Open yizhengx opened 6 months ago
@yizhengx I'm not certain if istioctl
can recognize metaprotocol properly or not. Can you directly connect to the Envoy and dump its config through its admin port?
Besides, does the Aeraki Thrift demo work in your environment?
@zhaohuabing Thanks for your reply!
does the Aeraki Thrift demo work in your environment?
Yes, that works well.
Can you directly connect to the Envoy and dump its config through its admin port?
Here's the config_dump/listeners for user-timeline-service in social-network benchmark https://logpaste.com/pEfD8Qc4 It seems that it doesn't configure metaprotocol filter for inbound traffics to port 9090.
Update: I can manually replace the tcp network filter with aeraki metaprotocol proxy for inbound traffic using the following envoy filter configuration:
apiVersion: networking.istio.io/v1alpha3
kind: EnvoyFilter
metadata:
name: fix-metaprotocol-filter
namespace: social-net # as defined in meshConfig resource.
spec:
workloadSelector:
labels:
app: user-timeline-service
configPatches:
- applyTo: NETWORK_FILTER
match:
context: SIDECAR_INBOUND # will match inbound listeners in all sidecars
listener:
portNumber: 9090
filterChain:
filter:
name: "envoy.filters.network.tcp_proxy"
patch:
operation: REPLACE
value:
name: "envoy.filters.network.meta_protocol_proxy"
typed_config: {
"@type": "type.googleapis.com/udpa.type.v1.TypedStruct",
"type_url": "type.googleapis.com/aeraki.meta_protocol_proxy.v1alpha.MetaProtocolProxy",
"value": {
"stat_prefix": "inbound|9090||",
"application_protocol": "thrift",
"route_config": {
"name": "inbound|9090||",
"routes": [
{
"route": {
"cluster": "inbound|9090||"
}
}
]
},
"codec": {
"name": "aeraki.meta_protocol.codec.thrift"
},
"meta_protocol_filters": [
{
"name": "aeraki.meta_protocol.filters.metadata_exchange"
},
{
"name": "aeraki.meta_protocol.filters.istio_stats",
"config": {
"@type": "type.googleapis.com/aeraki.meta_protocol_proxy.filters.istio_stats.v1alpha.IstioStats",
"destination_service": "user-timeline-service.social-net.svc.cluster.local"
}
},
{
"name": "aeraki.meta_protocol.filters.router"
}
],
"tracing": {
"client_sampling": {
"value": 100
},
"random_sampling": {
"value": 100
},
"overall_sampling": {
"value": 100
}
},
"access_log": [
{
"name": "envoy.access_loggers.file",
"typed_config": {
"@type": "type.googleapis.com/envoy.extensions.access_loggers.file.v3.FileAccessLog",
"path": "/dev/stdout",
"log_format": {
"text_format_source": {
"inline_string": "[%START_TIME%] %REQ(X-META-PROTOCOL-APPLICATION-PROTOCOL)% %RESPONSE_CODE% %RESPONSE_CODE_DETAILS% %CONNECTION_TERMINATION_DETAILS% \"%UPSTREAM_TRANSPORT_FAILURE_REASON%\" %BYTES_RECEIVED% %BYTES_SENT% %DURATION% \"%REQ(X-FORWARDED-FOR)%\" \"%REQ(X-REQUEST-ID)%\" %UPSTREAM_CLUSTER% %UPSTREAM_LOCAL_ADDRESS% %DOWNSTREAM_LOCAL_ADDRESS% %DOWNSTREAM_REMOTE_ADDRESS% %ROUTE_NAME%\n"
}
}
}
}
]
}
}
This serves as a workaround to recognize other layer-7 protocols, but it would be great for me to understand if I configure things wrong or any other reason that causes the root problems. Thanks for your help!
@yizhengx Aeraki would automatically create an EnvoyFilter
for inbound listeners. You can check if that EnvoyFilter
has been created or not. If not, you can further check the Aerkai log to look for the root cause.
Hi there, we're doing research on microservice and now working on deploying DeathStarBenchmark/Social-Network (using thrift RPC) on Aeraki. We just deploy Aeraki using
make demo
to install istio, aeraki and some examples. Then we deploy social-network benchmark by first labeling namespace then using helm-chart with port name as 'tcp-metaprotocol-thrift-xxx' for protocol discovery.Example user-timeline-service definition:
I checked the istioctl proxy-status which looks fine where listeners are using codec.thrift
However, the traces from the istio-proxy doesn't seem to recognize the protocol
The expected traces from aeraki thrift example looks like
Q1: Any suggestion to fix the problem? Or is there anybody using Aeraki built-in protocols to deploy their own applications?
Q2: Another point I don't understand: for mongodb service, I didn't change the port name to anything related to metaprotocol, but the 'istioctl proxy-status' shows the same output as the service like user-timeline-service I shown before.
The service definition for mongodb is the following:
Thanks! Looking forward to your support and help.