Skip to content

Commit

Permalink
Merge branch 'main' into ja/docs/index
Browse files Browse the repository at this point in the history
  • Loading branch information
Yoshi Yamaguchi authored Jun 7, 2024
2 parents 8fe184e + 88a3629 commit d968ac8
Show file tree
Hide file tree
Showing 64 changed files with 549 additions and 53 deletions.
Original file line number Diff line number Diff line change
@@ -1,8 +1,8 @@
---
title:
Security vulnerability in confighttp and configgrpc in the OpenTelemetry
Collector (CVE-2024-36129)
linkTitle: Security vulnerability in confighttp and configgrpc
Security vulnerability in OTel Collector confighttp and configgrpc
(CVE-2024-36129)
linkTitle: Collector vulnerability CVE-2024-36129
date: 2024-06-05
author:
'[Juraci Paixão Kröhling](https://github.com/jpkrohling) (OpenTelemetry,
Expand Down
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
256 changes: 256 additions & 0 deletions content/en/blog/2024/new-otel-features-envoy-istio/index.md
Original file line number Diff line number Diff line change
@@ -0,0 +1,256 @@
---
title: 'Observability at the Edge: New OTel features in Envoy and Istio'
linkTitle: New OTel features in Envoy and Istio
date: 2024-06-07
author: '[Joao Grassi](https://github.com/joaopgrassi) (Dynatrace)'
issue: 4534
sig: OpenTelemetry Specification
cSpell:ignore: bookinfo Grassi istioctl Joao productpage
---

In the dynamic world of cloud-native and distributed applications, managing
microservices effectively is critical. [Kubernetes](https://kubernetes.io/) has
become the de facto standard for container orchestration, enabling seamless
deployment, scaling, and management of containerized applications.

The distributed nature of such systems, however, adds a layer of complexity in
the form of networking for in-cluster communication. Two well-known projects,
Envoy and Istio, have emerged as the foundation for the smooth management and
operation of such complex environments.

Together, these technologies empower organizations to build scalable, resilient,
and secure distributed systems.

[Istio](https://istio.io/) is a service mesh, that orchestrates communication
between microservices, providing features such as traffic management, security
and, of course observability. Istio uses the Envoy proxy as its data plane.
[Envoy](https://www.envoyproxy.io/) is a high-performance proxy, designed for
single applications/services as well as a communication bus and "universal data
plane" for service meshes.

[Envoy](https://www.cncf.io/projects/envoy/) and
[Istio](https://www.cncf.io/projects/istio/) projects are open source and part
of the [Cloud Native Computing Foundation](https://www.cncf.io/).

## Observability in Envoy and Istio

The Envoy proxy deployed by the Istio service mesh is the perfect candidate to
ensure incoming and outgoing requests are properly traced. This approach
provides distributed traces of the entire service mesh, giving an overview on
the communication between services — even when the applications themselves are
not instrumented.

> Note: At minimum, applications must be configured to propagate the
> `traceparent` header.
Envoy offers several
[HTTP tracers](https://www.envoyproxy.io/docs/envoy/v1.29.4/api-v3/config/trace/trace)
for tracing requests, including the
[OpenTelemetry tracer](https://www.envoyproxy.io/docs/envoy/v1.29.4/api-v3/config/trace/v3/opentelemetry.proto).
[Tracers](/docs/concepts/signals/traces/#tracer) can be configured either
directly within Envoy (when using it as a standalone component) or for all Envoy
instances by using Istio.

Here is an example of how Istio and Envoy work together to trace requests:

![Distributed trace with Istio and Envoy](envoy-tracing.png)

## New OTel tracing features in Envoy and Istio

Although Envoy already had support for exporting OpenTelemetry traces using
gRPC, it lacked support for exporting using HTTP. OpenTelemetry supports both
protocols as first-class citizens. In addition, other areas such as providing
resource attributes and configurable sampling decisions were lagging behind the
stable portions of the OpenTelemetry specification.

Starting from Envoy
[1.29](https://www.envoyproxy.io/docs/envoy/latest/version_history/v1.29/v1.29)
and Istio
[1.22](https://istio.io/latest/news/releases/1.22.x/announcing-1.22/change-notes),
users have access to the new features described below.

### OTLP HTTP exporter

The
[OpenTelemetry tracer](https://www.envoyproxy.io/docs/envoy/v1.29.4/api-v3/config/trace/v3/opentelemetry.proto)
in Envoy can now be configured to export OTLP traces using HTTP. This allows it
to send telemetry to observability sinks using OTLP/HTTP, directly from Envoy
proxies.

