EV-6388: L7 logging through Istio Waypoint Proxy#4769
Draft
alexh-tigera wants to merge 1 commit into
Draft
Conversation
alexh-tigera
force-pushed
the
EV-6388-capture-l7-logs-through-waypoint-proxy
branch
from
96823e4 to
7514ec0
Compare
Adds L7 logging for Gateways using the istio-waypoint GatewayClass. The istio controller now creates three static resources in the Istio root namespace (calico-system) and Istio's deployment controller applies them as class-level defaults to all waypoints cluster-wide: - tigera-waypoint-l7-defaults ConfigMap injects the l7-collector sidecar (with --mode=waypoint on the existing ComponentL7Collector image) and the shared emptyDir + Felix CSI volumes into every waypoint pod. - tigera-waypoint-l7-als EnvoyFilter enables gRPC ALS on main_internal. - tigera-waypoint-l7-srcport EnvoyFilter captures the Forwarded header on connect_terminate and propagates the client IP as filter state. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
alexh-tigera
force-pushed
the
EV-6388-capture-l7-logs-through-waypoint-proxy
branch
from
739a32a to
17c75c9
Compare
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Adds L7 logging for every Gateway that uses the istio-waypoint GatewayClass. The istio controller now creates three static resources in the Istio root namespace (calico-system) and Istio's deployment controller applies them as class-level defaults to all waypoints cluster-wide:
A small typed EnvoyFilter struct is introduced so the component handler (which casts to metav1.ObjectMetaAccessor) can manage the resources without taking on the networking.istio.io client-go dependency.
Description
Release Note
For PR author
make gen-filesmake gen-versionsFor PR reviewers
A note for code reviewers - all pull requests must have the following:
kind/bugif this is a bugfix.kind/enhancementif this is a a new feature.enterpriseif this PR applies to Calico Enterprise only.