{{- if and .Values.telemetry.enabled .Values.telemetry.v2.enabled }} # Note: metadata exchange filter is wasm enabled only in sidecars. apiVersion: networking.istio.io/v1alpha3 kind: EnvoyFilter metadata: name: metadata-exchange-1.10{{- if not (eq .Values.revision "") }}-{{ .Values.revision }}{{- end }} {{- if .Values.meshConfig.rootNamespace }} namespace: {{ .Values.meshConfig.rootNamespace }} {{- else }} namespace: {{ .Release.Namespace }} {{- end }} labels: istio.io/rev: {{ .Values.revision | default "default" }} install.operator.istio.io/owning-resource: {{ .Values.ownerName | default "unknown" }} operator.istio.io/component: "Pilot" spec: configPatches: - applyTo: HTTP_FILTER match: context: SIDECAR_INBOUND proxy: proxyVersion: '^1\.10.*' listener: filterChain: filter: name: "envoy.filters.network.http_connection_manager" patch: operation: INSERT_BEFORE value: name: istio.metadata_exchange typed_config: "@type": type.googleapis.com/udpa.type.v1.TypedStruct type_url: type.googleapis.com/envoy.extensions.filters.http.wasm.v3.Wasm value: config: configuration: "@type": "type.googleapis.com/google.protobuf.StringValue" value: | {} vm_config: {{- if .Values.telemetry.v2.metadataExchange.wasmEnabled }} runtime: envoy.wasm.runtime.v8 allow_precompiled: true code: local: filename: /etc/istio/extensions/metadata-exchange-filter.compiled.wasm {{- else }} runtime: envoy.wasm.runtime.null code: local: inline_string: envoy.wasm.metadata_exchange {{- end }} - applyTo: HTTP_FILTER match: context: SIDECAR_OUTBOUND proxy: proxyVersion: '^1\.10.*' listener: filterChain: filter: name: "envoy.filters.network.http_connection_manager" patch: operation: INSERT_BEFORE value: name: istio.metadata_exchange typed_config: "@type": type.googleapis.com/udpa.type.v1.TypedStruct type_url: type.googleapis.com/envoy.extensions.filters.http.wasm.v3.Wasm value: config: configuration: "@type": "type.googleapis.com/google.protobuf.StringValue" value: | {} vm_config: {{- if .Values.telemetry.v2.metadataExchange.wasmEnabled }} runtime: envoy.wasm.runtime.v8 allow_precompiled: true code: local: filename: /etc/istio/extensions/metadata-exchange-filter.compiled.wasm {{- else }} runtime: envoy.wasm.runtime.null code: local: inline_string: envoy.wasm.metadata_exchange {{- end }} - applyTo: HTTP_FILTER match: context: GATEWAY proxy: proxyVersion: '^1\.10.*' listener: filterChain: filter: name: "envoy.filters.network.http_connection_manager" patch: operation: INSERT_BEFORE value: name: istio.metadata_exchange typed_config: "@type": type.googleapis.com/udpa.type.v1.TypedStruct type_url: type.googleapis.com/envoy.extensions.filters.http.wasm.v3.Wasm value: config: configuration: "@type": "type.googleapis.com/google.protobuf.StringValue" value: | {} vm_config: {{- if .Values.telemetry.v2.metadataExchange.wasmEnabled }} runtime: envoy.wasm.runtime.v8 allow_precompiled: true code: local: filename: /etc/istio/extensions/metadata-exchange-filter.compiled.wasm {{- else }} runtime: envoy.wasm.runtime.null code: local: inline_string: envoy.wasm.metadata_exchange {{- end }} --- apiVersion: networking.istio.io/v1alpha3 kind: EnvoyFilter metadata: name: tcp-metadata-exchange-1.10{{- if not (eq .Values.revision "") }}-{{ .Values.revision }}{{- end }} {{- if .Values.meshConfig.rootNamespace }} namespace: {{ .Values.meshConfig.rootNamespace }} {{- else }} namespace: {{ .Release.Namespace }} {{- end }} labels: istio.io/rev: {{ .Values.revision | default "default" }} spec: configPatches: - applyTo: NETWORK_FILTER match: context: SIDECAR_INBOUND proxy: proxyVersion: '^1\.10.