### Resource detectors

Envoy now ships with the
[Environment Resource Detector](https://www.envoyproxy.io/docs/envoy/v1.29.4/api-v3/extensions/tracers/opentelemetry/resource_detectors/v3/environment_resource_detector.proto).
This resource detector follows the
[OTel specification](/docs/specs/otel/resource/sdk/#specifying-resource-information-via-an-environment-variable)
and allows users to further enrich the spans produced by Envoy proxies.

The [resource detector feature](https://github.com/envoyproxy/envoy/pull/29547)
not only added the environment detector, but also made it possible for any other
resource detector to be easily added with Envoy's built-in extensions feature.

### Custom samplers

Another exciting feature added to Envoy is the possibility of implementing and
configuring custom samplers. Envoy follows the
[OTel Sampler interface](/docs/specs/otel/trace/sdk/#sampler), which makes it
easy for anyone to contribute their own samplers.

Envoy ships with the
[Always On Sampler](https://www.envoyproxy.io/docs/envoy/v1.29.4/api-v3/extensions/tracers/opentelemetry/samplers/v3/always_on_sampler.proto)
which simply forwards all spans. This base implementation can be used as a
reference implementation for smarter samplers.

## Demo

It's time to see the new features in action! For this, we use the
[Istio Bookinfo application](https://istio.io/latest/docs/examples/bookinfo/),
and illustrate how to:

- Deploy in Kubernetes, with Istio as service mesh
- Export traces to [Jaeger](https://www.jaegertracing.io/) using HTTP

### Install Jaeger

First, start by installing the
[Jaeger operator](https://www.jaegertracing.io/docs/1.57/operator/):

```shell
kubectl create namespace observability
kubectl create -f https://github.com/jaegertracing/jaeger-operator/releases/download/v1.57.0/jaeger-operator.yaml -n observability
```

Then deploy Jaeger `all-in-one`:

```shell
kubectl apply -f - <<EOF
apiVersion: jaegertracing.io/v1
kind: Jaeger
metadata:
name: simplest
EOF
```

### Install and configure Istio

Next, install Istio using
[`istioctl`](https://istio.io/latest/docs/setup/install/istioctl/):

```shell
cat <<EOF | istioctl install -y -f -
apiVersion: install.istio.io/v1alpha1
kind: IstioOperator
spec:
meshConfig:
enableTracing: true
extensionProviders:
- name: otel-tracing
opentelemetry:
port: 4318
service: simplest-collector.default.svc.cluster.local
http:
path: "/v1/traces"
timeout: 5s
resource_detectors:
environment: {}
EOF
```

This installs Istio and configures the OpenTelemetry tracing provider to use the
`http` exporter over OTLP/HTTP, with the Jaeger collector as endpoint. This
configuration also enables the environment resource detector in
`resource_detectors`.

Next, we need to enable the tracer using Istio's
[Telemetry API](https://istio.io/latest/docs/tasks/observability/telemetry/):

```shell
kubectl apply -f - <<EOF
apiVersion: telemetry.istio.io/v1alpha1
kind: Telemetry
metadata:
name: otel-demo
spec:
tracing:
- providers:
- name: otel-tracing
randomSamplingPercentage: 100
EOF
```

And finally, we configure the `OTEL_RESOURCE_ATTRIBUTES` environment variable
for the Envoy proxies:

```shell
cat <<EOF | k apply -f -
apiVersion: networking.istio.io/v1beta1
kind: ProxyConfig
metadata:
name: my-proxyconfig
namespace: istio-system
spec:
concurrency: 0
environmentVariables:
OTEL_RESOURCE_ATTRIBUTES: "host.name=abc-123"
EOF
```

### Deploy the application

The final step is to deploy the bookinfo application
([bookinfo.yaml](https://raw.githubusercontent.com/istio/istio/release-1.22/samples/bookinfo/platform/kube/bookinfo.yaml)):

```shell
kubectl label namespace default istio-injection=enabled
kubectl apply -f bookinfo.yaml
```

### Test it out

To test your setup, make some requests to one of the services, for example:

```shell
kubectl exec "$(k get pod -l app=ratings -o jsonpath='{.items[0].metadata.name}')" -c ratings -- curl -sS productpage:9080/productpage | grep -o "<title>.*</title>"
```

Then you can check it out on the Jaeger UI -- you should see some traces!

