix": "cluster.xds-grpc" + }, + { + "prefix": "wasm" + }, + { + "suffix": "rbac.allowed" + }, + { + "suffix": "rbac.denied" + }, + { + "suffix": "shadow_allowed" + }, + { + "suffix": "shadow_denied" + }, + { + "safe_regex": {"regex":"vhost\\.*\\.route\\.*"} + }, + { + "prefix": "component" + }, + { + "prefix": "istio" + } + ] + } + } + }, + "admin": { + "access_log": [ + { + "name": "envoy.access_loggers.file", + "typed_config": { + "@type": "type.googleapis.com/envoy.extensions.access_loggers.file.v3.FileAccessLog", + "path": "/dev/null" + } + } + ], + "profile_path": "/var/lib/istio/data/envoy.prof", + "address": { + "socket_address": { + "address": "127.0.0.1", + "port_value": 15005 + } + } + }, + "dynamic_resources": { + "lds_config": { + "ads": {}, + "initial_fetch_timeout": "0s", + "resource_api_version": "V3" + }, + "cds_config": { + "ads": {}, + "initial_fetch_timeout": "0s", + "resource_api_version": "V3" + }, + "ads_config": { + "api_type": "GRPC", + "set_node_on_first_message_only": true, + "transport_api_version": "V3", + "grpc_services": [ + { + "envoy_grpc": { + "cluster_name": "xds-grpc" + } + } + ] + } + }, + "static_resources": { + "clusters": [ + { + "name": "prometheus_stats", + "type": "STATIC", + "connect_timeout": "0.250s", + "lb_policy": "ROUND_ROBIN", + "load_assignment": { + "cluster_name": "prometheus_stats", + "endpoints": [{ + "lb_endpoints": [{ + "endpoint": { + "address":{ + "socket_address": { + "protocol": "TCP", + "address": "127.0.0.1", + "port_value": 15005 + } + } + } + }] + }] + } + }, + { + "name": "agent", + "type": "STATIC", + "connect_timeout": "0.250s", + "lb_policy": "ROUND_ROBIN", + "load_assignment": { + "cluster_name": "agent", + "endpoints": [{ + "lb_endpoints": [{ + "endpoint": { + "address":{ + "socket_address": { + "protocol": "TCP", + "address": "127.0.0.1", + "port_value": 15020 + } + } + } + }] + }] + } + }, + { + "name": "sds-grpc", + "type": "STATIC", + "typed_extension_protocol_options": { + "envoy.extensions.upstreams.http.v3.HttpProtocolOptions": { + "@type": "type.googleapis.com/envoy.extensions.upstreams.http.v3.HttpProtocolOptions", + "explicit_http_config": { + "http2_protocol_options": {} + } + } + }, + "connect_timeout": "1s", + "lb_policy": "ROUND_ROBIN", + "load_assignment": { + "cluster_name": "sds-grpc", + "endpoints": [{ + "lb_endpoints": [{ + "endpoint": { + "address":{ + "pipe": { + "path": "./var/run/secrets/workload-spiffe-uds/socket" + } + } + } + }] + }] + } + }, + { + "name": "xds-grpc", + "type" : "STATIC", + "connect_timeout": "1s", + "lb_policy": "ROUND_ROBIN", + "load_assignment": { + "cluster_name": "xds-grpc", + "endpoints": [{ + "lb_endpoints": [{ + "endpoint": { + "address":{ + "pipe": { + "path": "/tmp/XDS" + } + } + } + }] + }] + }, + "circuit_breakers": { + "thresholds": [ + { + "priority": "DEFAULT", + "max_connections": 100000, + "max_pending_requests": 100000, + "max_requests": 100000 + }, + { + "priority": "HIGH", + "max_connections": 100000, + "max_pending_requests": 100000, + "max_requests": 100000 + } + ] + }, + "upstream_connection_options": { + "tcp_keepalive": { + "keepalive_time": 300 + } + }, + "max_requests_per_connection": 1, + "typed_extension_protocol_options": { + "envoy.extensions.upstreams.http.v3.HttpProtocolOptions": { + "@type": "type.googleapis.com/envoy.extensions.upstreams.http.v3.HttpProtocolOptions", + "explicit_http_config": { + "http2_protocol_options": {} + } + } + } + } + + , + { + "name": "zipkin", + "type": "STRICT_DNS", + "respect_dns_ttl": true, + "dns_lookup_family": "V4_ONLY", + "dns_refresh_rate": "30s", + "connect_timeout": "1s", + "lb_policy": "ROUND_ROBIN", + "load_assignment": { + "cluster_name": "zipkin", + "endpoints": [{ + "lb_endpoints": [{ + "endpoint": { + "address":{ + "socket_address": {"address": "localhost", "port_value": 6000} + } + } + }] + }] + } + } + + , + { + "name": "envoy_metrics_service", + "type": "STRICT_DNS", + "transport_socket": {"name":"envoy.transport_sockets.tls","typed_config":{"@type":"type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.UpstreamTlsContext","common_tls_context":{"alpn_protocols":["h2"],"combined_validation_context":{"default_validation_context":{},"validation_context_sds_secret_config":{"name":"file-root:/etc/istio/ms/ca.pem","sds_config":{"api_config_source":{"api_type":"GRPC","grpc_services":[{"envoy_grpc":{"cluster_name":"sds-grpc"}}],"set_node_on_first_message_only":true,"transport_api_version":"V3"},"resource_api_version":"V3"}}},"tls_certificate_sds_secret_configs":[{"name":"file-cert:/etc/istio/ms/client.pem~/etc/istio/ms/key.pem","sds_config":{"api_config_source":{"api_type":"GRPC","grpc_services":[{"envoy_grpc":{"cluster_name":"sds-grpc"}}],"set_node_on_first_message_only":true,"transport_api_version":"V3"},"resource_api_version":"V3"}}]}}}, + "respect_dns_ttl": true, + "dns_lookup_family": "V4_ONLY", + "connect_timeout": "1s", + "lb_policy": "ROUND_ROBIN", + "typed_extension_protocol_options": { + "envoy.extensions.upstreams.http.v3.HttpProtocolOptions": { + "@type": "type.googleapis.com/envoy.extensions.upstreams.http.v3.HttpProtocolOptions", + "explicit_http_config": { + "http2_protocol_options": {} + } + } + }, + "load_assignment": { + "cluster_name": "envoy_metrics_service", + "endpoints": [{ + "lb_endpoints": [{ + "endpoint": { + "address":{ + "socket_address": {"address": "metrics-service", "port_value": 15000} + } + } + }] + }] + } + } + + + , + { + "name": "envoy_accesslog_service", + "type": "STRICT_DNS", + "respect_dns_ttl": true, + "dns_lookup_family": "V4_ONLY", + "connect_timeout": "1s", + "lb_policy": "ROUND_ROBIN", + "typed_extension_protocol_options": { + "envoy.extensions.upstreams.http.v3.HttpProtocolOptions": { + "@type": "type.googleapis.com/envoy.extensions.upstreams.http.v3.HttpProtocolOptions", + "explicit_http_config": { + "http2_protocol_options": {} + } + } + }, + "load_assignment": { + "cluster_name": "envoy_accesslog_service", + "endpoints": [{ + "lb_endpoints": [{ + "endpoint": { + "address":{ + "socket_address": {"address": "accesslog-service", "port_value": 15000} + } + } + }] + }] + } + } + + ], + "listeners":[ + { + "address": { + "socket_address": { + "protocol": "TCP", + "address": "0.0.0.0", + "port_value": 15090 + } + }, + "filter_chains": [ + { + "filters": [ + { + "name": "envoy.filters.network.http_connection_manager", + "typed_config": { + "@type": "type.googleapis.com/envoy.extensions.filters.network.http_connection_manager.v3.HttpConnectionManager", + "codec_type": "AUTO", + "stat_prefix": "stats", + "route_config": { + "virtual_hosts": [ + { + "name": "backend", + "domains": [ + "*" + ], + "routes": [ + { + "match": { + "prefix": "/stats/prometheus" + }, + "route": { + "cluster": "prometheus_stats" + } + } + ] + } + ] + }, + "http_filters": [ + { + "name": "envoy.filters.http.compressor", + "typed_config": { + "@type": "type.googleapis.com/envoy.extensions.filters.http.compressor.v3.Compressor", + "compressor_library": { + "name": "text_optimized", + "typed_config": { + "@type": "type.googleapis.com/envoy.extensions.compression.brotli.compressor.v3.Brotli" + } + } + } + }, + { + "name": "envoy.filters.http.router", + "typed_config": { + "@type": "type.googleapis.com/envoy.extensions.filters.http.router.v3.Router" + } + }] + } + } + ] + } + ] + }, + { + "address": { + "socket_address": { + "protocol": "TCP", + "address": "0.0.0.0", + "port_value": 15021 + } + }, + "filter_chains": [ + { + "filters": [ + { + "name": "envoy.filters.network.http_connection_manager", + "typed_config": { + "@type": "type.googleapis.com/envoy.extensions.filters.network.http_connection_manager.v3.HttpConnectionManager", + "codec_type": "AUTO", + "stat_prefix": "agent", + "route_config": { + "virtual_hosts": [ + { + "name": "backend", + "domains": [ + "*" + ], + "routes": [ + { + "match": { + "prefix": "/healthz/ready" + }, + "route": { + "cluster": "agent" + } + } + ] + } + ] + }, + "http_filters": [{ + "name": "envoy.filters.http.router", + "typed_config": { + "@type": "type.googleapis.com/envoy.extensions.filters.http.router.v3.Router" + } + }] + } + } + ] + } + ] + } + ] + } + , + "tracing": { + "http": { + "name": "envoy.tracers.zipkin", + "typed_config": { + "@type": "type.googleapis.com/envoy.config.trace.v3.ZipkinConfig", + "collector_cluster": "zipkin", + "collector_endpoint": "/api/v2/spans", + "collector_endpoint_version": "HTTP_JSON", + "trace_id_128bit": true, + "shared_span_context": false + } + } + } + + , + "stats_sinks": [ + + { + "name": "envoy.stat_sinks.metrics_service", + "typed_config": { + "@type": "type.googleapis.com/envoy.config.metrics.v3.MetricsServiceConfig", + "transport_api_version": "V3", + "grpc_service": { + "envoy_grpc": { + "cluster_name": "envoy_metrics_service" + } + } + } + } + + + , + + + { + "name": "envoy.stat_sinks.statsd", + "typed_config": { + "@type": "type.googleapis.com/envoy.config.metrics.v3.StatsdSink", + "address": { + "socket_address": {"address": "10.1.1.1", "port_value": 9125} + } + } + } + + ] + + + , + "cluster_manager": { + "outlier_detection": { + "event_log_path": "/dev/stdout" + } + } + +} diff --git a/pkg/bootstrap/testdata/stats_compression_gzip_golden.json b/pkg/bootstrap/testdata/stats_compression_gzip_golden.json index 8fae3e9bfc73..c62b0ee53806 100644 --- a/pkg/bootstrap/testdata/stats_compression_gzip_golden.json +++ b/pkg/bootstrap/testdata/stats_compression_gzip_golden.json @@ -439,10 +439,9 @@ "compressor_library": { "name": "text_optimized", "typed_config": { - "@type": "type.googleapis.com/envoy.extensions.compression.gzip.compressor.v3.Gzip" + "@type": "type.googleapis.com/envoy.extensions.compression.gzip.compressor.v3.Gzip" } - }, - "remove_accept_encoding_header": true + } } }, { diff --git a/pkg/bootstrap/testdata/stats_compression_unknown.proxycfg b/pkg/bootstrap/testdata/stats_compression_unknown.proxycfg new file mode 100644 index 000000000000..2b9b504c5088 --- /dev/null +++ b/pkg/bootstrap/testdata/stats_compression_unknown.proxycfg @@ -0,0 +1,14 @@ +config_path: "/etc/istio/proxy" +binary_path: "/usr/local/bin/envoy" +service_cluster: "istio-proxy" +drain_duration: {seconds: 5} +discovery_address: "mypilot:15011" +statsd_udp_address: "10.1.1.1:9125" +envoy_metrics_service: {address: "metrics-service:15000", tls_settings: { mode: MUTUAL, client_certificate: "/etc/istio/ms/client.pem", private_key: "/etc/istio/ms/key.pem", ca_certificates: "/etc/istio/ms/ca.pem"}} +envoy_access_log_service: {address: "accesslog-service:15000"} +proxy_admin_port: 15005 +control_plane_auth_policy: MUTUAL_TLS +stat_name_length: 200 +tracing: { zipkin: { address: "localhost:6000" } } + +# Sets all relevant options to values different than default diff --git a/pkg/bootstrap/testdata/stats_compression_unknown_golden.json b/pkg/bootstrap/testdata/stats_compression_unknown_golden.json new file mode 100644 index 000000000000..b02545e35065 --- /dev/null +++ b/pkg/bootstrap/testdata/stats_compression_unknown_golden.json @@ -0,0 +1,553 @@ +{ + "node": { + "id": "sidecar~1.2.3.4~foo~bar", + "cluster": "istio-proxy", + "locality": { + }, + "metadata": {"ANNOTATIONS":{"sidecar.istio.io/statsCompression":"unknown"},"ENVOY_PROMETHEUS_PORT":15090,"ENVOY_STATUS_PORT":15021,"INSTANCE_IPS":"10.3.3.3,10.4.4.4,10.5.5.5,10.6.6.6","ISTIO_VERSION":"binary-1.0","OUTLIER_LOG_PATH":"/dev/stdout","PILOT_SAN":["spiffe://cluster.local/ns/istio-system/sa/istio-pilot-service-account"],"PROXY_CONFIG":{"binaryPath":"/usr/local/bin/envoy","configPath":"/tmp/bootstrap/stats_compression_unknown","controlPlaneAuthPolicy":"MUTUAL_TLS","customConfigFile":"envoy_bootstrap.json","discoveryAddress":"mypilot:15011","drainDuration":"5s","envoyAccessLogService":{"address":"accesslog-service:15000"},"envoyMetricsService":{"address":"metrics-service:15000","tlsSettings":{"caCertificates":"/etc/istio/ms/ca.pem","clientCertificate":"/etc/istio/ms/client.pem","mode":"MUTUAL","privateKey":"/etc/istio/ms/key.pem"}},"proxyAdminPort":15005,"serviceCluster":"istio-proxy","statNameLength":200,"statsdUdpAddress":"10.1.1.1:9125","statusPort":15020,"tracing":{"zipkin":{"address":"localhost:6000"}}},"sidecar.istio.io/statsCompression":"unknown"} + }, + "layered_runtime": { + "layers": [ + { + "name": "global config", + "static_layer": {"envoy.deprecated_features:envoy.config.listener.v3.Listener.hidden_envoy_deprecated_use_original_dst":true,"envoy.reloadable_features.http_reject_path_with_fragment":false,"overload.global_downstream_max_connections":"2147483647","re2.max_program_size.error_level":"32768"} + }, + { + "name": "admin", + "admin_layer": {} + } + ] + }, + "bootstrap_extensions": [ + { + "name": "envoy.bootstrap.internal_listener", + "typed_config": { + "@type":"type.googleapis.com/udpa.type.v1.TypedStruct", + "type_url": "type.googleapis.com/envoy.extensions.bootstrap.internal_listener.v3.InternalListener", + "value": { + "buffer_size_kb": 64 + } + } + } + ], + "stats_config": { + "use_all_default_tags": false, + "stats_tags": [ + { + "tag_name": "cluster_name", + "regex": "^cluster\\.((.+?(\\..+?\\.svc\\.cluster\\.local)?)\\.)" + }, + { + "tag_name": "tcp_prefix", + "regex": "^tcp\\.((.*?)\\.)\\w+?$" + }, + { + "regex": "_rq(_(\\d{3}))$", + "tag_name": "response_code" + }, + { + "tag_name": "response_code_class", + "regex": "_rq(_(\\dxx))$" + }, + { + "tag_name": "http_conn_manager_listener_prefix", + "regex": "^listener(?=\\.).*?\\.http\\.(((?:[_.[:digit:]]*|[_\\[\\]aAbBcCdDeEfF[:digit:]]*))\\.)" + }, + { + "tag_name": "http_conn_manager_prefix", + "regex": "^http\\.(((?:[_.[:digit:]]*|[_\\[\\]aAbBcCdDeEfF[:digit:]]*))\\.)" + }, + { + "tag_name": "listener_address", + "regex": "^listener\\.(((?:[_.[:digit:]]*|[_\\[\\]aAbBcCdDeEfF[:digit:]]*))\\.)" + }, + { + "tag_name": "mongo_prefix", + "regex": "^mongo\\.(.+?)\\.(collection|cmd|cx_|op_|delays_|decoding_)(.*?)$" + }, + { + "regex": "(cache\\.(.+?)\\.)", + "tag_name": "cache" + }, + { + "regex": "(component\\.(.+?)\\.)", + "tag_name": "component" + }, + { + "regex": "(tag\\.(.+?);\\.)", + "tag_name": "tag" + }, + { + "regex": "(wasm_filter\\.(.+?)\\.)", + "tag_name": "wasm_filter" + }, + { + "tag_name": "authz_enforce_result", + "regex": "rbac(\\.(allowed|denied))" + }, + { + "tag_name": "authz_dry_run_action", + "regex": "(\\.istio_dry_run_(allow|deny)_)" + }, + { + "tag_name": "authz_dry_run_result", + "regex": "(\\.shadow_(allowed|denied))" + } + ], + "stats_matcher": { + "inclusion_list": { + "patterns": [ + { + "prefix": "reporter=" + }, + { + "prefix": "cluster_manager" + }, + { + "prefix": "listener_manager" + }, + { + "prefix": "server" + }, + { + "prefix": "cluster.xds-grpc" + }, + { + "prefix": "wasm" + }, + { + "suffix": "rbac.allowed" + }, + { + "suffix": "rbac.denied" + }, + { + "suffix": "shadow_allowed" + }, + { + "suffix": "shadow_denied" + }, + { + "safe_regex": {"regex":"vhost\\.*\\.route\\.