8000 [ambient] Include information to help troubleshooting by josunect · Pull Request #7970 · kiali/kiali · GitHub
[go: up one dir, main page]
More Web Proxy on the site http://driver.im/
Skip to content

[ambient] Include information to help troubleshooting #7970

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 38 commits into from
Dec 12, 2024
Merged

[ambient] Include information to help troubleshooting #7970

merged 38 commits into from
Dec 12, 2024

Conversation

josunect
Copy link
Contributor
@josunect josunect commented Nov 29, 2024
edited
Loading

Describe the change

Include relevant information to help troubleshooting.

  • Show workload pod protocol (HBONE is shown for Ambient mesh):
    image

  • Show L7 waypoint link:
    image

  • For the waypoint proxy, show waypoint proxy label:
    image

  • For the waypoint proxy, show the Envoy tab:
    image

  • Show waypoint/gateway traces:
    image
    image

  • Add waypoint proxy status. A new method is added to return IGNORED if sent is empty, instead NOT SENT (Ref: https://github.com/istio/istio/pull/51638/files#diff-fded610aca2639111f0d6b42e18dfc1ce047126340a2d36bb976cfa4c575b984R8). Used just for the waypoint. This condition is not shown as a warning.
    image

  • Using this config dump, show for the ztunnel pods a ztunnel config map with the output for:
    istioctl ztunnel-config workloads
    istioctl ztunnel-config services

image

  • Fix error with permissions in get namespaces list for users with no cluster wide access:
    ERR GetWaypoints: Error fetching namespaces for cluster cluster-default. namespaces is forbidden: User "oidc:user" cannot list resource "namespaces" in API group "" at the cluster scope

Steps to test the PR

Install Ambient and bookinfo added into Ambient Mesh.

  • minikube start
  • istio/install-istio-via-istioctl.sh -c kubectl -cp ambient
  • Install Kiali
  • istio/install-bookinf 10000 o-demo.sh -c kubectl -ai false -tg -w true

Go to:

  • waypoint workload details. See description, traces, envoy tab, see proxy status
  • productpage details: See waypoint proxy information and link. See the pod information tooltip, and see the protocol.
  • Go to ztunnel details. See the ztunnel config info for workloads and services.

Automation testing

Added unit tests

Issue reference

Ref. #7826

Tested with user with permissions just in the bookinfo namespace.
hack/setup-kind-in-ci.sh -a openid -ab true
image
image
image

@josunect josunect self-assigned this Nov 29, 2024
@josunect josunect added enhancement This is the preferred way to describe new end-to-end features. ambient Related to Istio Ambient Mesh labels Nov 29, 2024
@josunect josunect marked this pull request as ready for review December 4, 2024 16:27
@josunect josunect mentioned this pull request Dec 5, 2024
Closed
19 tasks
@josunect josunect added the test: back-end/integration PR adds/updates back-end tests (unit and/or integration) label Dec 5, 2024
@josunect josunect force-pushed the issue7826_config_dump branch from 04fb448 to 323a6f4 Compare December 9, 2024 12:42
josunect and others added 5 commits December 11, 2024 12:06
@josunect @jshaughn
Update frontend/src/components/Ambient/WaypointLabel.tsx
d3b2778 
Co-authored-by: Jay Shaughnessy <jshaughn@redhat.com>
@josunect
Pod proxy status
4482ba4
@josunect
Update proxy status logic
06e3cbc
@josunect
i18n
99a9c87
@josunect @jshaughn
Update frontend/src/types/Health.ts
5e1c912 
Co-authored-by: Jay Shaughnessy <jshaughn@redhat.com>
@josunect
Copy link
Contributor Author

Lots of good additions here, and a lot of work! Everything mentioned and shown in the PR description worked for me. I did notice a couple of things.

* The Waypoint service detail is showing as out of mesh (workload detail and service list is fine). I think we should fix this:

image

* The ztunnel tables don't have any sortable columns.  Sortable columns are definitely useful for tables and we typically provide client-side sorting. We should add the sorting but it could be a follow-up, if you prefer.

image

Good catch about the missing sidecar.
Right, I will apply sorting.