![Distributed trace viewing in Jaeger](jaeger.png)

From the spans produced by Envoy you can see (in order):

1. Outgoing (egress) call from the `ratings` service to the `productpage`
service.
2. Incoming (ingress) call in the `productpage` service.
3. `host-name` resource attribute we applied using the
`OTEL_RESOURCE_ATTRIBUTES`. This attribute was picked up by the environment
resource detector and added to all spans Envoy created.

You can also see all the other downstream calls made, as all services have the
Envoy sidecar injected by Istio. You have full observability of the calls
between services, just by enabling the OTel tracer in Envoy!

## Next steps and closing

With the new features described in this post, users gain more flexibility in
exporting their traces. They can enrich their data with resource attributes and
establish the groundwork for more intelligent sampling techniques to be added in
the future.

The new features also unlock interesting use cases for other parties in the
observability space, including cloud providers and observability vendors. With
the resource detector and sampler APIs now available in Envoy, anyone can build
support for custom samplers and detectors, enhancing the usefulness of the
telemetry data generated by Envoy.

Another exciting next step for Envoy and OpenTelemetry is the adoption of the
now-stable
[HTTP semantic conventions in Envoy](https://github.com/envoyproxy/envoy/issues/30821).
This will align Envoy with all OTel SDKs that are also producing the spans
following the stable HTTP semantic conventions.