*' listener: {} patch: operation: INSERT_BEFORE value: name: istio.metadata_exchange typed_config: "@type": type.googleapis.com/udpa.type.v1.TypedStruct type_url: type.googleapis.com/envoy.tcp.metadataexchange.config.MetadataExchange value: protocol: istio-peer-exchange - applyTo: CLUSTER match: context: SIDECAR_OUTBOUND proxy: proxyVersion: '^1\.10.*' cluster: {} patch: operation: MERGE value: filters: - name: istio.metadata_exchange typed_config: "@type": type.googleapis.com/udpa.type.v1.TypedStruct type_url: type.googleapis.com/envoy.tcp.metadataexchange.config.MetadataExchange value: protocol: istio-peer-exchange - applyTo: CLUSTER match: context: GATEWAY proxy: proxyVersion: '^1\.10.*' cluster: {} patch: operation: MERGE value: filters: - name: istio.metadata_exchange typed_config: "@type": type.googleapis.com/udpa.type.v1.TypedStruct type_url: type.googleapis.com/envoy.tcp.metadataexchange.config.MetadataExchange value: protocol: istio-peer-exchange --- # Note: http stats filter is wasm enabled only in sidecars. {{- if .Values.telemetry.v2.prometheus.enabled }} apiVersion: networking.istio.io/v1alpha3 kind: EnvoyFilter metadata: name: stats-filter-1.10{{- if not (eq .Values.revision "") }}-{{ .Values.revision }}{{- end }} {{- if .Values.meshConfig.rootNamespace }} namespace: {{ .Values.meshConfig.rootNamespace }} {{- else }} namespace: {{ .Release.Namespace }} {{- end }} labels: istio.io/rev: {{ .Values.revision | default "default" }} spec: configPatches: - applyTo: HTTP_FILTER match: context: SIDECAR_OUTBOUND proxy: proxyVersion: '^1\.10.*' listener: filterChain: filter: name: "envoy.filters.network.http_connection_manager" subFilter: name: "envoy.filters.http.router" patch: operation: INSERT_BEFORE value: name: istio.stats typed_config: "@type": type.googleapis.com/udpa.type.v1.TypedStruct type_url: type.googleapis.com/envoy.extensions.filters.http.wasm.v3.Wasm value: config: root_id: stats_outbound configuration: "@type": "type.googleapis.com/google.protobuf.StringValue" value: | {{- if not .Values.telemetry.v2.prometheus.configOverride.outboundSidecar }} { "debug": "false", "stat_prefix": "istio" } {{- else }} {{ toJson .Values.telemetry.v2.prometheus.configOverride.outboundSidecar | indent 18 }} {{- end }} vm_config: vm_id: stats_outbound {{- if .Values.telemetry.v2.prometheus.wasmEnabled }} runtime: envoy.wasm.runtime.v8 allow_precompiled: true code: local: filename: /etc/istio/extensions/stats-filter.compiled.wasm {{- else }} runtime: envoy.wasm.runtime.null code: local: inline_string: envoy.wasm.stats {{- end }} - applyTo: HTTP_FILTER match: context: SIDECAR_INBOUND proxy: proxyVersion: '^1\.10.