*"} + }, + { + "prefix": "component" + }, + { + "prefix": "istio" + } + ] + } + } + }, + "admin": { + "access_log": [ + { + "name": "envoy.access_loggers.file", + "typed_config": { + "@type": "type.googleapis.com/envoy.extensions.access_loggers.file.v3.FileAccessLog", + "path": "/dev/null" + } + } + ], + "profile_path": "/var/lib/istio/data/envoy.prof", + "address": { + "socket_address": { + "address": "127.0.0.1", + "port_value": 15005 + } + } + }, + "dynamic_resources": { + "lds_config": { + "ads": {}, + "initial_fetch_timeout": "0s", + "resource_api_version": "V3" + }, + "cds_config": { + "ads": {}, + "initial_fetch_timeout": "0s", + "resource_api_version": "V3" + }, + "ads_config": { + "api_type": "GRPC", + "set_node_on_first_message_only": true, + "transport_api_version": "V3", + "grpc_services": [ + { + "envoy_grpc": { + "cluster_name": "xds-grpc" + } + } + ] + } + }, + "static_resources": { + "clusters": [ + { + "name": "prometheus_stats", + "type": "STATIC", + "connect_timeout": "0.250s", + "lb_policy": "ROUND_ROBIN", + "load_assignment": { + "cluster_name": "prometheus_stats", + "endpoints": [{ + "lb_endpoints": [{ + "endpoint": { + "address":{ + "socket_address": { + "protocol": "TCP", + "address": "127.0.0.1", + "port_value": 15005 + } + } + } + }] + }] + } + }, + { + "name": "agent", + "type": "STATIC", + "connect_timeout": "0.250s", + "lb_policy": "ROUND_ROBIN", + "load_assignment": { + "cluster_name": "agent", + "endpoints": [{ + "lb_endpoints": [{ + "endpoint": { + "address":{ + "socket_address": { + "protocol": "TCP", + "address": "127.0.0.1", + "port_value": 15020 + } + } + } + }] + }] + } + }, + { + "name": "sds-grpc", + "type": "STATIC", + "typed_extension_protocol_options": { + "envoy.extensions.upstreams.http.v3.HttpProtocolOptions": { + "@type": "type.googleapis.com/envoy.extensions.upstreams.http.v3.HttpProtocolOptions", + "explicit_http_config": { + "http2_protocol_options": {} + } + } + }, + "connect_timeout": "1s", + "lb_policy": "ROUND_ROBIN", + "load_assignment": { + "cluster_name": "sds-grpc", + "endpoints": [{ + "lb_endpoints": [{ + "endpoint": { + "address":{ + "pipe": { + "path": "./var/run/secrets/workload-spiffe-uds/socket" + } + } + } + }] + }] + } + }, + { + "name": "xds-grpc", + "type" : "STATIC", + "connect_timeout": "1s", + "lb_policy": "ROUND_ROBIN", + "load_assignment": { + "cluster_name": "xds-grpc", + "endpoints": [{ + "lb_endpoints": [{ + "endpoint": { + "address":{ + "pipe": { + "path": "/tmp/XDS" + } + } + } + }] + }] + }, + "circuit_breakers": { + "thresholds": [ + { + "priority": "DEFAULT", + "max_connections": 100000, + "max_pending_requests": 100000, + "max_requests": 100000 + }, + { + "priority": "HIGH", + "max_connections": 100000, + "max_pending_requests": 100000, + "max_requests": 100000 + } + ] + }, + "upstream_connection_options": { + "tcp_keepalive": { + "keepalive_time": 300 + } + }, + "max_requests_per_connection": 1, + "typed_extension_protocol_options": { + "envoy.extensions.upstreams.http.v3.HttpProtocolOptions": { + "@type": "type.googleapis.com/envoy.extensions.upstreams.http.v3.HttpProtocolOptions", + "explicit_http_config": { + "http2_protocol_options": {} + } + } + } + } + + , + { + "name": "zipkin", + "type": "STRICT_DNS", + "respect_dns_ttl": true, + "dns_lookup_family": "V4_ONLY", + "dns_refresh_rate": "30s", + "connect_timeout": "1s", + "lb_policy": "ROUND_ROBIN", + "load_assignment": { + "cluster_name": "zipkin", + "endpoints": [{ + "lb_endpoints": [{ + "endpoint": { + "address":{ + "socket_address": {"address": "localhost", "port_value": 6000} + } + } + }] + }] + } + } + + , + { + "name": "envoy_metrics_service", + "type": "STRICT_DNS", + "transport_socket": {"name":"envoy.transport_sockets.tls","typed_config":{"@type":"type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.UpstreamTlsContext","common_tls_context":{"alpn_protocols":["h2"],"combined_validation_context":{"default_validation_context":{},"validation_context_sds_secret_config":{"name":"file-root:/etc/istio/ms/ca.pem","sds_config":{"api_config_source":{"api_type":"GRPC","grpc_services":[{"envoy_grpc":{"cluster_name":"sds-grpc"}}],"set_node_on_first_message_only":true,"transport_api_version":"V3"},"resource_api_version":"V3"}}},"tls_certificate_sds_secret_configs":[{"name":"file-cert:/etc/istio/ms/client.pem~/etc/istio/ms/key.pem","sds_config":{"api_config_source":{"api_type":"GRPC","grpc_services":[{"envoy_grpc":{"cluster_name":"sds-grpc"}}],"set_node_on_first_message_only":true,"transport_api_version":"V3"},"resource_api_version":"V3"}}]}}}, + "respect_dns_ttl": true, + "dns_lookup_family": "V4_ONLY", + "connect_timeout": "1s", + "lb_policy": "ROUND_ROBIN", + "typed_extension_protocol_options": { + "envoy.extensions.upstreams.http.v3.HttpProtocolOptions": { + "@type": "type.googleapis.com/envoy.extensions.upstreams.http.v3.HttpProtocolOptions", + "explicit_http_config": { + "http2_protocol_options": {} + } + } + }, + "load_assignment": { + "cluster_name": "envoy_metrics_service", + "endpoints": [{ + "lb_endpoints": [{ + "endpoint": { + "address":{ + "socket_address": {"address": "metrics-service", "port_value": 