在 istio 中为 envoy 启用 http header 日志记录
Enable http header logging for envoy in istio
我希望能够在我的 istio 服务网格上捕获(日志)(至少一部分)envoy 的 HTTP headers。
我已经浏览了 envoy's docs, and in the log levels' 部分,它没有提到任何 header-specific 信息。
目前,我的 istio-proxy 日志是这样的(这是来自 stern 输出):
mysvc-69c46fbc75-d9v8j istio-proxy {"bytes_sent":"124","upstream_cluster":"inbound|80|http|mysvc.default.svc.cluster.local","downstream_remote_address":"10.11.11.1:0","authority":"some.url.com","path":"/health?source=dd_cluster_agent","protocol":"HTTP/1.1","upstream_service_time":"1","upstream_local_address":"127.0.0.1:40406","duration":"2","upstream_transport_failure_reason":"-","route_name":"default","downstream_local_address":"10.11.32.32:20000","user_agent":"Datadog Agent/7.24.0","response_code":"200","response_flags":"-","start_time":"2021-01-17T18:54:57.449Z","method":"GET","request_id":"61ae63c7-aa10-911b-9562-939kdhd49ddhj","upstream_host":"127.0.0.1:20000","x_forwarded_for":"10.16.32.1","requested_server_name":"outbound_.80_.mysvc_.faros.default.svc.cluster.local","bytes_received":"0","istio_policy_status":"-"}
有没有办法记录 http headers? (理想情况下 其中一些,以控制日志记录成本)
edit1 按照评论中的建议,我检查了我的 istio-operator 资源,我发现访问日志记录似乎已启用
meshConfig:
accessLogEncoding: JSON
accessLogFile: /dev/stdout
edit2 我也试过以下方法:
curl -i -H "Custom-Header: application/json" https://my.url.net
但是在 istio-ingressgateway 的日志中我没有看到我的自定义 header
istio-ingressgateway-58f69d8696-rmpwn istio-proxy {"user_agent":"curl/7.64.1","response_code":"200","response_flags":"-","start_time":"2021-01-18T19:02:48.645Z","method":"GET","request_id":"8e32c93c-484d-9c56-9489-8c5392793d97","upstream_host":"10.16.32.55:20000","x_forwarded_for":"10.16.32.1","requested_server_name":"my.url.net","bytes_received":"0","istio_policy_status":"-","bytes_sent":"124","upstream_cluster":"outbound|80||mysvc.default.svc.cluster.local","downstream_remote_address":"10.16.32.1:52804","authority":"my.url.net","path":"/","protocol":"HTTP/2","upstream_service_time":"9","upstream_local_address":"10.16.32.17:49826","duration":"10","upstream_transport_failure_reason":"-","route_name":"-","downstream_local_address":"10.16.32.17:8443"}
我想我已经成功地重现了您的问题,并且能够在入口网关日志中打印 MY_CUSTOM_HEADER。
有一部分是我的 istio 入口网关日志。
[2021-01-20T08:26:18.587Z] pkarambol GET /productpage HTTP/1.1 200
我使用了以下 curl 命令:
curl -v -H "MY_CUSTOM_HEADER: pkarambol" xx.xxx.xx.xxx/productpage
要做到这一点,您必须更改 default format of the logs. As mentioned in the documentation,您可以使用 meshConfig.accessLogFormat 进行更改。
有一个例子Istio Operator我用过
%REQ(MY_CUSTOM_HEADER)%是负责显示自定义header的部分。
apiVersion: install.istio.io/v1alpha1
kind: IstioOperator
metadata:
namespace: istio-system
name: example-istiocontrolplane
spec:
profile: demo
meshConfig:
accessLogFile: /dev/stdout
accessLogFormat: "[%START_TIME%] %REQ(MY_CUSTOM_HEADER)% %REQ(:METHOD)% %REQ(X-ENVOY-ORIGINAL-PATH?:PATH)% %PROTOCOL%
%RESPONSE_CODE% %RESPONSE_FLAGS% %BYTES_RECEIVED% %BYTES_SENT% %DURATION%
%RESP(X-ENVOY-UPSTREAM-SERVICE-TIME)% %REQ(X-FORWARDED-FOR)% %REQ(USER-AGENT)%