*' listener: filterChain: filter: name: "envoy.filters.network.http_connection_manager" subFilter: name: "envoy.filters.http.router" patch: operation: INSERT_BEFORE value: name: istio.stats typed_config: "@type": type.googleapis.com/udpa.type.v1.TypedStruct type_url: type.googleapis.com/envoy.extensions.filters.http.wasm.v3.Wasm value: config: root_id: stats_inbound configuration: "@type": "type.googleapis.com/google.protobuf.StringValue" value: | {{- if not .Values.telemetry.v2.prometheus.configOverride.inboundSidecar }} { "debug": "false", "stat_prefix": "istio", "metrics": [ { "dimensions": { "destination_cluster": "node.metadata['CLUSTER_ID']", "source_cluster": "downstream_peer.cluster_id" } } ] } {{- else }} {{ toJson .Values.telemetry.v2.prometheus.configOverride.inboundSidecar | indent 18 }} {{- end }} vm_config: vm_id: stats_inbound {{- if .Values.telemetry.v2.prometheus.wasmEnabled }} runtime: envoy.wasm.runtime.v8 allow_precompiled: true code: local: filename: /etc/istio/extensions/stats-filter.compiled.wasm {{- else }} runtime: envoy.wasm.runtime.null code: local: inline_string: envoy.wasm.stats {{- end }} - applyTo: HTTP_FILTER match: context: GATEWAY proxy: proxyVersion: '^1\.10.*' listener: filterChain: filter: name: "envoy.filters.network.http_connection_manager" subFilter: name: "envoy.filters.http.router" patch: operation: INSERT_BEFORE value: name: istio.stats typed_config: "@type": type.googleapis.com/udpa.type.v1.TypedStruct type_url: type.googleapis.com/envoy.extensions.filters.http.wasm.v3.Wasm value: config: root_id: stats_outbound configuration: "@type": "type.googleapis.com/google.protobuf.StringValue" value: | {{- if not .Values.telemetry.v2.prometheus.configOverride.gateway }} { "debug": "false", "stat_prefix": "istio", "disable_host_header_fallback": true } {{- else }} {{ toJson .Values.telemetry.v2.prometheus.configOverride.gateway | indent 18 }} {{- end }} vm_config: vm_id: stats_outbound {{- if .Values.telemetry.v2.prometheus.wasmEnabled }} runtime: envoy.wasm.runtime.v8 allow_precompiled: true code: local: filename: /etc/istio/extensions/stats-filter.compiled.wasm {{- else }} runtime: envoy.wasm.runtime.null code: local: inline_string: envoy.wasm.stats {{- end }} --- # Note: tcp stats filter is wasm enabled only in sidecars. apiVersion: networking.istio.io/v1alpha3 kind: EnvoyFilter metadata: name: tcp-stats-filter-1.10{{- if not (eq .Values.revision "") }}-{{ .Values.revision }}{{- end }} {{- if .Values.meshConfig.rootNamespace }} namespace: {{ .Values.meshConfig.rootNamespace }} {{- else }} namespace: {{ .Release.Namespace }} {{- end }} labels: istio.io/rev: {{ .Values.revision | default "default" }} spec: configPatches: - applyTo: NETWORK_FILTER match: context: SIDECAR_INBOUND proxy: proxyVersion: '^1\.10.*' listener: filterChain: filter: name: "envoy.filters.network.tcp_proxy" patch: operation: INSERT_BEFORE value: name: istio.stats typed_config: "@type": type.googleapis.com/udpa.type.v1.TypedStruct type_url: type.googleapis.com/envoy.extensions.filters.network.wasm.v3.Wasm value: config: root_id: stats_inbound configuration: "@type": "type.googleapis.com/google.protobuf.StringValue" value: | {{- if not .Values.telemetry.v2.prometheus.configOverride.inboundSidecar }} { "debug": "false", "stat_prefix": "istio", "metrics": [ { "dimensions": { "destination_cluster": "node.metadata['CLUSTER_ID']", "source_cluster": "downstream_peer.cluster_id" } } ] } {{- else }} {{ toJson .Values.telemetry.v2.prometheus.configOverride.inboundSidecar | indent 18 }} {{- end }} vm_config: vm_id: tcp_stats_inbound {{- if .Values.telemetry.v2.prometheus.wasmEnabled }} runtime: envoy.wasm.runtime.v8 allow_precompiled: true code: local: filename: /etc/istio/extensions/stats-filter.compiled.wasm {{- else }} runtime: envoy.wasm.runtime.null code: local: inline_string: "envoy.wasm.stats" {{- end }} - applyTo: NETWORK_FILTER match: context: SIDECAR_OUTBOUND proxy: proxyVersion: '^1\.10.