mirror of https://github.com/linkerd/linkerd2.git
75d613123c
Fixes #9149 Fixes #9144 The `linkerd viz authz` command uses the metrics-api StatSummary gRPC method, the same gRPC method used by `linkerd viz stat`. This method is very complex and because it was designed for the use case of `linkerd viz stat`, it has certain limitations when it is used for `linkerd viz authz` such as #9149 and #9144. These stem from the fact that the metrics processing which happens in StatSummary is keyed off of the resource and when there are multiple metrics samples per resource (such as when there are multiple httproutes for a server, for example) this leads to key conflicts and data in maps being overwritten. Rather than trying to bend StatSummary into a use-case it was never intended for, we instead create a new gRPC endpoint called Authz specifically for the `linkerd viz authz` use-case. This method returns authz related stats for the given workload resource, with separate rows for all combinations of server/route/authz which have metrics. The updated output of `linkerd viz authz` looks like this: ```console # with default-deny, before creating policy resources > linkerd viz authz -n emojivoto po ROUTE SERVER AUTHORIZATION UNAUTHORIZED SUCCESS RPS LATENCY_P50 LATENCY_P95 LATENCY_P99 default default:deny 1.0rps 0.00% 0.0rps 0ms 0ms 0ms proxy-metrics proxy-admin authorizationpolicy/prometheus-scrape 0.0rps 100.00% 0.4rps 1ms 1ms 1ms proxy-probes proxy-admin authorizationpolicy/proxy-probes 0.0rps 100.00% 0.8rps 1ms 1ms 1ms # then, after creating policy resources > linkerd viz authz -n emojivoto po ROUTE SERVER AUTHORIZATION UNAUTHORIZED SUCCESS RPS LATENCY_P50 LATENCY_P95 LATENCY_P99 default emoji-grpc authorizationpolicy/emoji-grpc 0.0rps 100.00% 2.0rps 1ms 1ms 1ms proxy-metrics proxy-admin authorizationpolicy/prometheus-scrape 0.0rps 100.00% 0.4rps 1ms 1ms 1ms proxy-probes proxy-admin authorizationpolicy/proxy-probes 0.0rps 100.00% 0.8rps 1ms 1ms 1ms default voting-grpc authorizationpolicy/voting-grpc 0.0rps 80.00% 1.0rps 1ms 1ms 1ms default web-http authorizationpolicy/web-public 0.0rps 90.83% 2.0rps 2ms 2ms 3ms ``` Since StatSummary is no longer attempting to handle this use-case, we also simplify some of the groupBy queries that it used. Signed-off-by: Alex Leong <alex@buoyant.io> |
||
|---|---|---|
| .. | ||
| client | ||
| cmd | ||
| gen/viz | ||
| proto | ||
| util | ||
| Dockerfile | ||
| authz.go | ||
| edges.go | ||
| edges_test.go | ||
| gateways.go | ||
| grpc_server.go | ||
| grpc_server_test.go | ||
| policy.go | ||
| prometheus.go | ||
| prometheus_test.go | ||
| stat_summary.go | ||
| stat_summary_test.go | ||
| test_helper.go | ||
| top_routes.go | ||
| top_routes_test.go | ||