在Istio中,到底怎么获取 Envoy 访问日志?
Envoy 访问日志记录了通过 Envoy 进行请求 / 响应交互的相关记录,可以方便地了解具体通信过程和调试定位问题。
环境准备
部署 httpbin 服务:
kubectl apply -f samples/httpbin/httpbin.yaml
部署 sleep 服务:
kubectl apply -f samples/sleep/sleep.yaml
httpbin 服务作为接收请求的服务端, sleep 服务作为发送请求的客户端。
还需要开启 Envoy 访问日志,执行以下命令修改 istio 配置:
kubectl -n istio-system edit configmap istio
编辑yaml文件的对应配置:
data:
mesh: |-
accessLogEncoding: JSON
accessLogFile: /dev/stdout
其中,accessLogEncoding表示 accesslog 输出格式,Istio 预定义了 TEXT 和 JSON 两种日志输出格式。默认使用 TEXT,通常改成 JSON 以提升可读性;accessLogFile:表示 accesslog 输出位置,通常指定到 /dev/stdout (标准输出),以便使用 kubectl logs 来查看日志。
保证yaml文件后,配置随即生效。
测试访问日志
在 sleep 服务中向 httpbin 服务发出请求:
export SLEEP_POD=$(kubectl get pods -l app=sleep -o 'jsonpath={.items[0].metadata.name}')
kubectl exec "$SLEEP_POD" -c sleep -- curl -sS http://httpbin:8000/headers
返回结果如下:
{
"headers": {
"Accept": "*/*",
"Host": "httpbin:8000",
"User-Agent": "curl/7.81.0-DEV",
"X-B3-Parentspanid": "ed0178f3e1f48dd1",
"X-B3-Sampled": "0",
"X-B3-Spanid": "6c38b689ee5ab0c8",
"X-B3-Traceid": "f17ce19c174cae85ed0178f3e1f48dd1",
"X-Envoy-Attempt-Count": "1",
"X-Forwarded-Client-Cert": "......"
}
}
执行以下命令,查看sleep 服务的Envoy日志:
kubectl logs -l app=sleep -c istio-proxy
可以看到sleep服务对httpbin服务的调用的日志:
{
"authority": "httpbin:8000",
"bytes_received": ,
"bytes_sent": ,
"connection_termination_details": null,
"downstream_local_address": "172.24.146.239:8000",
"downstream_remote_address": "172.24.158.25:49350",
"duration": ,
"method": "GET",
"path": "/headers",
"protocol": "HTTP/1.1",
"request_id": "ea40d320-348f-4f58-86d4-da157b0e0cca",
"requested_server_name": null,
"response_code": ,
"response_code_details": "via_upstream",
"response_flags": "-",
"route_name": "default",
"start_time": "2022-07-04T10:00:09.401Z",
"upstream_cluster": "outbound|8000||httpbin.istio-demo.svc.cluster.local",
"upstream_host": "172.24.158.96:80",
"upstream_local_address": "172.24.158.25:41812",
"upstream_service_time": "2",
"upstream_transport_failure_reason": null,
"user_agent": "curl/7.81.0-DEV",
"x_forwarded_for": null
}
执行以下命令,查看httpbin 服务的Envoy日志:
kubectl logs -l app=httpbin -c istio-proxy
可以看到httpbin服务被sleep服务调用的Envoy日志:
{
"authority": "httpbin:8000",
"bytes_received": ,
"bytes_sent": ,
"connection_termination_details": null,
"downstream_local_address": "172.24.158.96:80",
"downstream_remote_address": "172.24.158.25:41812",
"duration": ,
"method": "GET",
"path": "/headers",
"protocol": "HTTP/1.1",
"request_id": "ea40d320-348f-4f58-86d4-da157b0e0cca",
"requested_server_name": "outbound_.8000_._.httpbin.istio-demo.svc.cluster.local",
"response_code": ,
"response_code_details": "via_upstream",
"response_flags": "-",
"route_name": "default",
"start_time": "2022-07-04T10:00:09.401Z",
"upstream_cluster": "inbound|80||",
"upstream_host": "172.24.158.96:80",
"upstream_local_address": "127.0.0.6:33665",
"upstream_service_time": "1",
"upstream_transport_failure_reason": null,
"user_agent": "curl/7.81.0-DEV",
"x_forwarded_for": null
}
看到这么多参数,是不是有点懵逼?没关系接下来,我们详细看看!
刨析Envoy日志
清理
删除 httpbin 和 sleep 服务:
kubectl delete -f samples/httpbin/httpbin.yaml
kubectl delete -f samples/sleep/sleep.yaml
本文参与 腾讯云自媒体同步曝光计划,分享自微信公众号。
原始发表:2022-07-27,如有侵权请联系 cloudcommunity@tencent.com 删除
评论
登录后参与评论
推荐阅读
目录
相关产品与服务
服务网格
服务网格(Tencent Cloud Mesh, TCM),一致、可靠、透明的云原生应用通信网络管控基础平台。全面兼容 Istio,集成腾讯云基础设施,提供全托管服务化的支撑能力保障网格生命周期管理。IaaS 组网与监控组件开箱即用,跨集群、异构应用一致发现管理加速云原生迁移。
腾讯云开发者