15000} + } + } + }] + }] + } + } + + + , + { + "name": "envoy_accesslog_service", + "type": "STRICT_DNS", + "respect_dns_ttl": true, + "dns_lookup_family": "V4_ONLY", + "connect_timeout": "1s", + "lb_policy": "ROUND_ROBIN", + "typed_extension_protocol_options": { + "envoy.extensions.upstreams.http.v3.HttpProtocolOptions": { + "@type": "type.googleapis.com/envoy.extensions.upstreams.http.v3.HttpProtocolOptions", + "explicit_http_config": { + "http2_protocol_options": {} + } + } + }, + "load_assignment": { + "cluster_name": "envoy_accesslog_service", + "endpoints": [{ + "lb_endpoints": [{ + "endpoint": { + "address":{ + "socket_address": {"address": "accesslog-service", "port_value": 15000} + } + } + }] + }] + } + } + + ], + "listeners":[ + { + "address": { + "socket_address": { + "protocol": "TCP", + "address": "0.0.0.0", + "port_value": 15090 + } + }, + "filter_chains": [ + { + "filters": [ + { + "name": "envoy.filters.network.http_connection_manager", + "typed_config": { + "@type": "type.googleapis.com/envoy.extensions.filters.network.http_connection_manager.v3.HttpConnectionManager", + "codec_type": "AUTO", + "stat_prefix": "stats", + "route_config": { + "virtual_hosts": [ + { + "name": "backend", + "domains": [ + "*" + ], + "routes": [ + { + "match": { + "prefix": "/stats/prometheus" + }, + "route": { + "cluster": "prometheus_stats" + } + } + ] + } + ] + }, + "http_filters": [ + { + "name": "envoy.filters.http.router", + "typed_config": { + "@type": "type.googleapis.com/envoy.extensions.filters.http.router.v3.Router" + } + }] + } + } + ] + } + ] + }, + { + "address": { + "socket_address": { + "protocol": "TCP", + "address": "0.0.0.0", + "port_value": 15021 + } + }, + "filter_chains": [ + { + "filters": [ + { + "name": "envoy.filters.network.http_connection_manager", + "typed_config": { + "@type": "type.googleapis.com/envoy.extensions.filters.network.http_connection_manager.v3.HttpConnectionManager", + "codec_type": "AUTO", + "stat_prefix": "agent", + "route_config": { + "virtual_hosts": [ + { + "name": "backend", + "domains": [ + "*" + ], + "routes": [ + { + "match": { + "prefix": "/healthz/ready" + }, + "route": { + "cluster": "agent" + } + } + ] + } + ] + }, + "http_filters": [{ + "name": "envoy.filters.http.router", + "typed_config": { + "@type": "type.googleapis.com/envoy.extensions.filters.http.router.v3.Router" + } + }] + } + } + ] + } + ] + } + ] + } + , + "tracing": { + "http": { + "name": "envoy.tracers.zipkin", + "typed_config": { + "@type": "type.googleapis.com/envoy.config.trace.v3.ZipkinConfig", + "collector_cluster": "zipkin", + "collector_endpoint": "/api/v2/spans", + "collector_endpoint_version": "HTTP_JSON", + "trace_id_128bit": true, + "shared_span_context": false + } + } + } + + , + "stats_sinks": [ + + { + "name": "envoy.stat_sinks.metrics_service", + "typed_config": { + "@type": "type.googleapis.com/envoy.config.metrics.v3.MetricsServiceConfig", + "transport_api_version": "V3", + "grpc_service": { + "envoy_grpc": { + "cluster_name": "envoy_metrics_service" + } + } + } + } + + + , + + + { + "name": "envoy.stat_sinks.statsd", + "typed_config": { + "@type": "type.googleapis.com/envoy.config.metrics.v3.StatsdSink", + "address": { + "socket_address": {"address": "10.1.1.1", "port_value": 9125} + } + } + } + + ] + + + , + "cluster_manager": { + "outlier_detection": { + "event_log_path": "/dev/stdout" + } + } + +} diff --git a/pkg/bootstrap/testdata/stats_compression_zstd.proxycfg b/pkg/bootstrap/testdata/stats_compression_zstd.proxycfg new file mode 100644 index 000000000000..2b9b504c5088 --- /dev/null +++ b/pkg/bootstrap/testdata/stats_compression_zstd.proxycfg @@ -0,0 +1,14 @@ +config_path: "/etc/istio/proxy" +binary_path: "/usr/local/bin/envoy" +service_cluster: "istio-proxy" +drain_duration: {seconds: 5} +discovery_address: "mypilot:15011" +statsd_udp_address: "10.1.1.1:9125" +envoy_metrics_service: {address: "metrics-service:15000", tls_settings: { mode: MUTUAL, client_certificate: "/etc/istio/ms/client.pem", private_key: "/etc/istio/ms/key.pem", ca_certificates: "/etc/istio/ms/ca.pem"}} +envoy_access_log_service: {address: "accesslog-service:15000"} +proxy_admin_port: 15005 +control_plane_auth_policy: MUTUAL_TLS +stat_name_length: 200 +tracing: { zipkin: { address: "localhost:6000" } } + +# Sets all relevant options to values different than default diff --git a/pkg/bootstrap/testdata/stats_compression_zstd_golden.json b/pkg/bootstrap/testdata/stats_compression_zstd_golden.json new file mode 100644 index 000000000000..060b3b53de3f --- /dev/null +++ b/pkg/bootstrap/testdata/stats_compression_zstd_golden.json @@ -0,0 +1,565 @@ +{ + "node": { + "id": "sidecar~1.2.3.4~foo~bar", + "cluster": "istio-proxy", + "locality": { + }, + "metadata": {"ANNOTATIONS":{"sidecar.istio.io/statsCompression":"zstd"},"ENVOY_PROMETHEUS_PORT":15090,"ENVOY_STATUS_PORT":15021,"INSTANCE_IPS":"10.3.3.3,10.4.4.4,10.5.5.5,10.6.6.6","ISTIO_VERSION":"binary-1.0","OUTLIER_LOG_PATH":"/dev/stdout","PILOT_SAN":["spiffe://cluster.local/ns/istio-system/sa/istio-pilot-service-account"],"PROXY_CONFIG":{"binaryPath":"/usr/local/bin/envoy","configPath":"/tmp/bootstrap/stats_compression_zstd","controlPlaneAuthPolicy":"MUTUAL_TLS","customConfigFile":"envoy_bootstrap.json","discoveryAddress":"mypilot:15011","drainDuration":"5s","envoyAccessLogService":{"address":"accesslog-service:15000"},"envoyMetricsService":{"address":"metrics-service:15000","tlsSettings":{"caCertificates":"/etc/istio/ms/ca.pem","clientCertificate":"/etc/istio/ms/client.pem","mode":"MUTUAL","privateKey":"/etc/istio/ms/key.pem"}},"proxyAdminPort":15005,"serviceCluster":"istio-proxy","statNameLength":200,"statsdUdpAddress":"10.1.1.1:9125","statusPort":15020,"tracing":{"zipkin":{"address":"localhost:6000"}}},"sidecar.istio.io/statsCompression":"zstd"} + }, + "layered_runtime": { + "layers": [ + { + "name": "global config", + "static_layer": {"envoy.deprecated_features:envoy.config.listener.v3.Listener.hidden_envoy_deprecated_use_original_dst":true,"envoy.reloadable_features.http_reject_path_with_fragment":false,"overload.global_downstream_max_connections":"2147483647","re2.max_program_size.error_level":"32768"} + }, + { + "name": "admin", + "admin_layer": {} + } + ] + }, + "bootstrap_extensions": [ + { + "name": "envoy.bootstrap.internal_listener", + "typed_config": { + "@type":"type.googleapis.com/udpa.type.v1.TypedStruct", + "type_url": "type.googleapis.com/envoy.extensions.bootstrap.internal_listener.v3.InternalListener", + "value": { + "buffer_size_kb": 64 + } + } + } + ], + "stats_config": { + "use_all_default_tags": false, + "stats_tags": [ + { + "tag_name": "cluster_name", + "regex": "^cluster\\.((.+?(\\..+?\\.svc\\.cluster\\.local)?)\\.)" + }, + { + "tag_name": "tcp_prefix", + "regex": "^tcp\\.((.*?)\\.)\\w+?$" + }, + { + "regex": "_rq(_(\\d{3}))$", + "tag_name": "response_code" + }, + { + "tag_name": "response_code_class", + "regex": "_rq(_(\\dxx))$" + }, + { + "tag_name": "http_conn_manager_listener_prefix", + "regex": "^listener(?=\\.).*?\\.http\\.(((?:[_.[:digit:]]*|[_\\[\\]aAbBcCdDeEfF[:digit:]]*))\\.)" + }, + { + "tag_name": "http_conn_manager_prefix", + "regex": "^http\\.(((?:[_.[:digit:]]*|[_\\[\\]aAbBcCdDeEfF[:digit:]]*))\\.)" + }, + { + "tag_name": "listener_address", + "regex": "^listener\\.(((?:[_.[:digit:]]*|[_\\[\\]aAbBcCdDeEfF[:digit:]]*))\\.)" + }, + { + "tag_name": "mongo_prefix", + "regex": "^mongo\\.(.+?)\\.(collection|cmd|cx_|op_|delays_|decoding_)(.*?)$" + }, + { + "regex": "(cache\\.(.+?)\\.)", + "tag_name": "cache" + }, + { + "regex": "(component\\.(.+?)\\.)", + "tag_name": "component" + }, + { + "regex": "(tag\\.(.+?);\\.)", + "tag_name": "tag" + }, + { + "regex": "(wasm_filter\\.(.+?)\\.)", + "tag_name": "wasm_filter" + }, + { + "tag_name": "authz_enforce_result", + "regex": "rbac(\\.(allowed|denied))" + }, + { + "tag_name": "authz_dry_run_action", + "regex": "(\\.istio_dry_run_(allow|deny)_)" + }, + { + "tag_name": "authz_dry_run_result", + "regex": "(\\.shadow_(allowed|denied))" + } + ], + "stats_matcher": { + "inclusion_list": { + "patterns": [ + { + "prefix": "reporter=" + }, + { + "prefix": "cluster_manager" + }, + { + "prefix": "listener_manager" + }, + { + "prefix": "server" + }, + { + "prefix": "cluster.xds-grpc" + }, + { + "prefix": "wasm" + }, + { + "suffix": "rbac.allowed" + }, + { + "suffix": "rbac.denied" + }, + { + "suffix": "shadow_allowed" + }, + { + "suffix": "shadow_denied" + }, + { + "safe_regex": {"regex":"vhost\\.*\\.route\\.*"} + }, + { + "prefix": "component" + }, + { + "prefix": "istio" + } + ] + } + } + }, + "admin": { + "access_log": [ + { + "name": "envoy.access_loggers.file", + "typed_config": { + "@type": "type.googleapis.com/envoy.extensions.access_loggers.file.v3.FileAccessLog", + "path": "/dev/null" + } + } + ], + "profile_path": "/var/lib/istio/data/envoy.prof", + "address": { + "socket_address": { + "address": "127.0.0.1", + "port_value": 15005 + } + } + }, + "dynamic_resources": { + "lds_config": { + "ads": {}, + "initial_fetch_timeout": "0s", + "resource_api_version": "V3" + }, + "cds_config": { + "ads": {}, + "initial_fetch_timeout": "0s", + "resource_api_version": "V3" + }, + "ads_config": { + "api_type": "GRPC", + "set_node_on_first_message_only": true, + "transport_api_version": "V3", + "grpc_services": [ + { + "envoy_grpc": { + "cluster_name": "xds-grpc" + } + } + ] + } + }, + "static_resources": { + "clusters": [ + { + "name": "prometheus_stats", + "type": "STATIC", + "connect_timeout": "0.250s", + "lb_policy": "ROUND_ROBIN", + "load_assignment": { + "cluster_name": "prometheus_stats", + "endpoints": [{ + "lb_endpoints": [{ + "endpoint": { + "address":{ + "socket_address": { + "protocol": "TCP", + "address": "127.0.0.1", + "port_value": 15005 + } + } + } + }] + }] + } + }, + { + "name": "agent", + "type": "STATIC", + "connect_timeout": "0.250s", + "lb_policy": "ROUND_ROBIN", + "load_assignment": { + "cluster_name": "agent", + "endpoints": [{ + "lb_endpoints": [{ + "endpoint": { + "address":{ + "socket_address": { + "protocol": "TCP", + "address": "127.0.0.1", + "port_value": 15020 + } + } + } + }] + }] + } + }, + { + "name": "sds-grpc", + "type": "STATIC", + "typed_extension_protocol_options": { + "envoy.extensions.upstreams.http.v3.HttpProtocolOptions": { + "@type": "type.googleapis.com/envoy.extensions.upstreams.http.v3.HttpProtocolOptions", + "explicit_http_config": { + "http2_protocol_options": {} + } + } + }, + "connect_timeout": "1s", + "lb_policy": "ROUND_ROBIN", + "load_assignment": { + "cluster_name": "sds-grpc", + "endpoints": [{ + "lb_endpoints": [{ + "endpoint": { + "address":{ + "pipe": { + "path": "./var/run/secrets/workload-spiffe-uds/socket" + } + } + } + }] + }] + } + }, + { + "name": "xds-grpc", + "type" : "STATIC", + "connect_timeout": "1s", + "lb_policy": "ROUND_ROBIN", + "load_assignment": { + "cluster_name": "xds-grpc", + "endpoints": [{ + "lb_endpoints": [{ + "endpoint": { + "address":{ + "pipe": { + "path": "/tmp/XDS" + } + } + } + }] + }] + }, + "circuit_breakers": { + "thresholds": [ + { + "priority": "DEFAULT", + "max_connections": 100000, + "max_pending_requests": 100000, + "max_requests": 100000 + }, + { + "priority": "HIGH", + "max_connections": 100000, + "max_pending_requests": 100000, + "max_requests": 100000 + } + ] + }, + "upstream_connection_options": { + "tcp_keepalive": { + "keepalive_time": 300 + } + }, + "max_requests_per_connection": 1, + "typed_extension_protocol_options": { + "envoy.extensions.upstreams.http.v3.HttpProtocolOptions": { + "@type": "type.googleapis.com/envoy.extensions.upstreams.http.v3.HttpProtocolOptions", + "explicit_http_config": { + "http2_protocol_options": {} + } + } + } + } + + , + { + "name": "zipkin", + "type": "STRICT_DNS", + "respect_dns_ttl": true, + "dns_lookup_family": "V4_ONLY", + "dns_refresh_rate": "30s", + "connect_timeout": "1s", + "lb_policy": "ROUND_ROBIN", + "load_assignment": { + "cluster_name": "zipkin", + "endpoints": [{ + "lb_endpoints": [{ + "endpoint": { + "address":{ + "socket_address": {"address": "localhost", "port_value": 6000} + } + } + }] + }] + } + } + + , + { + "name": "envoy_metrics_service", + "type": "STRICT_DNS", + "transport_socket": {"name":"envoy.transport_sockets.tls","typed_config":{"@type":"type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.UpstreamTlsContext","common_tls_context":{"alpn_protocols":["h2"],"combined_validation_context":{"default_validation_context":{},"validation_context_sds_secret_config":{"name":"file-root:/etc/istio/ms/ca.pem","sds_config":{"api_config_source":{"api_type":"GRPC","grpc_services":[{"envoy_grpc":{"cluster_name":"sds-grpc"}}],"set_node_on_first_message_only":true,"transport_api_version":"V3"},"resource_api_version":"V3"}}},"tls_certificate_sds_secret_configs":[{"name":"file-cert:/etc/istio/ms/client.pem~/etc/istio/ms/key.pem","sds_config":{"api_config_source":{"api_type":"GRPC","grpc_services":[{"envoy_grpc":{"cluster_name":"sds-grpc"}}],"set_node_on_first_message_only":true,"transport_api_version":"V3"},"resource_api_version":"V3"}}]}}}, + "respect_dns_ttl": true, + "dns_lookup_family": "V4_ONLY", + "connect_timeout": "1s", + "lb_policy": "ROUND_ROBIN", + "typed_extension_protocol_options": { + "envoy.extensions.upstreams.http.v3.HttpProtocolOptions": { + "@type": "type.googleapis.com/envoy.extensions.upstreams.http.v3.HttpProtocolOptions", + "explicit_http_config": { + "http2_protocol_options": {} + } + } + }, + "load_assignment": { + "cluster_name": "envoy_metrics_service", + "endpoints": [{ + "lb_endpoints": [{ + "endpoint": { + "address":{ + "socket_address": {"address": "metrics-service", "port_value": 15000} + } + } + }] + }] + } + } + + + , + { + "name": "envoy_accesslog_service", + "type": "STRICT_DNS", + "respect_dns_ttl": true, + "dns_lookup_family": "V4_ONLY", + "connect_timeout": "1s", + "lb_policy": "ROUND_ROBIN", + "typed_extension_protocol_options": { + "envoy.extensions.upstreams.http.v3.HttpProtocolOptions": { + "@type": "type.googleapis.com/envoy.extensions.upstreams.http.v3.HttpProtocolOptions", + "explicit_http_config": { + "http2_protocol_options": {} + } + } + }, + "load_assignment": { + "cluster_name": "envoy_accesslog_service", + "endpoints": [{ + "lb_endpoints": [{ + "endpoint": { + "address":{ + "socket_address": {"address": "accesslog-service", "port_value": 15000} + } + } + }] + }] + } + } + + ], + "listeners":[ + { + "address": { + "socket_address": { + "protocol": "TCP", + "address": "0.0.0.0", + "port_value": 15090 + } + }, + "filter_chains": [ + { + "filters": [ + { + "name": "envoy.filters.network.http_connection_manager", + "typed_config": { + "@type": "type.googleapis.com/envoy.extensions.filters.network.http_connection_manager.v3.HttpConnectionManager", + "codec_type": "AUTO", + "stat_prefix": "stats", + "route_config": { + "virtual_hosts": [ + { + "name": "backend", + "domains": [ + "*" + ], + "routes": [ + { + "match": { + "prefix": "/stats/prometheus" + }, + "route": { + "cluster": "prometheus_stats" + } + } + ] + } + ] + }, + "http_filters": [ + { + "name": "envoy.filters.http.compressor", + "typed_config": { + "@type": "type.googleapis.com/envoy.extensions.filters.http.compressor.v3.Compressor", + "compressor_library": { + "name": "text_optimized", + "typed_config": { + "@type": "type.googleapis.com/envoy.extensions.compression.zstd.compressor.v3.Zstd" + } + } + } + }, + { + "name": "envoy.filters.http.router", + "typed_config": { + "@type": "type.googleapis.com/envoy.extensions.filters.http.router.v3.Router" + } + }] + } + } + ] + } + ] + }, + { + "address": { + "socket_address": { + "protocol": "TCP", + "address": "0.0.0.0", + "port_value": 15021 + } + }, + "filter_chains": [ + { + "filters": [ + { + "name": "envoy.filters.network.http_connection_manager", + "typed_config": { + "@type": "type.googleapis.com/envoy.extensions.filters.network.http_connection_manager.v3.HttpConnectionManager", + "codec_type": "AUTO", + "stat_prefix": "agent", + "route_config": { + "virtual_hosts": [ + { + "name": "backend", + "domains": [ + "*" + ], + "routes": [ + { + "match": { + "prefix": "/healthz/ready" + }, + "route": { + "cluster": "agent" + } + } + ] + } + ] + }, + "http_filters": [{ + "name": "envoy.filters.http.router", + "typed_config": { + "@type": "type.googleapis.com/envoy.extensions.filters.http.router.v3.Router" + } + }] + } + } + ] + } + ] + } + ] + } + , + "tracing": { + "http": { + "name": "envoy.tracers.zipkin", + "typed_config": { + "@type": "type.googleapis.com/envoy.config.trace.v3.ZipkinConfig", + "collector_cluster": "zipkin", + "collector_endpoint": "/api/v2/spans", + "collector_endpoint_version": "HTTP_JSON", + "trace_id_128bit": true, + "shared_span_context": false + } + } + } + + , + "stats_sinks": [ + + { + "name": "envoy.stat_sinks.metrics_service", + "typed_config": { + "@type": "type.googleapis.com/envoy.config.metrics.v3.MetricsServiceConfig", + "transport_api_version": "V3", + "grpc_service": { + "envoy_grpc": { + "cluster_name": "envoy_metrics_service" + } + } + } + } + + + , + + + { + "name": "envoy.stat_sinks.statsd", + "typed_config": { + "@type": "type.googleapis.com/envoy.config.metrics.v3.StatsdSink", + "address": { + "socket_address": {"address": "10.1.1.1", "port_value": 9125} + } + } + } + + ] + + + , + "cluster_manager": { + "outlier_detection": { + "event_log_path": "/dev/stdout" + } + } + +} diff --git a/tools/packaging/common/envoy_bootstrap.json b/tools/packaging/common/envoy_bootstrap.json index 33a1c4ef3680..6cca4a052d3f 100644 --- a/tools/packaging/common/envoy_bootstrap.json +++ b/tools/packaging/common/envoy_bootstrap.json @@ -545,22 +545,35 @@ }, "http_filters": [ {{- if .stats_compression }} - {{- if eq .stats_compression "gzip"}} { "name": "envoy.filters.http.compressor", "typed_config": { "@type": "type.googleapis.com/envoy.extensions.filters.http.compressor.v3.Compressor", + {{- if eq .stats_compression "gzip"}} "compressor_library": { "name": "text_optimized", "typed_config": { - "@type": "type.googleapis.com/envoy.extensions.compression.gzip.compressor.v3.Gzip" + "@type": "type.googleapis.com/envoy.extensions.compression.gzip.compressor.v3.Gzip" } - }, - "remove_accept_encoding_header": true + } + {{- else if eq .stats_compression "zstd"}} + "compressor_library": { + "name": "text_optimized", + "typed_config": { + "@type": "type.googleapis.com/envoy.extensions.compression.zstd.compressor.v3.Zstd" + } + } + {{- else if eq .stats_compression "brotli"}} + "compressor_library": { + "name": "text_optimized", + "typed_config": { + "@type": "type.googleapis.com/envoy.extensions.compression.brotli.compressor.v3.Brotli" + } + } + {{- end }} } }, {{- end }} - {{- end }} { "name": "envoy.filters.http.router", "typed_config": { From 7808f4394490f3c796ebe5435b378b2f26a9f630 Mon Sep 17 00:00:00 2001 From: zirain Date: Thu, 23 Nov 2023 10:24:14 +0800 Subject: [PATCH 5/6] release-notes --- releasenotes/notes/47997.yaml | 8 ++++++++ 1 file changed, 8 insertions(+) create mode 100644 releasenotes/notes/47997.yaml diff --git a/releasenotes/notes/47997.yaml b/releasenotes/notes/47997.yaml new file mode 100644 index 000000000000..f8a71b8888db --- /dev/null +++ b/releasenotes/notes/47997.yaml @@ -0,0 +1,8 @@ +apiVersion: release-notes/v2 +kind: feature +area: telemetry +issue: + - 30987 +releaseNotes: + - | + **Added** compression for the Envoy stats endpoint, support `brotli`, `gzip` and `zstd`. From f2e802692340238c9e5c118012b8762f1ab74c46 Mon Sep 17 00:00:00 2001 From: zirain Date: Thu, 23 Nov 2023 10:32:59 +0800 Subject: [PATCH 6/6] lint --- pkg/bootstrap/config.go | 14 ++++++-------- 1 file changed, 6 insertions(+), 8 deletions(-) diff --git a/pkg/bootstrap/config.go b/pkg/bootstrap/config.go index 921b3ed33bf5..02f9d869ea8d 100644 --- a/pkg/bootstrap/config.go +++ b/pkg/bootstrap/config.go @@ -72,6 +72,12 @@ const ( v2Suffix = ",component,istio" ) +var envoyWellKnownCompressorLibrary = sets.String{ + "gzip": {}, + "zstd": {}, + "brotli": {}, +} + // Config for creating a bootstrap file. type Config struct { *model.Node @@ -292,14 +298,6 @@ func getStatsOptions(meta *model.BootstrapNodeMetadata) []option.Instance { } } -var ( - envoyWellKnownCompressorLibrary = sets.String{ - "gzip": {}, - "zstd": {}, - "brotli": {}, - } -) - func lightstepAccessTokenFile(config string) string { return path.Join(config, lightstepAccessTokenBase) }