Access logs through TCP (ex. ELK)

[jakubdyszkiewicz]

Summary

This PR introduces logging through TCP via gRPC service.

There is no native support for TCP logging in Envoy, so it has to be done through gRPC service. This gRPC Service is embedded in Kuma DP. At first, I started this service at random port, then pushed this port through Envoy metadata, read in Control Plane and set the gRPC logging service destination on this port. Then I realized this can be done through UNIX socket and convention, which simplifies the codes.

StreamAccessLogs service defines streaming HTTPAccessLogEntries and TCPAccessLogEntries but with the newest released Envoy version, only the first one is implemented, but it contains data even for L4. Support for TCPAccessLogEntries is merged, so it will be included in the next version of Envoy.

This can be used to log for ELK stack in following way.

1. Mesh definition

name: default
type: Mesh
mtls:
  ca:
    builtin: {}
  enabled: true
tracing: {}
logging:
  backends:
  - name: file-tmp
    format: |
      {
          "destination": "%UPSTREAM_CLUSTER%",
          "destinationAddress": "%UPSTREAM_LOCAL_ADDRESS%",
          "source": "%KUMA_DOWNSTREAM_CLUSTER%",
          "sourceAddress": "%DOWNSTREAM_REMOTE_ADDRESS%",
          "bytesReceived": "%BYTES_RECEIVED%",
          "bytesSent": "%BYTES_SENT%"
      }
    tcp:
      address: 127.0.0.1:5000

It seems that information about TLS is always empty, even with mTLS enabled. I need to investigate it further, maybe it's a bug in Envoy. The source of traffic is known, because we place this at the dataplane outbound interface so we can expose it with custom placeholder %KUMA_DOWNSTREAM_CLUSTER%

2. Start ELK stack
   https://github.com/deviantony/docker-elk
   before starting configure logstash to receive json logs codec => json

❯❯❯ cat logstash/pipeline/logstash.conf
input {
	tcp {
		port => 5000
        codec => json
	}
}

## Add your filters / logstash plugins configuration here

output {
	elasticsearch {
		hosts => "elasticsearch:9200"
		user => "elastic"
		password => "changeme"
	}
}

Add the index

curl -XPOST -D- 'http://localhost:5601/api/saved_objects/index-pattern'     -H 'Content-Type: application/json'     -H 'kbn-version: 7.3.1'     -u elastic:changeme     -d '{"attributes":{"title":"logstash-*","timeFieldName":"@timestamp"}}'

3. Start the traffic, check logs
   

Tests for dp server are missing for now since I wanted to get feedback on this first.

[yskopets]

I think, usage of GoogleGrpc is not mandatory in this case (unlike with mTLS).

Although, I don't know what are the downsides to using it