You are viewing a plain text version of this content. The canonical link for it is here.
Posted to notifications@skywalking.apache.org by ke...@apache.org on 2021/11/09 07:59:10 UTC
[skywalking-showcase] branch main updated: Add ALS feature,
add OAP dynamic config, fix some minor issues
This is an automated email from the ASF dual-hosted git repository.
kezhenxu94 pushed a commit to branch main
in repository https://gitbox.apache.org/repos/asf/skywalking-showcase.git
The following commit(s) were added to refs/heads/main by this push:
new 08bf6a1 Add ALS feature, add OAP dynamic config, fix some minor issues
08bf6a1 is described below
commit 08bf6a13f3806a280a9cf6468e2fa70ba38da50e
Author: kezhenxu94 <ke...@apache.org>
AuthorDate: Tue Nov 9 15:58:23 2021 +0800
Add ALS feature, add OAP dynamic config, fix some minor issues
---
Makefile | 14 ++---
deploy/platform/kubernetes/Makefile | 6 +--
.../kubernetes/feature-cluster/permissions.yaml | 6 ++-
.../kubernetes/feature-cluster/resources.yaml | 37 +++++++++++++
.../permissions.yaml | 18 ++++---
.../kubernetes/feature-single-node/resources.yaml | 42 +++++++++++++++
.../kubernetes/feature-so11y/open-telemetry.yaml | 2 +
.../kubernetes/feature-so11y/permissions.yaml | 2 +-
.../kubernetes/feature-vm/open-telemetry.yaml | 45 ----------------
.../kubernetes/feature-vm/permissions.yaml | 2 +-
.../feature-vm/{permissions.yaml => vm.yaml} | 62 +++++++++++++---------
deploy/platform/kubernetes/features.mk | 30 ++++++++++-
12 files changed, 175 insertions(+), 91 deletions(-)
diff --git a/Makefile b/Makefile
index 1278364..ebfecc3 100644
--- a/Makefile
+++ b/Makefile
@@ -22,7 +22,7 @@ services = $(wildcard services/*)
.PHONY: $(services)
$(services):
- $(MAKE) -C $@ build
+ @$(MAKE) -C $@ build
.PHONY: build
build: $(services) ## Build the services if needed (e.g.: compiling Java files, build Go binary), do nothing if no need (e.g.: Python)
@@ -33,7 +33,7 @@ docker: $(services_docker) ## Build Docker images
.PHONY: $(services_docker)
$(services_docker): %.docker.build: %
- $(MAKE) -C $< docker.build
+ @$(MAKE) -C $< docker.build
services_push = $(foreach svc,$(services),$(svc).docker.push)
.PHONY: push
@@ -41,28 +41,28 @@ push: $(services_push) ## Build and push Docker images
.PHONY: $(services_push)
$(services_push): %.docker.push: %
- $(MAKE) -C $< docker.push
+ @$(MAKE) -C $< docker.push
##@ Deploy targets
.PHONY: deploy.docker
deploy.docker: ## Deploy the showcase with Docker Compose
- $(MAKE) -C deploy/platform/docker deploy
+ @$(MAKE) -C deploy/platform/docker deploy
.PHONY: undeploy.docker
undeploy.docker: ## Undeploy the showcase from Docker Compose
- $(MAKE) -C deploy/platform/docker undeploy
+ @$(MAKE) -C deploy/platform/docker undeploy
.PHONY: redeploy.docker
redeploy.docker: undeploy.docker deploy.docker
.PHONY: deploy.kubernetes
deploy.kubernetes: ## Deploy the showcase to Kubernetes
- $(MAKE) -C deploy/platform/kubernetes deploy
+ @$(MAKE) -C deploy/platform/kubernetes deploy
.PHONY: undeploy.kubernetes
undeploy.kubernetes: ## Undeploy the showcase from Kubernetes
- $(MAKE) -C deploy/platform/kubernetes undeploy
+ @$(MAKE) -C deploy/platform/kubernetes undeploy
.PHONY: redeploy.kubernetes
redeploy.kubernetes: undeploy.kubernetes deploy.kubernetes
diff --git a/deploy/platform/kubernetes/Makefile b/deploy/platform/kubernetes/Makefile
