Envoy
Envoy Application Stack
Envoy SCALE AppStack is toolkit and CI/CD workflow to develop, build and deploy Envoy based proxy service and produce deployment-ready containers for the SCALE environment.
The containers produced in this application stack share common requirements with other application stacks deployed to the SCALE environment. These shared requirements include:
- Security scanning for any vulnerabilities
- Staging of the application container in the appropriate Docker container repositories and tagged according to SCALE conventions
- Completion of Unit Testing
- Gated approvals before allowing deployments into pre-production and production environments
- Audit trail and history of deployment within the SCALE CI/CD Pipeline
The flow of deployment includes first a Continuous Integration stage of processing in a pipeline prior to deployment in the Continuous Deployment stages. The Continuous Integration stage focuses on building the application, running scans to check for test coverage and security vulnerabilities, and staging the container in the appropriate Docker repository ready for deployment. Subsequent pipeline stages deploy the application to the appropriate target Kubernetes spaces.
For details on getting started, see getting started.
Repository Directory Structure
devexp-envoy directory holds all the templates, variables, manifests & configuration files
- config/envoy.yaml - This is the configuration file for envoy service
- templates - Holds up chart.yaml, route.yaml and deployment related values/variables setup files
Also at the top of the repository is a file called azure-pipelines.yml. This file contains reference to the appropriate version of the CI/CD pipeline logic, some variables unique to the application (e.g. container version) as well as YAML data structures providing key information about the environments into which to deploy the application and the sequence of events to complete the deployment (e.g. dependencies, additional steps to retrieve secrets to be passed to the deployed container, etc).
Additional items in this repository will generally not be modified and should not be changed to avoid risk of breaking the pipeline workflows.
For details on application configuration, see application configuration.
For details on CI/CD pipelines, see CI/CD pipelines.
For details on upgrading to Pipeline v4.7, see upgrading to Pipeline v4.7.
For details on pipeline definition, see pipeline definition.
Application-Specific Pipeline Configuration
The extends YAML object is a complex object consisting of additional YAML objects. This object is used to extend the pipeline logic (referenced by the repository defined in the resources object) by (a) referencing the correct appstack pipeline entry point and (b) passing a set of YAML objects as parameters to influence the behavior of the pipeline to meet an application teams specific needs.
The extends YAML object consists of 2 objects beneath it:
- template
- parameters
The template YAML object is a single value set to the initial entry point for the v4.7 pipeline for the envoy appstack, so it should always be defined as follows:
extends:
template: devops/envoy.yml@spaces
Please refer to upgrade document to know more about envoy.yml@templates which holds required metadata for the pipeline.
The parameters YAML object is defined immediately following the template object and at the same indentation level. This is the object that requires the most attention and definition to be set up. The parameters YAML object includes multiple parameters which can be used to configure CI/CD pipeline. Primarily this object contains parameters used for application builds. A typical setting in here would be to define appVersion used to build the application, looking like the following (including all of the extends object preceding it):
extends:
template: devops/envoy.yml@spaces
parameters:
appVersion: 4.7.x
For details on defining hostspaces, see defining hostspaces.
For details on skipping deployments, see skipping deployments.
How to update Envoy version
Update builderImage version property in azure-pipelines.yaml file for the variable extends/envoy/baseImgage
- baseImage - Source image to be pulled from Artifactory or docker-hub
extends:
template: devops/envoy.yml@spaces
parameters:
appVersion: 4.7.1
envoy:
baseImage: 'envoyproxy/envoy:v1.33-latest'
Logging
Envoy AppStack is pre-configured for splunk log aggregation. Envoy Stdout and access log is tagged with app_log and common_log source type.
Refer: chart-dir/templates/deployment.yaml
metadata:
annotations:
collectord.io/index: "app" #Three letter app code
collectord.io/logs-source: "/var/log/Envoy.out"
collectord.io/logs-type: "app_log"
collectord.io/logs-extraction: '^\[(?P<timestamp>[^\]]+)\].+$'
collectord.io/logs-timestampfield: timestamp
collectord.io/logs-timestampformat: '2019-06-03 05:41:49.598'
collectord.io/logs-eventpattern: '^\['
collectord.io/volume.1-logs-name: 'logs'
collectord.io/volume.1-logs-index: "app" #Three letter app code
collectord.io/volume.1-logs-type: 'access_common'
spec:
template:
spec:
volumes:
- name: logs
emptyDir: {}
containers:
- name: "chart-name"
env:
- name: ACCESS_LOG
value: /var/log/access
volumeMounts:
- name: logs
mountPath: /var/log/access
Refer: application.yaml for log pattern
server:
tomcat:
accesslog:
directory: '${ACCESS_LOG::/tmp/access}'
enabled: true
rotate: false
logging:
pattern:
console: '[%date{ISO8601}] logLevel=%level pid=${PID:-} thread=%thread class=%logger{40} message="%msg"%n'
Update envoy configuration file
As part of SCALE pipeline releases, we keep update base images that we provide for each application stack. Each newer version of base image may have latest configurations supported. Post upgrade, please refer Configuration Details, compare and update newer configurations into your repository.
For details on Horizontal Pod Autoscaler, see Horizontal Pod Autoscaler.
For details on PVC for application stacks, see PVC for application stacks.
For details on Pod Anti-Affinity, see Pod Anti-Affinity.
For details on detailed pipeline configuration, see detailed pipeline configuration.
For details on Kubernetes deployment objects, see Kubernetes deployment objects.
For details on troubleshooting, see troubleshooting.