Currently, we only support aws and gcp pricing (represented by --cloud). We have already generated the pricing structures for aws/gcp in /pricing, so adding azure shouldn't be that bad.

There might be some regex match stuff that needs to be added to the main cost analysis codepath, but really our locality matching logic is pretty cloud agnostic. Adding an option for azure should entail similar work within the main codepath as running the tool with --pricePath set to azure data.

Data rates: https://azure.microsoft.com/en-us/pricing/details/bandwidth/

Looks similar to GCP, looks like we can just modify the gcp_rate_converter.go script to match azure localities.

istio-cost-analyzer setup didn't work on AKS after ran go install github.com/tetratelabs/istio-cost-analyzer@latest

Document the scripts in pricing/gcp and pricing/aws, both in comments and in directory-level READMEs. These scripts fetch/derive rate information.

They are also very linear in the way the code is written - there's no abstraction/nuance. This is probably fine for scripts, but it might be helpful to at least break these into functions.

We should allow cost analysis over a time range.

https://prometheus.io/docs/prometheus/latest/querying/api/#range-queries

We currently require the user to insert some custom prometheus config to their Operator config (in README.md).

We should take care of this automatically in the setup command, and let the user specify which Istio Operator they want to edit with two flags: --operatorName & --operatorNamespace.

Environment

• Kubernetes 1.26.5
• Istio 1.18.2
• GKE

Set up istio-cost-analyzer on Istio 1.18.2 and deployed the Bookinfo sample applicaiton, kept requesting the productpage service, but got no result:

$ istio-cost-analyzer analyze
found cloud: GCP
using pricing file: https://raw.githubusercontent.com/tetratelabs/istio-cost-analyzer/master/pricing/gcp/gcp_pricing.json
Waiting for prometheus to be ready...
Prometheus is ready! (Code: 200)
EFNcalculating egress costs for 0 call links

Total: -

SOURCE SERVICE  SOURCE LOCALITY COST

We have no tests. Should add them for:

• cost.go -> calculating cost on different call scenarios
• kube.go -> node logic & helper functions
• call.go -> print table logic

Hello, is it OK to send over a Makefile PR similar to: https://github.com/tetratelabs/istio-security-analyzer/pull/2 to this project?

Thank you!

automatic operator config setup/destruction was recently added, this needs to be documented both in README.md and in comments.

since we support analysis across multiple namespace, there might be service name conflicts. so, we must add a namespace column to further describe each entry.

should be as simple as taking the labels destination_namespace and namespace from the prom metric.

we should push the mutating webhook images to docker every release and add automatic tests/lint on PR creation.

Instead of needing to add the destination_pod label to all the deployments and to the operator (as seen in the readme), we should create an injector to automatically provide this configuration.

Instead of using Continent-Region-Zone hierarchies in our JSON, we should use flat zone<->zone mappings.

Something like:

{
    "us-west1-b": {
        "us-west1-c": 0.05
        ...
    }
}

Right now, we require the user clones the istio-cost-analyzer and run go install to actually run the analyzer. We should instead have a streamlined way of downloading/running this.

We should use something like https://goreleaser.com/ (courtesy of @jcchavezs)

We don't use SubZone, and Region can be inferred from zone. We should just use a string.

Currently, we use tables that look like this:

Total: <$0.01

  SOURCE WORKLOAD | SOURCE LOCALITY |  COST   
------------------+-----------------+---------
  productpage-v1  | us-west1-b      | <$0.01  
  reviews-v2      | us-west1-b      | -       
  reviews-v3      | us-west1-b      | -   

We should use tables that look like the kubectl output, like (from kubectl get pods):

NAME                            READY   STATUS    RESTARTS   AGE
details-v1-777558dcb7-d89wt     2/2     Running   0          17d
productpage-v1-54d9bb5c-rmvg7   2/2     Running   0          17d
ratings-v1-5d95594b9f-8kjxh     2/2     Running   0          17d
reviews-v1-84c6f45fd5-dw974     2/2     Running   0          17d
reviews-v2-f5d4f955f-j9wft      2/2     Running   0          17d
reviews-v3-589dbbf77-2ljgm      2/2     Running   0          17d

We kind of just scatter fmt.Printf or log.Printf everywhere, we should probably use something like logrus so we can utilize scopes.

We should have a normal output mode (no flags) and a verbose output mode (-v). The normal output mode is the baseline, while verbose mode should have debug info.

Normal:

Waiting for prometheus to be ready...
Prometheus is ready! (Code: 200)
Total: -

SOURCE WORKLOAD	SOURCE LOCALITY	DESTINATION WORKLOAD	DESTINATION LOCALITY	TRANSFERRED (MB)	COST 
productpage-v1 	us-west1-c     	details-v1          	us-west1-c          	1.070870        	-   	
productpage-v1 	us-west1-b     	reviews-v1          	us-west1-b          	0.356600        	-   	
productpage-v1 	us-west1-b     	reviews-v2          	us-west1-b          	0.355875        	-   	
productpage-v1 	us-west1-b     	reviews-v3          	us-west1-b          	0.356490        	-   

Verbose:

Waiting for prometheus to be ready...
Prometheus is ready! (Code: 200)
Total: -

us-west1-b(productpage-v1) -> us-west1-c(details-v1): 1070870  |  link 0 / 4
<other debug runtime info>

SOURCE WORKLOAD	SOURCE LOCALITY	DESTINATION WORKLOAD	DESTINATION LOCALITY	TRANSFERRED (MB)	COST 
productpage-v1 	us-west1-c     	details-v1          	us-west1-c          	1.070870        	-   	
productpage-v1 	us-west1-b     	reviews-v1          	us-west1-b          	0.356600        	-   	
productpage-v1 	us-west1-b     	reviews-v2          	us-west1-b          	0.355875        	-   	
productpage-v1 	us-west1-b     	reviews-v3          	us-west1-b          	0.356490        	-   

The goal is that users can run the tool with -v when they have issues and can possibly get insight into them, maybe making it part of the repository issue template.

the easy way to do this is to just add the gateway option to the operator configOverride, but there's some upstream/downstream_peer semantics to be worked out. Right now, cost doesn't really account for gateway traffic at all.

We also count both inboundSidecar and outboundSidecar, when we should probably only count one.

Currently, we only support analysis across a single namespace (--namespace). We should allow this argument to take in a list, and label all pods/deployments in those namespaces.

As long as istio-injection=enabled is labeled on these namespaces, Prometheus should identify workloads in these namespaces and include them in the metrics.

We would probably want to separate the output by Workload/Locality/Namespace pairings instead of just Workload/Locality, as we do now. This way, all the data can exist in the same table, uniformly.

Note: for updating pods, we use SharedInformer, which only takes one namespace. I think this is being worked on (?) in kubernetes/kubernetes#74415, but until this gets implemented, we should keep an index of informers by namespace, and run them all on separate goroutines. Tedious, but necessary,

Instead of manually providing a cloud type with --cloud, we should automatically infer this from the cluster itself.