*' listener: filterChain: filter: name: "envoy.filters.network.tcp_proxy" patch: operation: INSERT_BEFORE value: name: istio.stats typed_config: "@type": type.googleapis.com/udpa.type.v1.TypedStruct type_url: type.googleapis.com/envoy.extensions.filters.network.wasm.v3.Wasm value: config: root_id: stats_outbound configuration: "@type": "type.googleapis.com/google.protobuf.StringValue" value: | {{- if not .Values.telemetry.v2.prometheus.configOverride.outboundSidecar }} { "debug": "false", "stat_prefix": "istio" } {{- else }} {{ toJson .Values.telemetry.v2.prometheus.configOverride.outboundSidecar | indent 18 }} {{- end }} vm_config: vm_id: tcp_stats_outbound {{- if .Values.telemetry.v2.prometheus.wasmEnabled }} runtime: envoy.wasm.runtime.v8 allow_precompiled: true code: local: filename: /etc/istio/extensions/stats-filter.compiled.wasm {{- else }} runtime: envoy.wasm.runtime.null code: local: inline_string: "envoy.wasm.stats" {{- end }} - applyTo: NETWORK_FILTER match: context: GATEWAY proxy: proxyVersion: '^1\.10.*' listener: filterChain: filter: name: "envoy.filters.network.tcp_proxy" patch: operation: INSERT_BEFORE value: name: istio.stats typed_config: "@type": type.googleapis.com/udpa.type.v1.TypedStruct type_url: type.googleapis.com/envoy.extensions.filters.network.wasm.v3.Wasm value: config: root_id: stats_outbound configuration: "@type": "type.googleapis.com/google.protobuf.StringValue" value: | {{- if not .Values.telemetry.v2.prometheus.configOverride.gateway }} { "debug": "false", "stat_prefix": "istio" } {{- else }} {{ toJson .Values.telemetry.v2.prometheus.configOverride.gateway | indent 18 }} {{- end }} vm_config: vm_id: tcp_stats_outbound {{- if .Values.telemetry.v2.prometheus.wasmEnabled }} runtime: envoy.wasm.runtime.v8 allow_precompiled: true code: local: filename: /etc/istio/extensions/stats-filter.compiled.wasm {{- else }} runtime: envoy.wasm.runtime.null code: local: inline_string: "envoy.wasm.stats" {{- end }} --- {{- end }} {{- if .Values.telemetry.v2.stackdriver.enabled }} apiVersion: networking.istio.io/v1alpha3 kind: EnvoyFilter metadata: name: stackdriver-filter-1.10{{- if not (eq .Values.revision "") }}-{{ .Values.revision }}{{- end }} {{- if .Values.meshConfig.rootNamespace }} namespace: {{ .Values.meshConfig.rootNamespace }} {{- else }} namespace: {{ .Release.Namespace }} {{- end }} labels: istio.io/rev: {{ .Values.revision | default "default" }} spec: configPatches: {{- if not .Values.telemetry.v2.stackdriver.disableOutbound }} - applyTo: HTTP_FILTER match: context: SIDECAR_OUTBOUND proxy: proxyVersion: '^1\.10.*' listener: filterChain: filter: name: "envoy.filters.network.http_connection_manager" subFilter: name: "envoy.filters.http.router" patch: operation: INSERT_BEFORE value: name: istio.stackdriver typed_config: "@type": type.googleapis.com/udpa.type.v1.TypedStruct type_url: type.googleapis.com/envoy.extensions.filters.http.wasm.v3.Wasm value: config: root_id: stackdriver_outbound configuration: "@type": "type.googleapis.com/google.protobuf.StringValue" value: | {{- if not .Values.telemetry.v2.stackdriver.configOverride }} {"access_logging": "{{ .Values.telemetry.v2.stackdriver.outboundAccessLogging }}"} {{- else }} {{ toJson .Values.telemetry.v2.stackdriver.configOverride | indent 18 }} {{- end }} vm_config: vm_id: stackdriver_outbound runtime: envoy.wasm.runtime.null code: local: { inline_string: envoy.wasm.null.stackdriver } {{- end }} - applyTo: HTTP_FILTER match: context: SIDECAR_INBOUND proxy: proxyVersion: '^1\.10.