Collaborating with the Envoy and Istio community to bring more OTel features to
these projects has been a great experience. The eagerness to adopt and the
strong collaboration between OpenTelemetry and relevant CNCF projects, such as
Istio and Envoy, helps solidify OpenTelemetry's position as the de facto
standard for observability.
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
10 changes: 10 additions & 0 deletions data/ecosystem/integrations.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -228,3 +228,13 @@
docsUrl: https://docs.konghq.com/mesh/latest/guides/otel-metrics/
components: [Go]
oss: false
- name: Envoy
url: https://www.envoyproxy.io/
docsUrl: https://www.envoyproxy.io/docs/envoy/latest/start/sandboxes/opentelemetry
components: [C++]
oss: true
- name: Istio
url: https://istio.io/
docsUrl: https://istio.io/latest/docs/tasks/observability/distributed-tracing/opentelemetry/
components: [Go]
oss: true
2 changes: 1 addition & 1 deletion data/registry/instrumentation-js-amqplib.yml
Original file line number Diff line number Diff line change
Expand Up @@ -14,7 +14,7 @@ authors:
package:
name: '@opentelemetry/instrumentation-amqplib'
registry: npm
version: 0.37.0
version: 0.38.0
urls:
repo: https://github.com/open-telemetry/opentelemetry-js-contrib/tree/main/plugins/node/instrumentation-amqplib
createdAt: 2020-06-15
2 changes: 1 addition & 1 deletion data/registry/instrumentation-js-aws-lambda.yml
Original file line number Diff line number Diff line change
Expand Up @@ -15,4 +15,4 @@ createdAt: 2021-07-08
package:
name: '@opentelemetry/instrumentation-aws-lambda'
registry: npm
version: 0.41.1
version: 0.42.0
2 changes: 1 addition & 1 deletion data/registry/instrumentation-js-aws-sdk.yml
Original file line number Diff line number Diff line change
Expand Up @@ -21,4 +21,4 @@ createdAt: 2020-06-15
package:
name: '@opentelemetry/instrumentation-aws-sdk'
registry: npm
version: 0.41.0
version: 0.42.0
2 changes: 1 addition & 1 deletion data/registry/instrumentation-js-bunyan.yml
Original file line number Diff line number Diff line change
Expand Up @@ -16,4 +16,4 @@ createdAt: 2021-07-08
package:
name: '@opentelemetry/instrumentation-bunyan'
registry: npm
version: 0.38.0
version: 0.39.0
2 changes: 1 addition & 1 deletion data/registry/instrumentation-js-cassandra-driver.yml
Original file line number Diff line number Diff line change
Expand Up @@ -16,4 +16,4 @@ createdAt: 2021-07-08
package:
name: '@opentelemetry/instrumentation-cassandra-driver'
registry: npm
version: 0.38.0
version: 0.39.0
2 changes: 1 addition & 1 deletion data/registry/instrumentation-js-cassandra.yml
Original file line number Diff line number Diff line change
Expand Up @@ -17,4 +17,4 @@ createdAt: 2021-07-08
package:
registry: npm
name: '@opentelemetry/instrumentation-cassandra-driver'
version: 0.38.0
version: 0.39.0
2 changes: 1 addition & 1 deletion data/registry/instrumentation-js-connect.yml
Original file line number Diff line number Diff line change
Expand Up @@ -14,4 +14,4 @@ createdAt: 2020-11-09
package:
name: '@opentelemetry/instrumentation-connect'
registry: npm
version: 0.36.1
version: 0.37.0
2 changes: 1 addition & 1 deletion data/registry/instrumentation-js-cucumber.yml
Original file line number Diff line number Diff line change
Expand Up @@ -17,4 +17,4 @@ createdAt: 2022-10-27
package:
registry: npm
name: '@opentelemetry/instrumentation-cucumber'
version: 0.6.0
version: 0.7.0
2 changes: 1 addition & 1 deletion data/registry/instrumentation-js-dataloader.yml
Original file line number Diff line number Diff line change
Expand Up @@ -15,4 +15,4 @@ createdAt: 2022-10-27
package:
registry: npm
name: '@opentelemetry/instrumentation-dataloader'
version: 0.9.0
version: 0.10.0
2 changes: 1 addition & 1 deletion data/registry/instrumentation-js-dns.yml
Original file line number Diff line number Diff line change
Expand Up @@ -14,4 +14,4 @@ createdAt: 2020-11-09
package:
registry: npm
name: '@opentelemetry/instrumentation-dns'
version: 0.36.1
version: 0.37.0
2 changes: 1 addition & 1 deletion data/registry/instrumentation-js-document-load.yml
Original file line number Diff line number Diff line change
Expand Up @@ -14,4 +14,4 @@ createdAt: 2020-11-09
package:
registry: npm
name: '@opentelemetry/instrumentation-document-load'
version: 0.38.0
version: 0.39.0
2 changes: 1 addition & 1 deletion data/registry/instrumentation-js-express.yml
Original file line number Diff line number Diff line change
Expand Up @@ -14,4 +14,4 @@ createdAt: 2020-11-09
package:
registry: npm
name: '@opentelemetry/instrumentation-express'
version: 0.39.0
version: 0.40.0
2 changes: 1 addition & 1 deletion data/registry/instrumentation-js-fastify.yml
Original file line number Diff line number Diff line change
Expand Up @@ -15,4 +15,4 @@ createdAt: 2020-08-28
package:
registry: npm
name: '@opentelemetry/instrumentation-fastify'
version: 0.36.1
version: 0.37.0
2 changes: 1 addition & 1 deletion data/registry/instrumentation-js-fs.yml
Original file line number Diff line number Diff line change
Expand Up @@ -15,4 +15,4 @@ createdAt: 2021-07-08
package:
registry: npm
name: '@opentelemetry/instrumentation-fs'
version: 0.12.0
version: 0.13.0
2 changes: 1 addition & 1 deletion data/registry/instrumentation-js-generic-pool.yml
Original file line number Diff line number Diff line change
Expand Up @@ -16,4 +16,4 @@ createdAt: 2020-11-09
package:
registry: npm
name: '@opentelemetry/instrumentation-generic-pool'
version: 0.36.0
version: 0.37.0
2 changes: 1 addition & 1 deletion data/registry/instrumentation-js-graphql.yml
Original file line number Diff line number Diff line change
Expand Up @@ -14,4 +14,4 @@ createdAt: 2020-11-09
package:
registry: npm
name: '@opentelemetry/instrumentation-graphql'
version: 0.40.0
version: 0.41.0
2 changes: 1 addition & 1 deletion data/registry/instrumentation-js-hapi.yml
Original file line number Diff line number Diff line change
Expand Up @@ -15,4 +15,4 @@ createdAt: 2020-11-09
package:
registry: npm
name: '@opentelemetry/instrumentation-hapi'
version: 0.38.0
version: 0.39.0
2 changes: 1 addition & 1 deletion data/registry/instrumentation-js-ioredis.yml
Original file line number Diff line number Diff line change
Expand Up @@ -15,4 +15,4 @@ createdAt: 2020-11-09
package:
registry: npm
name: '@opentelemetry/instrumentation-ioredis'
version: 0.40.0
version: 0.41.0
2 changes: 1 addition & 1 deletion data/registry/instrumentation-js-knex.yml
Original file line number Diff line number Diff line change
Expand Up @@ -17,4 +17,4 @@ createdAt: 2021-07-08
package:
registry: npm
name: '@opentelemetry/instrumentation-knex'
version: 0.36.1
version: 0.37.0
Loading

0 comments on commit d968ac8

Please sign in to comment.