@josunect josunect requested a review from jshaughn December 11, 2024 17:46
@josunect
Copy link
Contributor Author

Thanks for the review, @jshaughn , I think all the comments has been addressed

jshaughn
jshaughn reviewed Dec 11, 2024
View reviewed changes
Copy link
Collaborator
@jshaughn jshaughn left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Good changes, still a few minor things...

josunect and others added 3 commits December 12, 2024 07:19
@josunect @jshaughn
Update business/proxy_status.go
8b46ac4 
Co-authored-by: Jay Shaughnessy <jshaughn@redhat.com>
@josunect @jshaughn
Update business/proxy_status.go
a9af414 
Co-authored-by: Jay Shaughnessy <jshaughn@redhat.com>
@josunect
Update comments, i18n
f58c86f
@josunect
Copy link
Contributor Author
josunect commented Dec 12, 2024
edited
Loading

I see that when EDS is IGNORED, I cannot see traffic from this waypoint, probably this should be a warning, probably just ignore RDS for waypoints/gateways:

image

Update: It looks like it is working, so that might be related to other reasons
Maybe IGNORED should be shown as an info icon?

image

image

jshaughn
jshaughn approved these changes Dec 12, 2024
View reviewed changes
Copy link
Collaborator
@jshaughn jshaughn left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Nice, All looks good to me! Just wait for CI to complete!

@josunect josunect merged commit 535bb39 into kiali:master Dec 12, 2024
10 checks passed
@josunect josunect deleted the issue7826_config_dump branch December 12, 2024 15:54
This was referenced Dec 13, 2024
Closed
Closed
Closed
nrfox
nrfox reviewed Dec 17, 2024
View reviewed changes
kubernetes/ztunnel.go
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Are these all "internal" API types? I'm concerned that this will be the same as getting data from the "istio registry" in that it is subject to change between istio versions and will break Kiali. What is the data that we need to get from here that we can't get or infer from another resource?

Copy link
Contributor Author
@josunect josunect Dec 18, 2024
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This is doing the request to the debug endpoint, with a forward request, to the ztunnel pod. It is similar to the request config_dump to Envoy, but ztunnel returns a different format.

https://github.com/kiali/kiali/blob/master/istio/discovery.go#L111

There is data, like the pod's protocol, HBONE/TCP, that I haven't seen in another place. It also has many information for every service/workload that it is handling, probably it could be "guessed" (Not sure if all) but we could put together this information and It might be not so reliable as this. Also, not sure where to get all the certificates information (It is not shown at the moment but it could be useful).

For example:

istioctl ztunnel-config services
NAMESPACE      SERVICE NAME           SERVICE VIP    WAYPOINT ENDPOINTS
bookinfo       bookinfo-gateway-istio 10.105.216.212 waypoint 1/1
bookinfo       details                10.101.230.19  waypoint 1/1
bookinfo       details-v1             10.109.126.190 waypoint 1/1
bookinfo       productpage            10.105.99.217  waypoint 1/1
bookinfo       productpage-v1         10.100.178.206 waypoint 1/1
bookinfo       ratings                10.102.52.197  waypoint 1/1

Certificates:

istioctl ztunnel-config certificates
CERTIFICATE NAME                                               TYPE     STATUS        VALID CERT     SERIAL NUMBER                        NOT AFTER                NOT BEFORE
spiffe://cluster.local/ns/bookinfo/sa/bookinfo-details         Leaf     Available     true           c7fedb8436712d249a416859b6387883     2024-12-18T13:31:39Z     2024-12-17T13:29:39Z

In case of failure and this data structure change, I think just the ztunnel page would be affected, but don't break Kiali.

mayleighnmyers pushed a commit to mayleighnmyers/kiali that referenced this pull request Dec 18, 2024
@josunect @jshaughn @mayleighnmyers
[ambient] Include information to help troubleshooting (kiali#7970)
995342f 
* Get config dump info

---------

Co-authored-by: Jay Shaughnessy <jshaughn@redhat.com>
mayleighnmyers pushed a commit to mayleighnmyers/kiali that referenced this pull request Dec 19, 2024
@josunect @jshaughn @mayleighnmyers
[ambient] Include information to help troubleshooting (kiali#7970)
7abc89d 
* Get config dump info

---------

Co-authored-by: Jay Shaughnessy <jshaughn@redhat.com>
This was referenced Dec 20, 2024
Merged
Closed
This was referenced Jan 2, 2025
Closed
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@nrfox nrfox nrfox left review comments

@jshaughn jshaughn jshaughn approved these changes

Assignees

@josunect josunect

Labels
ambient Related to Istio Ambient Mesh enhancement This is the preferred way to describe new end-to-end features. test: back-end/integration PR adds/updates back-end tests (unit and/or integration)
Projects
Kiali Sprint 25-08 | Kiali v2.10
Archived in project
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@josunect @jshaughn @nrfox
0