%REQ(X-REQUEST-ID)% %REQ(:AUTHORITY)% %UPSTREAM_HOST%\n"
我希望能够在我的 istio 服务网格上捕获(日志)(至少一部分)envoy 的 HTTP headers。
我已经浏览了 envoy's docs, and in the log levels' 部分,它没有提到任何 header-specific 信息。
目前,我的 istio-proxy 日志是这样的(这是来自 stern 输出):
mysvc-69c46fbc75-d9v8j istio-proxy {"bytes_sent":"124","upstream_cluster":"inbound|80|http|mysvc.default.svc.cluster.local","downstream_remote_address":"10.11.11.1:0","authority":"some.url.com","path":"/health?source=dd_cluster_agent","protocol":"HTTP/1.1","upstream_service_time":"1","upstream_local_address":"127.0.0.1:40406","duration":"2","upstream_transport_failure_reason":"-","route_name":"default","downstream_local_address":"10.11.32.32:20000","user_agent":"Datadog Agent/7.24.0","response_code":"200","response_flags":"-","start_time":"2021-01-17T18:54:57.449Z","method":"GET","request_id":"61ae63c7-aa10-911b-9562-939kdhd49ddhj","upstream_host":"127.0.0.1:20000","x_forwarded_for":"10.16.32.1","requested_server_name":"outbound_.80_.mysvc_.faros.default.svc.cluster.local","bytes_received":"0","istio_policy_status":"-"}
有没有办法记录 http headers? (理想情况下 其中一些,以控制日志记录成本)
edit1 按照评论中的建议,我检查了我的 istio-operator 资源,我发现访问日志记录似乎已启用
meshConfig:
accessLogEncoding: JSON
accessLogFile: /dev/stdout
edit2 我也试过以下方法:
curl -i -H "Custom-Header: application/json" https://my.url.net
但是在 istio-ingressgateway 的日志中我没有看到我的自定义 header
istio-ingressgateway-58f69d8696-rmpwn istio-proxy {"user_agent":"curl/7.64.1","response_code":"200","response_flags":"-","start_time":"2021-01-18T19:02:48.645Z","method":"GET","request_id":"8e32c93c-484d-9c56-9489-8c5392793d97","upstream_host":"10.16.32.55:20000","x_forwarded_for":"10.16.32.1","requested_server_name":"my.url.net","bytes_received":"0","istio_policy_status":"-","bytes_sent":"124","upstream_cluster":"outbound|80||mysvc.default.svc.cluster.local","downstream_remote_address":"10.16.32.1:52804","authority":"my.url.net","path":"/","protocol":"HTTP/2","upstream_service_time":"9","upstream_local_address":"10.16.32.17:49826","duration":"10","upstream_transport_failure_reason":"-","route_name":"-","downstream_local_address":"10.16.32.17:8443"}
我想我已经成功地重现了您的问题,并且能够在入口网关日志中打印 MY_CUSTOM_HEADER。
有一部分是我的 istio 入口网关日志。
[2021-01-20T08:26:18.587Z] pkarambol GET /productpage HTTP/1.1 200
我使用了以下 curl 命令:
curl -v -H "MY_CUSTOM_HEADER: pkarambol" xx.xxx.xx.xxx/productpage
要做到这一点,您必须更改 default format of the logs. As mentioned in the documentation,您可以使用 meshConfig.accessLogFormat 进行更改。
有一个例子Istio Operator我用过
%REQ(MY_CUSTOM_HEADER)%是负责显示自定义header的部分。
apiVersion: install.istio.io/v1alpha1
kind: IstioOperator
metadata:
namespace: istio-system
name: example-istiocontrolplane
spec:
profile: demo
meshConfig:
accessLogFile: /dev/stdout
accessLogFormat: "[%START_TIME%] %REQ(MY_CUSTOM_HEADER)% %REQ(:METHOD)% %REQ(X-ENVOY-ORIGINAL-PATH?:PATH)% %PROTOCOL%
%RESPONSE_CODE% %RESPONSE_FLAGS% %BYTES_RECEIVED% %BYTES_SENT% %DURATION%
%RESP(X-ENVOY-UPSTREAM-SERVICE-TIME)% %REQ(X-FORWARDED-FOR)% %REQ(USER-AGENT)%
%REQ(X-REQUEST-ID)% %REQ(:AUTHORITY)% %UPSTREAM_HOST%\n"