Istio:出口网关 - 使用 istio_requests_total 指标
Istio: Egress gateway - use istio_requests_total metric
我是 Istio 新手,遇到以下问题。我正在尝试为通过 tls/443 进行通信的外部服务设置出口网关的配置,如下例所示:https://istio.io/latest/docs/tasks/traffic-management/egress/egress-gateway/#egress-gateway-for-https-traffic.
似乎一切正常。对于 'externalapi' 服务的出站流量,我得到 istio_tcp_connections_closed_total 指标。这是我的问题:
对于通过出口网关的出站流量,是否有任何方法可以将 istio_tcp_connections_closed_total 指标替换为 istio_requests_total?我想获得一些额外的信息,例如传出流量的响应代码。
这是我的配置:
apiVersion: networking.istio.io/v1beta1
kind: ServiceEntry
metadata:
name: externalapi-egress
spec:
hosts:
- externalapi.mydomain.com
ports:
- number: 443
name: tls
protocol: TLS
resolution: DNS
location: MESH_EXTERNAL
---
apiVersion: networking.istio.io/v1alpha3
kind: Gateway
metadata:
name: externalapi-egress
spec:
selector:
istio: egressgateway
servers:
- port:
number: 443
name: tls
protocol: TLS
hosts:
- externalapi.mydomain.com
tls:
mode: PASSTHROUGH
---
apiVersion: networking.istio.io/v1beta1
kind: DestinationRule
metadata:
name: externalapi-egress
spec:
host: istio-egressgateway.istio-system.svc.cluster.local
subsets:
- name: externalapi-egress
---
apiVersion: networking.istio.io/v1beta1
kind: VirtualService
metadata:
name: externalapi
spec:
hosts:
- externalapi.mydomain.com
gateways:
- externalapi-egress
- mesh
tls:
- match:
- gateways:
- mesh
port: 443
sniHosts:
- externalapi.mydomain.com
route:
- destination:
host: istio-egressgateway.istio-system.svc.cluster.local
subset: externalapi-egress
port:
number: 443
weight: 100
- match:
- gateways:
- externalapi-egress
port: 443
sniHosts:
- externalapi.mydomain.com
route:
- destination:
host: externalapi.mydomain.com
port:
number: 443
weight: 100
其他配置信息:
- Istio:1.8.0 通过 IstioOperator 安装。
谢谢你帮我解决这个问题,
罗伯特
编辑:我想找到一种方法来为去往 externalapi 的流量生成 istio_requests_total 指标,而不是 istio_tcp_connections_closed_total。
tldr:你不能这样做。
现在是长答案。
来自istio documentnion about metrics:
For HTTP, HTTP/2, and GRPC traffic, Istio generates the following
metrics:
Request Count (istio_requests_total): This is a COUNTER incremented
for every request handled by an Istio proxy.
. . .
For TCP traffic, Istio generates the following metrics:
Tcp Byte Sent (istio_tcp_sent_bytes_total): This is a COUNTER which
measures the size of total bytes sent during response in case of a TCP
connection.
Tcp Byte Received (istio_tcp_received_bytes_total): This is a COUNTER
which measures the size of total bytes received during request in case
of a TCP connection.
Tcp Connections Opened (istio_tcp_connections_opened_total): This is a
COUNTER incremented for every opened connection.
Tcp Connections Closed (istio_tcp_connections_closed_total): This is a
COUNTER incremented for every closed connection.
. . .
请注意,istio_requests_total(根据文档)统计了 请求数,并且此指标仅适用于 HTTP、HTTP/2 和 GRPC 流量。
对于 TCP 流量,没有 requests_total 标准,因为很难说将什么定义为请求。这就是为什么对于 tcp 你只能计算字节数和
连接数。
现在你可能会说:“嘿,我没有使用 tcp,我使用的是 https(http over tls)所以它应该能够计算请求数,对吧? " - 你会错的。
在继续之前,让我先提一下wikipedia定义的“HTTP持久连接”:
HTTP persistent connection, also called HTTP keep-alive, or HTTP
connection reuse, is the idea of using a single TCP connection to send
and receive multiple HTTP requests/responses, as opposed to opening a
new connection for every single request/response pair. The newer
HTTP/2 protocol uses the same idea and takes it further to allow
multiple concurrent requests/responses to be multiplexed over a single
connection.
现在,我为什么要提到这个?
