DataDog · amitslavin · Jul 2, 2024 · Jul 2, 2024
@@ -232,6 +232,7 @@ func InitSystemProbeConfig(cfg pkgconfigmodel.Config) {
  cfg.BindEnvAndSetDefault(join(smNS, "enable_http2_monitoring"), false)
  cfg.BindEnvAndSetDefault(join(smNS, "enable_kafka_monitoring"), false)
  cfg.BindEnvAndSetDefault(join(smNS, "tls", "istio", "enabled"), false)
+ cfg.BindEnv(join(smNS, "tls", "istio", "envoy_path"))
  cfg.BindEnv(join(smNS, "tls", "nodejs", "enabled"))
  cfg.BindEnvAndSetDefault(join(smjtNS, "enabled"), false)
  cfg.BindEnvAndSetDefault(join(smjtNS, "debug"), false)

@@ -90,6 +90,9 @@ type Config struct {
  // EnableIstioMonitoring specifies whether USM should monitor Istio traffic
  EnableIstioMonitoring bool
 
+ // EnvoyPath specifies the envoy path to be used for Istio monitoring
+ EnvoyPath string
+
  // EnableNodeJSMonitoring specifies whether USM should monitor NodeJS TLS traffic
  EnableNodeJSMonitoring bool
 
@@ -336,6 +339,7 @@ func New() *Config {
  EnableKafkaMonitoring: cfg.GetBool(join(smNS, "enable_kafka_monitoring")),
  EnableNativeTLSMonitoring: cfg.GetBool(join(smNS, "tls", "native", "enabled")),
  EnableIstioMonitoring: cfg.GetBool(join(smNS, "tls", "istio", "enabled")),
+ EnvoyPath: cfg.GetString(join(smNS, "tls", "istio", "envoy_path")),
  EnableNodeJSMonitoring: cfg.GetBool(join(smNS, "tls", "nodejs", "enabled")),
  MaxUSMConcurrentRequests: uint32(cfg.GetInt(join(smNS, "max_concurrent_requests"))),
  MaxHTTPStatsBuffered: cfg.GetInt(join(smNS, "max_http_stats_buffered")),

@@ -1286,6 +1286,33 @@ service_monitoring_config:
  })
 }
 
+func TestEnvoyPathConfig(t *testing.T) {
+ t.Run("default value", func(t *testing.T) {
+ aconfig.ResetSystemProbeConfig(t)
+ cfg := New()
+ assert.Empty(t, cfg.EnvoyPath)
+ })
+
+ t.Run("via yaml", func(t *testing.T) {
+ aconfig.ResetSystemProbeConfig(t)
+ cfg := configurationFromYAML(t, `
+service_monitoring_config:
+ tls:
+ istio:
+ envoy_path: "/test/envoy"
+`)
+ assert.EqualValues(t, "/test/envoy", cfg.EnvoyPath)
+ })
+
+ t.Run("value set through env var", func(t *testing.T) {
+ aconfig.ResetSystemProbeConfig(t)
+ t.Setenv("DD_SERVICE_MONITORING_CONFIG_TLS_ISTIO_ENVOY_PATH", "/test/envoy")
+
+ cfg := New()
+ assert.EqualValues(t, "/test/envoy", cfg.EnvoyPath)
+ })
+}
+
 func TestNodeJSMonitoring(t *testing.T) {
  t.Run("default value", func(t *testing.T) {
  aconfig.ResetSystemProbeConfig(t)

@@ -98,6 +98,7 @@ var readBufferPool = sync.Pool{
 type istioMonitor struct {
  registry *utils.FileRegistry
  procRoot string
+ envoyCmd []byte
 
  // `utils.FileRegistry` callbacks
  registerCB func(utils.FilePath) error
@@ -117,9 +118,14 @@ func newIstioMonitor(c *config.Config, mgr *manager.Manager) *istioMonitor {
  }
 
  procRoot := kernel.ProcFSRoot()
+ envoyCommand := envoyCmd
+ if c.EnvoyPath != "" {
+ envoyCommand = []byte(c.EnvoyPath)
+ }
  return &istioMonitor{
  registry: utils.NewFileRegistry("istio"),
  procRoot: procRoot,
+ envoyCmd: envoyCommand,
  done: make(chan struct{}),
 
  // Callbacks
@@ -288,11 +294,11 @@ func (m *istioMonitor) getEnvoyPath(pid uint32) string {
  }
 
  buffer = buffer[:n]
- i := bytes.Index(buffer, envoyCmd)
+ i := bytes.Index(buffer, m.envoyCmd)
  if i < 0 {
  return ""
  }
 
- executable := buffer[:i+len(envoyCmd)]
+ executable := buffer[:i+len(m.envoyCmd)]
  return string(executable)
 }
@@ -34,6 +34,18 @@ func TestGetEnvoyPath(t *testing.T) {
  })
 }
 
+func TestGetEnvoyPathWithConfig(t *testing.T) {
+ t.Setenv("DD_SERVICE_MONITORING_CONFIG_TLS_ISTIO_ENVOY_PATH", "/envoy")
+
+ _ = createFakeProcFS(t)
+ monitor := newIstioTestMonitor(t)
+
+ t.Run("an actual envoy process", func(t *testing.T) {
+ path := monitor.getEnvoyPath(uint32(4))
+ assert.Equal(t, "/usr/local/envoy", path)
+ })
+}
+
 func TestIstioSync(t *testing.T) {
  t.Run("calling sync for the first time", func(t *testing.T) {
  procRoot := createFakeProcFS(t)
@@ -160,6 +172,16 @@ func createFakeProcFS(t *testing.T) (procRoot string) {
  "--allow-unknown-static-fields" +
  "--log-format"
 
+ const envoyTestCmdline = "/usr/local/envoy" +
+ "-cetc/istio/proxy/envoy-rev.json" +
+ "--drain-time-s45" +
+ "--drain-strategyimmediate" +
+ "--local-address-ip-versionv4" +
+ "--file-flush-interval-msec1000" +
+ "--disable-hot-restart" +
+ "--allow-unknown-static-fields" +
+ "--log-format"
+
  // PID 1
  createFile(t,
  filepath.Join(procRoot, "1", "cmdline"),
@@ -186,6 +208,16 @@ func createFakeProcFS(t *testing.T) (procRoot string) {
  "",
  )
 
+ // PID 4
+ createFile(t,
+ filepath.Join(procRoot, "4", "cmdline"),
+ envoyTestCmdline,
+ )
+ createFile(t,
+ filepath.Join(procRoot, "4", "root/usr/local/envoy"),
+ "",
+ )
+
  return
 }