Istio Integration

Istio Integration

Istio is an open platform-independent service mesh that provides traffic management, policy enforcement, and telemetry collection. Istio Control Plane itself, is a modern, cloud-native application. The Istio components, such as service discovery (Pilot), configuration (Galley), and certificate generation (Citadel) were all written and deployed as separate microservices. The need for these components to communicate securely and be observable, provided opportunities for Istio to “drink its own champagne”.

Click the Setup tab for instructions on:

• Setting up your environment to send Istio metrics to Wavefront.
• Setting up your environment to send Istio traces to Wavefront.

This integration uses Prometheus to scrape Istio mesh metrics and federate them. It uses Wavefront Collector for Kubernetes to forward these metrics to Wavefront. This integration also installs the dashboards. Here’s a preview of the Istio Data Plane and Control Plane dashboards:

Istio Setup

Supported Versions:

• Istio: 1.8.0 or later.
• Wavefront Collector for Kubernetes: v1.2.0 or later.
• Prometheus: v2.21.0 or later

Note:

• For the Istio version 1.7.x or earlier, see Istio Archived.

This integration uses

• Prometheus server to scrape metrics from Istio and federate them.

• Wavefront Collector for Kubernetes to collect the federated metrics from Prometheus server and to send metrics to Wavefront. The collector can send data to Wavefront using the proxy or direct ingestion. The instructions below assume Istio is deployed in a Kubernetes environment.

Reporting Istio Metrics to Wavefront

1. Deploy the Prometheus with Federation Configuration

Step 1. Download the Prometheus yaml with the federation.

Step 2. Deploy the Prometheus server to istio-system namesapce.

kubectl create -f prometheus.yaml

2. Update the Wavefront Collector ConfigMap

If you do not already have the Wavefront Collector for Kubernetes installed on your Kubernetes cluster, please follow these instructions to add it to your cluster either via Helm or Manual Install.

Step 1. Edit the Wavefront Collector ConfigMap at runtime, and add the following snippet under Prometheus Sources.

   kubectl edit configmap wavefront-collector-config -n wavefront

Istio config:

      ##########################################################################
      # Static source to collect Istio metrics via federated Prometheus server
      ##########################################################################
      prometheus_sources:
      - url: 'http://prometheus.istio-system.svc.cluster.local:9090/federate?match[]={job=~"federate|kubernetes-pods"}'
        httpConfig:
          bearer_token_file: '/var/run/secrets/kubernetes.io/serviceaccount/token'
          tls_config:
            ca_file: '/var/run/secrets/kubernetes.io/serviceaccount/ca.crt'
            insecure_skip_verify: true

        filters:
          metricTagDenyList:
            destination_principal:
            - '*'

          metricAllowList:
          - 'istio.requests.*'
          - 'istio.request.*'   # mandatory for OOTB dashboards
          - 'istio.response.*'
          - 'istio.tcp.*'       # mandatory for OOTB dashboards
          - 'go.goroutines.value'
          - 'go.memstats.alloc.bytes.value'
          - 'go.memstats.heap.alloc.bytes.value'
          - 'go.memstats.heap.inuse.bytes.value'
          - 'go.memstats.heap.sys.bytes.value'
          - 'go.memstats.stack.inuse.bytes.value'
          - 'istio.build.value' # mandatory for OOTB dashboards
          - 'pilot.conflict.*.listener.*'
          - 'pilot.proxy.convergence.time.bucket.value'
          - 'pilot.services.value'
          - 'pilot.total.xds.internal.errors.value'
          - 'pilot.total.xds.rejects.value'
          - 'pilot.virt.services.value'
          - 'pilot.xds.*.reject.value'
          - 'pilot.xds.push.context.errors.value'
          - 'pilot.xds.pushes.value'
          - 'pilot.xds.write.timeout.value'
          - 'pilot.xds.value'
          - 'process.cpu.seconds.total.value'
          - 'process.resident.memory.bytes.value'
          - 'process.virtual.memory.bytes.value'
          - 'citadel.server.*'
          - 'galley.validation.*'
          - 'sidecar.*'

Reporting Istio Traces to Wavefront

The following instructions are for reporting traces. To report metrics, use the Istio metrics setup instructions above.

Step 1. Set up Wavefront Proxy

Follow these steps to deploy a Wavefront proxy. As part of the process, uncomment the lines to enable Zipkin/Istio traces. Use a proxy version 4.35 or later.

Step 2. Set up Istio to Send Traces to Wavefront Proxy

Follow these steps to allow Istio to redirect its traces to the Wavefront proxy.

Metrics