How can envoy know destination.uid when report/check with mixer?

harryge00 · March 26, 2019, 2:28am

When envoy communicates with mixer, mixer needs sourceUID and DestionationUID to get source pod/destination pod’s attributes. And those attributes are necessary for other adapters like reporting to prometheus. Envoy can know sourceUID from its own metadata. But how can the envoy knows the destinationUID of its upstreams?
I have dump the config of a bookinfo’s envoy and cannot find upstreams’ metadata:

"mixer_attributes": {
             "attributes": {
              "destination.service.host": {
               "string_value": "reviews.default.svc.cluster.local"
              },
              "destination.service.uid": {
               "string_value": "istio://default/services/reviews"
              },
              "destination.service.name": {
               "string_value": "reviews"
              },
              "destination.service.namespace": {
               "string_value": "default"
              },
              "destination.service": {
               "string_value": "reviews.default.svc.cluster.local"
              }
             }
            },

The destination.service.uid:istio://default/services/reviews is different than the one mixer got, like reviews-v1-b4c984bdc-br9pz.default. And with destination.service.uid:istio://default/services/reviews, we can not distinguish different pods of the same service…

kuat · March 26, 2019, 2:57am

This works because of EDS supplied metadata on endpoints. Basically, there is an extra annotation on each endpoint xDS object that Mixer can pick up and supply as destination.uid. I’m happy to show you where the code is if you’re interested. Look at EDS dump for starters to see the metadata.

harryge00 · March 26, 2019, 3:34am

Thanks for the reply. How can I dump EDS?
From proxy:

  /: Admin home page
  /certs: print certs on machine
  /clusters: upstream cluster status
  /config_dump: dump current Envoy configs (experimental)
  /cpuprofiler: enable/disable the CPU profiler
  /healthcheck/fail: cause the server to fail health checks
  /healthcheck/ok: cause the server to pass health checks
  /help: print out list of admin commands
  /hot_restart_version: print the hot restart compatibility version
  /listeners: print listener addresses
  /logging: query/change logging levels
  /quitquitquit: exit the server
  /reset_counters: reset all counters to zero
  /runtime: print runtime values
  /runtime_modify: modify runtime values
  /server_info: print server version/status information
  /stats: print server stats
  /stats/prometheus: print server stats in prometheus format

From pilot-discovery debug/edsz, only endpoints with IP and ports…

kuat · March 26, 2019, 4:24am

That’s right, Envoy does not support EDS dump yet, unfortunately…

There might be a way to simulate EDS request to Pilot. The code that inserts the metadata is this https://github.com/istio/istio/blob/bdfa2a157df8d0fdb84c0c8b6775d06256899752/pilot/pkg/proxy/envoy/v2/eds.go#L152:6

Topic		Replies	Views
Envoy and mixer	3	422	September 18, 2019
How come each proxy know where and how to access istio-policy? Policies and Telemetry	4	536	January 25, 2019
How do I know if the virtual service I have applied has been reconciled by Istiod?	0	255	February 1, 2023
Envoy config sync strategy Contributors	0	545	July 2, 2021
Monitoring Envoy with DataDog Autodiscovery	10	3817	September 7, 2023

How can envoy know destination.uid when report/check with mixer?

Related Topics