index 8e11169..5943d47 100644
--- a/deploy/platform/kubernetes/Makefile
+++ b/deploy/platform/kubernetes/Makefile
@@ -16,8 +16,8 @@
# under the License.
#
-include Makefile.in
include ../../../Makefile.in
+include Makefile.in
features := $(subst $(comma), ,$(FEATURE_FLAGS))
features := $(foreach f,$(features),feature-$(f))
@@ -33,7 +33,7 @@ $(deploy_resources): deploy.%.resources: %
$(eval resources := $(wildcard $(shell pwd)/$</*))
@$(foreach resource, $(resources), docker run --rm -v "$(pwd)/$(resource)":/input \
$(foreach v,$(EXPORTED_VARS),-e $(v)) \
- bhgedigital/envsubst sh -c "envsubst < /input" | kubectl apply -f - ; \
+ bhgedigital/envsubst sh -c "envsubst < /input" | kubectl -n $(NAMESPACE) apply -f - ; \
)
.PHONY: deploy
@@ -50,7 +50,7 @@ $(undeploy_resources): undeploy.%.resources: %
$(eval resources := $(wildcard $(shell pwd)/$</*))
@$(foreach resource, $(resources), docker run --rm -v "$(pwd)/$(resource)":/input \
$(foreach v,$(EXPORTED_VARS),-e $(v)) \
- bhgedigital/envsubst sh -c "envsubst < /input" | kubectl delete --ignore-not-found -f - ; \
+ bhgedigital/envsubst sh -c "envsubst < /input" | kubectl -n $(NAMESPACE) delete --ignore-not-found -f - ; \
)
.PHONY: undeploy
diff --git a/deploy/platform/kubernetes/feature-cluster/permissions.yaml b/deploy/platform/kubernetes/feature-cluster/permissions.yaml
index 6d36eee..84b248b 100644
--- a/deploy/platform/kubernetes/feature-cluster/permissions.yaml
+++ b/deploy/platform/kubernetes/feature-cluster/permissions.yaml
@@ -30,6 +30,10 @@ rules:
- apiGroups: [ "" ]
resources:
- "pods" # @feature: cluster; OAP needs to read other OAP Pods information to form a cluster
+ # @feature: als; OAP needs to read Pods metadata to analyze the access logs
+ - "services" # @feature: als; OAP needs to read services metadata to analyze the access logs
+ - "endpoints" # @feature: als; OAP needs to read endpoints metadata to analyze the access logs
+ - "nodes" # @feature: als; OAP needs to read nodes metadata to analyze the access logs
verbs: [ "get", "watch", "list" ]
- apiGroups: [ "batch" ]
resources:
@@ -48,4 +52,4 @@ roleRef:
subjects:
- kind: ServiceAccount
name: skywalking-sa-cluster
- namespace: default
+ namespace: ${NAMESPACE}
diff --git a/deploy/platform/kubernetes/feature-cluster/resources.yaml b/deploy/platform/kubernetes/feature-cluster/resources.yaml
index e710cb7..0a1aeeb 100644
--- a/deploy/platform/kubernetes/feature-cluster/resources.yaml
+++ b/deploy/platform/kubernetes/feature-cluster/resources.yaml
@@ -44,6 +44,8 @@ spec:
metadata:
labels:
app: elasticsearch
+ annotations:
+ sidecar.istio.io/inject: "false"
spec:
containers:
- name: elasticsearch
@@ -58,6 +60,31 @@ spec:
---
apiVersion: v1
+data:
+ core.default.log4j-xml: |-
+ <Configuration status="WARN">
+ <Appenders>
+ <Console name="Console" target="SYSTEM_OUT">
+ <PatternLayout charset="UTF-8" pattern="%d - %c - %L [%t] %-5p %x - %m%n"/>
+ </Console>
+ </Appenders>
+ <Loggers>
+ <logger name="io.grpc.netty" level="INFO"/>
+ <logger name="org.apache.skywalking.oap.server.configuration.api" level="TRACE"/>
+ <logger name="org.apache.skywalking.oap.server.configuration.configmap" level="DEBUG"/>
+ <Root level="INFO">
+ <AppenderRef ref="Console"/>
+ </Root>
+ </Loggers>
+ </Configuration>
+kind: ConfigMap
+metadata:
+ labels:
+ app: oap
+ name: oap-config
+
+---
+apiVersion: v1
kind: Service
metadata:
name: oap
@@ -81,6 +108,8 @@ spec:
template:
metadata:
name: oap-init-job
+ annotations:
+ sidecar.istio.io/inject: "false"
spec:
serviceAccountName: skywalking-sa-cluster
restartPolicy: Never
@@ -124,6 +153,8 @@ spec:
metadata:
labels:
app: oap
+ annotations:
+ sidecar.istio.io/inject: "false"
spec:
serviceAccountName: skywalking-sa-cluster # @feature: cluster; set a service account with Pod "read" permission
