fix: Istio tcp keepalive tweaks to make AWS NLB happy again

charts/kubezero-istio-ingress/nlb_keepalive_trial.yaml

@@ -0,0 +1,38 @@
+{{- if or (index .Values "istio-ingress" "enabled") (index .Values "istio-private-ingress" "enabled") }}
+apiVersion: networking.istio.io/v1alpha3
+kind: EnvoyFilter
+metadata:
+  name: ingressgateway-listener-tcp-keepalive
+  namespace: {{ .Release.Namespace }}
+  labels:
+{{ include "kubezero-lib.labels" . | indent 4 }}
+spec:
+  configPatches:
+  - applyTo: LISTENER
+    patch:
+      operation: MERGE
+      value:
+        socket_options:
+          # SOL_SOCKET = 1
+          # SO_KEEPALIVE = 9
+        - int_value: 1
+          level: 1
+          name: 9
+          state: STATE_PREBIND
+          # TCP_KEEPPROBES
+        - int_value: 9
+          level: 6
+          name: 6
+          state: STATE_PREBIND
+          # IPPROTO_TCP = 6
+          # TCP_KEEPIDLE = 4
+        - int_value: 120
+          level: 6
+          name: 4
+          state: STATE_PREBIND
+          # TCP_KEEPINTVL = 5
+        - int_value: 30
+          level: 6
+          name: 5
+          state: STATE_PREBIND
+{{- end }}

charts/kubezero-istio-ingress/templates/envoyfilter-keepalive-nlb.yaml

@@ -23,7 +23,7 @@ spec:
           # TCP_KEEPIDLE = 4
           - level: 6
             name: 4
-            int_value: 60
+            int_value: 120
             state: STATE_LISTENING
           # TCP_KEEPINTVL = 5
           - level: 6

charts/kubezero-istio/README.md

@@ -1,6 +1,6 @@
 # kubezero-istio
 
-![Version: 0.5.0](https://img.shields.io/badge/Version-0.5.0-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 1.9.1](https://img.shields.io/badge/AppVersion-1.9.1-informational?style=flat-square)
+![Version: 0.5.6](https://img.shields.io/badge/Version-0.5.6-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 1.9.3](https://img.shields.io/badge/AppVersion-1.9.3-informational?style=flat-square)
 
 KubeZero Umbrella Chart for Istio
 
@@ -20,8 +20,8 @@ Kubernetes: `>= 1.18.0`
 
 | Repository | Name | Version |
 |------------|------|---------|
-|  | base | 1.9.1 |
+|  | base | 1.9.3 |
-|  | istio-discovery | 1.9.1 |
+|  | istio-discovery | 1.9.3 |
 | https://zero-down-time.github.io/kubezero/ | kubezero-lib | >= 0.1.3 |
 
 ## Values
@@ -34,9 +34,8 @@ Kubernetes: `>= 1.18.0`
 | global.priorityClassName | string | `"system-cluster-critical"` |  |
 | istio-discovery.meshConfig.accessLogEncoding | string | `"JSON"` |  |
 | istio-discovery.meshConfig.accessLogFile | string | `"/dev/stdout"` |  |
-| istio-discovery.meshConfig.h2UpgradePolicy | string | `"DO_NOT_UPGRADE"` |  |
+| istio-discovery.meshConfig.tcpKeepalive.interval | string | `"60s"` |  |
-| istio-discovery.meshConfig.tcpKeepalive.interval | string | `"30s"` |  |
+| istio-discovery.meshConfig.tcpKeepalive.time | string | `"120s"` |  |
-| istio-discovery.meshConfig.tcpKeepalive.time | string | `"60s"` |  |
 | istio-discovery.pilot.autoscaleEnabled | bool | `false` |  |
 | istio-discovery.pilot.nodeSelector."node-role.kubernetes.io/master" | string | `""` |  |
 | istio-discovery.pilot.replicaCount | int | `1` |  |
@@ -51,3 +50,9 @@ Kubernetes: `>= 1.18.0`
 - https://istio.io/latest/docs/reference/config/istio.operator.v1alpha1/#IstioOperatorSpec
 - https://github.com/istio/istio/blob/master/manifests/profiles/default.yaml
 - https://istio.io/latest/docs/setup/install/standalone-operator/
+
+### Grafana
+- https://grafana.com/grafana/dashboards/7645
+- https://grafana.com/grafana/dashboards/7639
+- https://grafana.com/grafana/dashboards/7636
+- https://grafana.com/grafana/dashboards/7630

charts/kubezero-istio/values.yaml

@@ -37,3 +37,6 @@ istio-discovery:
   meshConfig:
     accessLogFile: /dev/stdout
     accessLogEncoding: 'JSON'
+    tcpKeepalive:
+      interval: 60s
+      time: 120s