*' listener: filterChain: filter: name: "envoy.filters.network.http_connection_manager" subFilter: name: "envoy.filters.http.router" patch: operation: INSERT_BEFORE value: name: istio.stackdriver typed_config: "@type": type.googleapis.com/udpa.type.v1.TypedStruct type_url: type.googleapis.com/envoy.extensions.filters.http.wasm.v3.Wasm value: config: root_id: stackdriver_inbound configuration: "@type": "type.googleapis.com/google.protobuf.StringValue" value: | {{- if not .Values.telemetry.v2.stackdriver.configOverride }} {"disable_server_access_logging": {{ not .Values.telemetry.v2.stackdriver.logging }}, "access_logging": "{{ .Values.telemetry.v2.stackdriver.inboundAccessLogging }}", "disable_host_header_fallback": true} {{- else }} {{ toJson .Values.telemetry.v2.stackdriver.configOverride | indent 18 }} {{- end }} vm_config: vm_id: stackdriver_inbound runtime: envoy.wasm.runtime.null code: local: { inline_string: envoy.wasm.null.stackdriver } - applyTo: HTTP_FILTER match: context: GATEWAY proxy: proxyVersion: '^1\.10.*' listener: filterChain: filter: name: "envoy.filters.network.http_connection_manager" subFilter: name: "envoy.filters.http.router" patch: operation: INSERT_BEFORE value: name: istio.stackdriver typed_config: "@type": type.googleapis.com/udpa.type.v1.TypedStruct type_url: type.googleapis.com/envoy.extensions.filters.http.wasm.v3.Wasm value: config: root_id: stackdriver_outbound configuration: "@type": "type.googleapis.com/google.protobuf.StringValue" value: | {{- if not .Values.telemetry.v2.stackdriver.configOverride }} {"access_logging": "{{ .Values.telemetry.v2.stackdriver.outboundAccessLogging }}", "disable_host_header_fallback": true} {{- else }} {{ toJson .Values.telemetry.v2.stackdriver.configOverride | indent 18 }} {{- end }} vm_config: vm_id: stackdriver_outbound runtime: envoy.wasm.runtime.null code: local: { inline_string: envoy.wasm.null.stackdriver } --- apiVersion: networking.istio.io/v1alpha3 kind: EnvoyFilter metadata: name: tcp-stackdriver-filter-1.10{{- if not (eq .Values.revision "") }}-{{ .Values.revision }}{{- end }} {{- if .Values.meshConfig.rootNamespace }} namespace: {{ .Values.meshConfig.rootNamespace }} {{- else }} namespace: {{ .Release.Namespace }} {{- end }} labels: istio.io/rev: {{ .Values.revision | default "default" }} spec: configPatches: {{- if not .Values.telemetry.v2.stackdriver.disableOutbound }} - applyTo: NETWORK_FILTER match: context: SIDECAR_OUTBOUND proxy: proxyVersion: '^1\.10.*' listener: filterChain: filter: name: "envoy.filters.network.tcp_proxy" patch: operation: INSERT_BEFORE value: name: istio.stackdriver typed_config: "@type": type.googleapis.com/udpa.type.v1.TypedStruct type_url: type.googleapis.com/envoy.extensions.filters.network.wasm.v3.Wasm value: config: root_id: stackdriver_outbound configuration: "@type": "type.googleapis.com/google.protobuf.StringValue" value: | {{- if not .Values.telemetry.v2.stackdriver.configOverride }} {"access_logging": "{{ .Values.telemetry.v2.stackdriver.outboundAccessLogging }}"} {{- else }} {{ toJson .Values.telemetry.v2.stackdriver.configOverride | indent 18 }} {{- end }} vm_config: vm_id: stackdriver_outbound runtime: envoy.wasm.runtime.null code: local: { inline_string: envoy.wasm.null.stackdriver } {{- end }} - applyTo: NETWORK_FILTER match: context: SIDECAR_INBOUND proxy: proxyVersion: '^1\.10.