initContainers:
@@ -156,6 +187,8 @@ spec:
value: "-Dmode=no-init"
- name: SW_CLUSTER
value: kubernetes # @feature: cluster; set cluster coordinator to kubernetes
+ - name: SW_CLUSTER_K8S_NAMESPACE
+ value: ${NAMESPACE}
- name: SW_CLUSTER_K8S_LABEL
value: app=oap # @feature: cluster; set label selectors to select OAP Pods as a cluster
- name: SW_HEALTH_CHECKER
@@ -170,6 +203,8 @@ spec:
value: elasticsearch:9200
- name: SW_TELEMETRY
value: prometheus # @feature: so11y; expose the metrics of self o11y through prometheus
+ - name: SW_ENVOY_METRIC_ALS_HTTP_ANALYSIS
+ value: "k8s-mesh,persistence" # @feature: als; enable mesh analyzer (k8s-mesh) to analyze ALS logs
---
apiVersion: v1
@@ -200,6 +235,8 @@ spec:
metadata:
labels:
app: rocket-bot
+ annotations:
+ sidecar.istio.io/inject: "false"
spec:
serviceAccountName: skywalking-sa-cluster
containers:
diff --git a/deploy/platform/kubernetes/feature-vm/permissions.yaml b/deploy/platform/kubernetes/feature-single-node/permissions.yaml
similarity index 67%
copy from deploy/platform/kubernetes/feature-vm/permissions.yaml
copy to deploy/platform/kubernetes/feature-single-node/permissions.yaml
index 3644f9c..e2206fb 100644
--- a/deploy/platform/kubernetes/feature-vm/permissions.yaml
+++ b/deploy/platform/kubernetes/feature-single-node/permissions.yaml
@@ -19,29 +19,33 @@
apiVersion: v1
kind: ServiceAccount
metadata:
- name: otel-sa-vm
+ name: skywalking-sa
---
kind: ClusterRole
apiVersion: rbac.authorization.k8s.io/v1
metadata:
- name: otel-role-vm
+ name: skywalking-sa-role
rules:
- apiGroups: [ "" ]
resources:
- - "pods"
+ - "pods" # @feature: als; OAP needs to read pods metadata to analyze the access logs
+ - "services" # @feature: als; OAP needs to read services metadata to analyze the access logs
+ - "endpoints" # @feature: als; OAP needs to read endpoints metadata to analyze the access logs
+ - "nodes" # @feature: als; OAP needs to read nodes metadata to analyze the access logs
+ - "configmaps"
verbs: [ "get", "watch", "list" ]
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
- name: otel-role-binding-vm
+ name: skywalking-sa-role-binding
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
- name: otel-role-vm
+ name: skywalking-sa-role
subjects:
- kind: ServiceAccount
- name: otel-sa-vm
- namespace: default
+ name: skywalking-sa
+ namespace: ${NAMESPACE}
diff --git a/deploy/platform/kubernetes/feature-single-node/resources.yaml b/deploy/platform/kubernetes/feature-single-node/resources.yaml
index 3f48173..ab061f1 100644
--- a/deploy/platform/kubernetes/feature-single-node/resources.yaml
+++ b/deploy/platform/kubernetes/feature-single-node/resources.yaml
@@ -44,6 +44,8 @@ spec:
metadata:
labels:
app: elasticsearch
+ annotations:
+ sidecar.istio.io/inject: "false"
spec:
containers:
- name: elasticsearch
@@ -58,6 +60,31 @@ spec:
---
apiVersion: v1
+data:
+ core.default.log4j-xml: |-
+ <Configuration status="WARN">
+ <Appenders>
+ <Console name="Console" target="SYSTEM_OUT">
+ <PatternLayout charset="UTF-8" pattern="%d - %c - %L [%t] %-5p %x - %m%n"/>
+ </Console>
+ </Appenders>
+ <Loggers>
+ <logger name="io.grpc.netty" level="INFO"/>
+ <logger name="org.apache.skywalking.oap.server.configuration.api" level="TRACE"/>
+ <logger name="org.apache.skywalking.oap.server.configuration.configmap" level="DEBUG"/>
+ <Root level="INFO">
+ <AppenderRef ref="Console"/>
+ </Root>
+ </Loggers>
+ </Configuration>
+kind: ConfigMap
+metadata:
+ labels:
+ app: oap
+ name: oap-config
+
+---
+apiVersion: v1
kind: Service
metadata:
name: oap
@@ -88,7 +115,10 @@ spec:
metadata:
labels:
app: oap
+ annotations:
+ sidecar.istio.io/inject: "false"
spec:
