Post Installation Actions
After successfully installing TIS Plus, follow these post-installation actions to optimal configuration and functionality.
Update Istio MeshConfig
This is required if you choose not to enable TIS Plus to automatically configure TIS Plus EnvoyFilter in proxies at installation. You then need to manually update the MeshConfig so proxies will send access logs and traces data to TIS Plus control plane.
Following is example of Istio MeshConfig Helm values where proxy will send access logs and traces to TIS Plus.
Make sure to merge TIS Plus MeshConfig with your existing one properly line by line.
cat <<EOF > cluster-1-telemetry.yaml
global:
meshID: mesh1
multiCluster:
clusterName: Kubernetes
network: ""
meshConfig:
defaultConfig:
envoyMetricsService:
address: "oap.tis-plus-system.svc:11800"
tlsSettings:
mode: DISABLE
tcpKeepalive:
probes: 3
time: 10s
interval: 10s
tracing:
sampling: 1
zipkin:
address: "zipkin.tis-plus-system.svc.cluster.local:9411"
defaultProviders:
tracing:
- tetrate-oap
accessLogging:
- envoy
- tetrate-http-oap-als
- tetrate-tcp-oap-als
extensionProviders:
- name: tetrate-oap
zipkin:
service: zipkin.tis-plus-system.svc.cluster.local
port: 9411
- name: tetrate-http-oap-als
envoyHttpAls:
service: oap.tis-plus-system.svc.cluster.local
port: 11800
- name: tetrate-tcp-oap-als
envoyTcpAls:
service: oap.tis-plus-system.svc.cluster.local
port: 11800
enableTracing: true
accessLogFile: /dev/stdout
enableEnvoyAccessLogService: true
pilot:
env:
PILOT_ENABLE_WORKLOAD_ENTRY_AUTOREGISTRATION: true
PILOT_ENABLE_WORKLOAD_ENTRY_HEALTHCHECKS: true
EOF
Then update your Istio installation with new Helm values.
There can only one active tracing endpoints in Istio. If you already use other tracing solutions you need to replace it with TIS Plus or enable multi endpoints tracing using otel-collector.
Check Discovery Selector Field
This is required so Istiod will propagate access logs and tracing configurations to all proxies.
Verify the discovery selector field in the existing Istiod:
kubectl get istiooperator -n istio-system -o jsonpath='{.items[0].spec.meshConfig.discoverySelectors}'
If necessary, label the tis-plus-system namespace:
kubectl label namespace tis-plus-system istio-discovery=enabled
Create a Telemetry Object
This is OPTIONAL if you want to control the sampling percentage granularly for the providers that are defined in the meshConfig above. The EnvoyFilter that TIS Plus created configures the sink and sets the random sampling percentage to 1% by default.
The Telemetry object will not be able to override the default sampling percentage if the provider is not specified in the meshConfig. Istio has a limitation that requires a provider to be configured before the telemetry object will take effect.
If you want to configure a custom sampling percentage, you will have to resort to editing the Istio meshConfig and adding the providers. By default, Tetrate OAP is set as the provider with 1% sampling.
As an example, to set the randomSamplingPercentage to 25% on the tetrate-oap provider, the following can be used.
Create a telemetry object in Istio's root namespace to configure random sampling for the mesh
cat <<EOF > cluster-1-telemetry.yaml
apiVersion: telemetry.istio.io/v1alpha1
kind: Telemetry
metadata:
name: otel-demo
namespace: istio-system
spec:
tracing:
- providers:
- name: tetrate-oap
randomSamplingPercentage: 25
EOF
Apply the Telemetry setting:
kubectl -n istio-system -f cluster-1-telemetry.yaml
- We enforce specific maximum values for sampling percentage. Please consult the documentation for allowed values.
- When set to 1%, it samples 1% of total traffic, irrespective of error codes. For example, out of 100 errors, it will pick only one error (e.g., 5xx code).
Troubleshooting
If you encounter issues during the post-installation actions, try the following troubleshooting steps:
-
Telemetry Object Not Applied
Verify that the telemetry object was created successfully:
kubectl get telemetry -n istio-system
If not present, check for any error messages when applying the YAML file.
-
MeshConfig Not Updated
Confirm that the MeshConfig was updated correctly:
kubectl get configmap istio -n istio-system -o yaml
Look for the changes you applied in the output.
-
Discovery Selector Issues
If Istiod is not propagating configurations, double-check the label on the tis-plus-system namespace:
kubectl get namespace tis-plus-system --show-labels
-
Tracing or Access Logging Not Working
Verify that the Envoy proxies have the correct configuration:
istioctl proxy-config bootstrap <pod-name>.<namespace>
Look for the tracing and access logging configurations in the output.
If you continue to experience issues after trying these troubleshooting steps, please consult the TIS Plus documentation or contact Tetrate support for further assistance.
Next Steps
By completing these post-installation actions, you ensure that your TIS Plus installation is properly configured and ready for use. If you encounter any issues or have questions, please consult the TIS Plus documentation or contact Tetrate support.