*' listener: filterChain: filter: name: "envoy.filters.network.tcp_proxy" patch: operation: INSERT_BEFORE value: name: istio.stackdriver typed_config: "@type": type.googleapis.com/udpa.type.v1.TypedStruct type_url: type.googleapis.com/envoy.extensions.filters.network.wasm.v3.Wasm value: config: root_id: stackdriver_inbound configuration: "@type": "type.googleapis.com/google.protobuf.StringValue" value: | {{- if not .Values.telemetry.v2.stackdriver.configOverride }} {"disable_server_access_logging": {{ not .Values.telemetry.v2.stackdriver.logging }}, "access_logging": "{{ .Values.telemetry.v2.stackdriver.inboundAccessLogging }}"} {{- else }} {{ toJson .Values.telemetry.v2.stackdriver.configOverride | indent 18 }} {{- end }} vm_config: vm_id: stackdriver_inbound runtime: envoy.wasm.runtime.null code: local: { inline_string: envoy.wasm.null.stackdriver } - applyTo: NETWORK_FILTER match: context: GATEWAY proxy: proxyVersion: '^1\.10.*' listener: filterChain: filter: name: "envoy.filters.network.tcp_proxy" patch: operation: INSERT_BEFORE value: name: istio.stackdriver typed_config: "@type": type.googleapis.com/udpa.type.v1.TypedStruct type_url: type.googleapis.com/envoy.extensions.filters.network.wasm.v3.Wasm value: config: root_id: stackdriver_outbound configuration: "@type": "type.googleapis.com/google.protobuf.StringValue" value: | {{- if not .Values.telemetry.v2.stackdriver.configOverride }} {"access_logging": "{{ .Values.telemetry.v2.stackdriver.outboundAccessLogging }}"} {{- else }} {{ toJson .Values.telemetry.v2.stackdriver.configOverride | indent 18 }} {{- end }} vm_config: vm_id: stackdriver_outbound runtime: envoy.wasm.runtime.null code: local: { inline_string: envoy.wasm.null.stackdriver } --- {{- if .Values.telemetry.v2.accessLogPolicy.enabled }} apiVersion: networking.istio.io/v1alpha3 kind: EnvoyFilter metadata: name: stackdriver-sampling-accesslog-filter-1.10{{- if not (eq .Values.revision "") }}-{{ .Values.revision }}{{- end }} {{- if .Values.meshConfig.rootNamespace }} namespace: {{ .Values.meshConfig.rootNamespace }} {{- else }} namespace: {{ .Release.Namespace }} {{- end }} labels: istio.io/rev: {{ .Values.revision | default "default" }} spec: configPatches: - applyTo: HTTP_FILTER match: context: SIDECAR_INBOUND proxy: proxyVersion: '1\.10.*' listener: filterChain: filter: name: "envoy.filters.network.http_connection_manager" subFilter: name: "istio.stackdriver" patch: operation: INSERT_BEFORE value: name: istio.access_log typed_config: "@type": type.googleapis.com/udpa.type.v1.TypedStruct type_url: type.googleapis.com/envoy.extensions.filters.http.wasm.v3.Wasm value: config: configuration: "@type": "type.googleapis.com/google.protobuf.StringValue" value: | { "log_window_duration": "{{ .Values.telemetry.v2.accessLogPolicy.logWindowDuration }}" } vm_config: runtime: envoy.wasm.runtime.null code: local: { inline_string: "envoy.wasm.access_log_policy" } --- {{- end }} {{- end }} {{- end }}