+ serviceAccountName: skywalking-sa # @feature: als; set a service account with Pods/Endpoints/Services/Nodes permissions to analyze Envoy access logs
containers:
- name: oap
image: ${SW_OAP_IMAGE}
@@ -107,6 +137,10 @@ spec:
- name: http
containerPort: 12800
env:
+ - name: SW_CLUSTER_K8S_NAMESPACE
+ value: ${NAMESPACE}
+ - name: SW_CLUSTER_K8S_LABEL
+ value: app=oap
- name: SW_HEALTH_CHECKER
value: default
- name: SW_OTEL_RECEIVER
@@ -119,6 +153,12 @@ spec:
value: elasticsearch:9200
- name: SW_TELEMETRY
value: prometheus # @feature: so11y; expose the metrics of self o11y through prometheus
+ - name: SW_ENVOY_METRIC_ALS_HTTP_ANALYSIS
+ value: "k8s-mesh,persistence" # @feature: als; enable mesh analyzer (k8s-mesh) to analyze ALS logs
+ - name: K8S_SERVICE_NAME_RULE
+ value: "${service.metadata.namespace}::${service.metadata.name}"
+ - name: SW_CONFIGURATION
+ value: k8s-configmap
---
apiVersion: v1
@@ -149,6 +189,8 @@ spec:
metadata:
labels:
app: rocket-bot
+ annotations:
+ sidecar.istio.io/inject: "false"
spec:
containers:
- name: rocket-bot
diff --git a/deploy/platform/kubernetes/feature-so11y/open-telemetry.yaml b/deploy/platform/kubernetes/feature-so11y/open-telemetry.yaml
index becafaf..8d0e1f7 100644
--- a/deploy/platform/kubernetes/feature-so11y/open-telemetry.yaml
+++ b/deploy/platform/kubernetes/feature-so11y/open-telemetry.yaml
@@ -76,6 +76,8 @@ spec:
metadata:
labels:
app: otel-so11y
+ annotations:
+ sidecar.istio.io/inject: "false"
spec:
serviceAccountName: otel-sa-so11y
containers:
diff --git a/deploy/platform/kubernetes/feature-so11y/permissions.yaml b/deploy/platform/kubernetes/feature-so11y/permissions.yaml
index aefc8f7..bfdc6e5 100644
--- a/deploy/platform/kubernetes/feature-so11y/permissions.yaml
+++ b/deploy/platform/kubernetes/feature-so11y/permissions.yaml
@@ -44,4 +44,4 @@ roleRef:
subjects:
- kind: ServiceAccount
name: otel-sa-so11y
- namespace: default
+ namespace: ${NAMESPACE}
diff --git a/deploy/platform/kubernetes/feature-vm/open-telemetry.yaml b/deploy/platform/kubernetes/feature-vm/open-telemetry.yaml
index 0f84580..154f286 100644
--- a/deploy/platform/kubernetes/feature-vm/open-telemetry.yaml
+++ b/deploy/platform/kubernetes/feature-vm/open-telemetry.yaml
@@ -16,48 +16,6 @@
# under the License.
#
-# @feature: pretend these Pods are virtual machines
-
----
-apiVersion: v1
-kind: Service
-metadata:
- name: vm
-spec:
- selector:
- app: vm
- ports:
- - protocol: TCP
- port: 9100
-
----
-apiVersion: apps/v1
-kind: Deployment
-metadata:
- name: vm-deployment
- labels:
- app: vm
-spec:
- replicas: 2
- selector:
- matchLabels:
- app: vm
- template:
- metadata:
- labels:
- app: vm
- spec:
- containers:
- - name: vm
- image: quay.io/prometheus/node-exporter:v1.2.2
- resources:
- limits:
- cpu: 100m
- memory: "128Mi"
- ports:
- - containerPort: 9100
- name: metrics
-
# @feature: vm; set OpenTelemetry config to scrape the VM metrics
---
apiVersion: v1
@@ -81,9 +39,6 @@ data:
- source_labels: [__meta_kubernetes_pod_container_name, __meta_kubernetes_pod_container_port_name]
action: keep
regex: vm;metrics # @feature: vm; reference the name of the metrics port
- - source_labels: []
- target_label: service
- replacement: vm
- source_labels: [__meta_kubernetes_pod_name]
target_label: host_name
regex: (.+)
diff --git a/deploy/platform/kubernetes/feature-vm/permissions.yaml b/deploy/platform/kubernetes/feature-vm/permissions.yaml
index 3644f9c..02fb039 100644
--- a/deploy/platform/kubernetes/feature-vm/permissions.yaml
+++ b/deploy/platform/kubernetes/feature-vm/permissions.yaml
@@ -44,4 +44,4 @@ roleRef:
subjects:
- kind: ServiceAccount
name: otel-sa-vm
- namespace: default
+ namespace: ${NAMESPACE}
diff --git a/deploy/platform/kubernetes/feature-vm/permissions.yaml b/deploy/platform/kubernetes/feature-vm/vm.yaml
