Istio Ambient L7 telemetry

[josunect]

Describe the change

• Use reporter="waypoint" in the queries for the ns graph
• Remove edges also when hiding waypoint to prevent error

TODO:

• Response time
• Throughput

Steps to test the PR

Install istio Ambient 1.22:

1. Install Istio:
   istio/install-istio-via-istioctl.sh -c kubectl -cp ambient
2. Install Kiali
3. Install bookinfo as Ambient namespace with a Waypoint proxy:
   istio/install-bookinfo-demo.sh -c kubectl -ai false -tg -w true

Automation testing

• Backend unit tests has been updated
• Update e2e tests once [CI] Ambient Tests Workflow  #7294 is merged

Issue reference

Fixes #7344

[josunect]

It would be better for the Telemetry to check if the namespace is Ambient, and just prepare the query for Ambient. But, what if this is applied to just the pod?

• Some queries are done for namespace?
• A namespace can be Ambient, but a pod can override the Ambient config.
• A namespace can be Ambient and with Sidecars, Sidecars will have preference.
• Many checks -> Might affect performance?

[jshaughn]

Hi @josunect , I'm using Istio 1.22.0 and the test setup didn't quite work for me. I performed "install bookinfo as Ambient namespace with a Waypoint proxy:
> istio/install-bookinfo-demo.sh -c kubectl -ai false -tg -w true

and it installed a waypoint but none of the bookinfo traffic generated L7 metrics. I think the command in the hackscript needs to include the --enroll-namespace arg:
> istioctl x waypoint apply --enroll-namespace --wait --namespace bookinfo

After this I did get some waypoint telemetry, but only for the traffic involving productpage, for for the traffic between the reviews and ratings services. Productpage does have a virtual service (L7 feature), I'm not sure if that has something to do with it. Anyway, your graph shows that http traffic, so I'm not sure what you did differently.

Actually, I just had a convo on the #ambient slack channel and it seems like a mystery. I'll try again tomorrow... Were you using minikube?

It would be better for the Telemetry to check if the namespace is Ambient, and just prepare the query for Ambient. But, what if this is applied to just the pod?

Originally, I too thought we would be able to make this sort of optimization. But because of the design flexibility that you mention above, I don't think it's possible. I think it's only possible if maybe Kiali is told that the mesh is "ambient only", or something like that, and then we can assume that we don't have any sidecar telem.

[josunect]

Hi @josunect , I'm using Istio 1.22.0 and the test setup didn't quite work for me. I performed "install bookinfo as Ambient namespace with a Waypoint proxy: > istio/install-bookinfo-demo.sh -c kubectl -ai false -tg -w true

and it installed a waypoint but none of the bookinfo traffic generated L7 metrics. I think the command in the hackscript needs to include the --enroll-namespace arg: > istioctl x waypoint apply --enroll-namespace --wait --namespace bookinfo

After this I did get some waypoint telemetry, but only for the traffic involving productpage, for for the traffic between the reviews and ratings services. Productpage does have a virtual service (L7 feature), I'm not sure if that has something to do with it. Anyway, your graph shows that http traffic, so I'm not sure what you did differently.

Actually, I just had a convo on the #ambient slack channel and it seems like a mystery. I'll try again tomorrow... Were you using minikube?

It would be better for the Telemetry to check if the namespace is Ambient, and just prepare the query for Ambient. But, what if this is applied to just the pod?

Originally, I too thought we would be able to make this sort of optimization. But because of the design flexibility that you mention above, I don't think it's possible. I think it's only possible if maybe Kiali is told that the mesh is "ambient only", or something like that, and then we can assume that we don't have any sidecar telem.

Thanks, @jshaughn I have updated the hack script for bookinfo.
Yes, I was testing with minikube. It looks there is a traffic issue with kind? Traffic generator returns 503. This is what I see:

From the logs:
503 Service Unavailable

With kind and following the steps in https://istio.io/latest/docs/ambient/getting-started/, I have the graph:

[josunect]

@jshaughn I've done some changes in the bookinfo installation script for Ambient:

• Uses GW api gateway instead of gateway
• Installs GW API CRDs if Ambient is enabled (In previous version they were installed just for creating the waypoint proxy)
• Remove the Authorization policy (It was preventing to access the service and it is not needed by default)

(The command should be the same, install-bookinfo-demo.sh -c kubectl -ai false -tg -w true)

[jmazzitelli]

This looks good except for one thing that may or may not be correct. I don't know. Take a look at this screencast - when I hover over some of the edges, almost the entire graph goes into "focus" (graying out only small parts of the graph).

Screencast.from.2024-05-31.10-51-08.webm

This is when Waypoint proxies are displayed. When waypoints are not displayed, the focus looks correct.