TLS 是加密流量。里面什么都看不到。如果您的应用程序是 sending/receiving 多个 requests/responses 通过单个 tls 连接(使用 HTTP 持久连接),则不可能计算每个连续的
请求,因为它是端到端加密的。
我是 Istio 新手,遇到以下问题。我正在尝试为通过 tls/443 进行通信的外部服务设置出口网关的配置,如下例所示:https://istio.io/latest/docs/tasks/traffic-management/egress/egress-gateway/#egress-gateway-for-https-traffic.
似乎一切正常。对于 'externalapi' 服务的出站流量,我得到 istio_tcp_connections_closed_total 指标。这是我的问题:
对于通过出口网关的出站流量,是否有任何方法可以将 istio_tcp_connections_closed_total 指标替换为 istio_requests_total?我想获得一些额外的信息,例如传出流量的响应代码。
这是我的配置:
apiVersion: networking.istio.io/v1beta1
kind: ServiceEntry
metadata:
name: externalapi-egress
spec:
hosts:
- externalapi.mydomain.com
ports:
- number: 443
name: tls
protocol: TLS
resolution: DNS
location: MESH_EXTERNAL
---
apiVersion: networking.istio.io/v1alpha3
kind: Gateway
metadata:
name: externalapi-egress
spec:
selector:
istio: egressgateway
servers:
- port:
number: 443
name: tls
protocol: TLS
hosts:
- externalapi.mydomain.com
tls:
mode: PASSTHROUGH
---
apiVersion: networking.istio.io/v1beta1
kind: DestinationRule
metadata:
name: externalapi-egress
spec:
host: istio-egressgateway.istio-system.svc.cluster.local
subsets:
- name: externalapi-egress
---
apiVersion: networking.istio.io/v1beta1
kind: VirtualService
metadata:
name: externalapi
spec:
hosts:
- externalapi.mydomain.com
gateways:
- externalapi-egress
- mesh
tls:
- match:
- gateways:
- mesh
port: 443
sniHosts:
- externalapi.mydomain.com
route:
- destination:
host: istio-egressgateway.istio-system.svc.cluster.local
subset: externalapi-egress
port:
number: 443
weight: 100
- match:
- gateways:
- externalapi-egress
port: 443
sniHosts:
- externalapi.mydomain.com
route:
- destination:
host: externalapi.mydomain.com
port:
number: 443
weight: 100
其他配置信息:
- Istio:1.8.0 通过 IstioOperator 安装。
谢谢你帮我解决这个问题, 罗伯特
编辑:我想找到一种方法来为去往 externalapi 的流量生成 istio_requests_total 指标,而不是 istio_tcp_connections_closed_total。
tldr:你不能这样做。
现在是长答案。
来自istio documentnion about metrics:
For HTTP, HTTP/2, and GRPC traffic, Istio generates the following metrics:
Request Count (istio_requests_total): This is a COUNTER incremented for every request handled by an Istio proxy.
. . .
For TCP traffic, Istio generates the following metrics:
Tcp Byte Sent (istio_tcp_sent_bytes_total): This is a COUNTER which measures the size of total bytes sent during response in case of a TCP connection.
Tcp Byte Received (istio_tcp_received_bytes_total): This is a COUNTER which measures the size of total bytes received during request in case of a TCP connection.
Tcp Connections Opened (istio_tcp_connections_opened_total): This is a COUNTER incremented for every opened connection.
Tcp Connections Closed (istio_tcp_connections_closed_total): This is a COUNTER incremented for every closed connection.
. . .
请注意,istio_requests_total(根据文档)统计了 请求数,并且此指标仅适用于 HTTP、HTTP/2 和 GRPC 流量。
对于 TCP 流量,没有 requests_total 标准,因为很难说将什么定义为请求。这就是为什么对于 tcp 你只能计算字节数和 连接数。
现在你可能会说:“嘿,我没有使用 tcp,我使用的是 https(http over tls)所以它应该能够计算请求数,对吧? " - 你会错的。
在继续之前,让我先提一下wikipedia定义的“HTTP持久连接”:
HTTP persistent connection, also called HTTP keep-alive, or HTTP connection reuse, is the idea of using a single TCP connection to send and receive multiple HTTP requests/responses, as opposed to opening a new connection for every single request/response pair. The newer HTTP/2 protocol uses the same idea and takes it further to allow multiple concurrent requests/responses to be multiplexed over a single connection.
现在,我为什么要提到这个?
TLS 是加密流量。里面什么都看不到。如果您的应用程序是 sending/receiving 多个 requests/responses 通过单个 tls 连接(使用 HTTP 持久连接),则不可能计算每个连续的 请求,因为它是端到端加密的。