similarity index 54%
copy from deploy/platform/kubernetes/feature-vm/permissions.yaml
copy to deploy/platform/kubernetes/feature-vm/vm.yaml
index 3644f9c..b7844e1 100644
--- a/deploy/platform/kubernetes/feature-vm/permissions.yaml
+++ b/deploy/platform/kubernetes/feature-vm/vm.yaml
@@ -15,33 +15,47 @@
# specific language governing permissions and limitations
# under the License.
#
----
-apiVersion: v1
-kind: ServiceAccount
-metadata:
- name: otel-sa-vm
+
+# @feature: pretend these Pods are virtual machines
---
-kind: ClusterRole
-apiVersion: rbac.authorization.k8s.io/v1
+apiVersion: v1
+kind: Service
metadata:
- name: otel-role-vm
-rules:
- - apiGroups: [ "" ]
- resources:
- - "pods"
- verbs: [ "get", "watch", "list" ]
+ name: vm
+spec:
+ selector:
+ app: vm
+ ports:
+ - protocol: TCP
+ port: 9100
---
-apiVersion: rbac.authorization.k8s.io/v1
-kind: ClusterRoleBinding
+apiVersion: apps/v1
+kind: Deployment
metadata:
- name: otel-role-binding-vm
-roleRef:
- apiGroup: rbac.authorization.k8s.io
- kind: ClusterRole
- name: otel-role-vm
-subjects:
- - kind: ServiceAccount
- name: otel-sa-vm
- namespace: default
+ name: vm-deployment
+ labels:
+ app: vm
+spec:
+ replicas: 2
+ selector:
+ matchLabels:
+ app: vm
+ template:
+ metadata:
+ labels:
+ app: vm
+ annotations:
+ sidecar.istio.io/inject: "false"
+ spec:
+ containers:
+ - name: vm
+ image: quay.io/prometheus/node-exporter:v1.2.2
+ resources:
+ limits:
+ cpu: 100m
+ memory: "128Mi"
+ ports:
+ - containerPort: 9100
+ name: metrics
diff --git a/deploy/platform/kubernetes/features.mk b/deploy/platform/kubernetes/features.mk
index d7c3482..8f3ca89 100644
--- a/deploy/platform/kubernetes/features.mk
+++ b/deploy/platform/kubernetes/features.mk
@@ -22,13 +22,39 @@
include ../../../Makefile.in
+ifeq (, $(shell which istioctl))
+ $(error "No istioctl in PATH, please make sure istioctl is available in PATH")
+endif
+
+.PHONY: istio
+istio:
+ifeq (, $(shell istioctl version | grep "control plane version"))
+ $(info Istio control plane is not installed)
+ $(eval install ?= true)
+endif
+ifeq (, $(shell istioctl version | grep "data plane version"))
+ $(info Istio dataplane plane is not installed)
+ $(eval install ?= true)
+endif
+ @if [ "$(install)" == "true" ]; then \
+ echo "No Istio is installed, installing Istio..." ; \
+ istioctl install -y --set profile=demo \
+ --set meshConfig.enableEnvoyAccessLogService=true `# @feature: als; enable Envoy access log service` \
+ --set meshConfig.defaultConfig.envoyAccessLogService.address=oap:11800 `# @feature: als; set ALS address to OAP so Envoy emits logs to OAP`; \
+ fi
+ @kubectl label namespace --overwrite $(NAMESPACE) istio-injection=enabled # @feature: als; label the namespace to allow Envoy sidecar injection
+
+.PHONY: prerequisites
+prerequisites: istio
+
feature-als:
-deploy.feature-als:
+.PHONY: deploy.feature-als
+deploy.feature-als: prerequisites
$(eval TAG := $(TAG)-agentless)
$(MAKE) deploy FEATURE_FLAGS=agent
+.PHONY: undeploy.feature-als
undeploy.feature-als:
$(eval TAG := $(TAG)-agentless)
$(MAKE) undeploy FEATURE_FLAGS=agent
-