Egressgateway 启用以查看日志中的请求
Egressgateway enable to see the requests in the log
我正在关注 istio 1.6 documentation example。
我已经部署了一个 ServiceEntry:
apiVersion: networking.istio.io/v1alpha3
kind: ServiceEntry
metadata:
name: cnn
spec:
hosts:
- edition.cnn.com
ports:
- number: 80
name: http-port
protocol: HTTP
- number: 443
name: https
protocol: HTTPS
resolution: DNS
网关和目标规则:
apiVersion: networking.istio.io/v1alpha3
kind: Gateway
metadata:
name: istio-egressgateway
spec:
selector:
istio: egressgateway
servers:
- port:
number: 80
name: http
protocol: HTTP
hosts:
- edition.cnn.com
---
apiVersion: networking.istio.io/v1alpha3
kind: DestinationRule
metadata:
name: egressgateway-for-cnn
spec:
host: istio-egressgateway.istio-system.svc.cluster.local
subsets:
- name: cnn
和虚拟服务:
apiVersion: networking.istio.io/v1alpha3
kind: VirtualService
metadata:
name: direct-cnn-through-egress-gateway
spec:
hosts:
- edition.cnn.com
gateways:
- istio-egressgateway
- mesh
http:
- match:
- gateways:
- mesh
port: 80
route:
- destination:
host: istio-egressgateway.istio-system.svc.cluster.local
subset: cnn
port:
number: 80
weight: 100
- match:
- gateways:
- istio-egressgateway
port: 80
route:
- destination:
host: edition.cnn.com
port:
number: 80
weight: 100
教程里都有,那我运行:
kubectl exec -it $SOURCE_POD -c sleep -- curl -sL -o /dev/null -D - http://edition.cnn.com/politics
然而,在第 6 步中:
Check the log of the istio-egressgateway pod for a line corresponding to our request. If Istio is deployed in the istio-system namespace, the command to print the log is:
$ kubectl logs -l istio=egressgateway -c istio-proxy -n istio-system | tail
You should see a line similar to the following:
[2019-09-03T20:57:49.103Z] "GET /politics HTTP/2" 301 - "-" "-" 0 0 90 89 "10.244.2.10" "curl/7.64.0" "ea379962-9b5c-4431-ab66-f01994f5a5a5" "edition.cnn.com" "151.101.65.67:80" outbound|80||edition.cnn.com - 10.244.1.5:80 10.244.2.10:50482 edition.cnn.com -
我在日志中看不到任何内容,看起来流量没有通过 egressgateway。我做错了什么,我基本上是按照教程的步骤做的
我成功重现了你的问题。
您似乎跳过了 开始之前 部分中提到的 Enable Envoy’s access logging。
你需要做的就是发出命令
istioctl install --set profile=demo --set meshConfig.accessLogFile="/dev/stdout"
然后再次发送请求
kubectl exec -it $SOURCE_POD -c sleep -- curl -sL -o /dev/null -D - https://edition.cnn.com/politics
并检查日志
kubectl logs -l istio=egressgateway -n istio-system
完成所有操作后,我在日志中看到了
...
[2021-05-14T05:51:41.940Z] "GET /politics HTTP/2" 301 - "-" "-" 0 0 23 22 "10.4.2.6" "curl/7.69.1" "fc2903d6-904c-91ce-bfde-24f395db67eb" "edition.cnn.com" "151.101.65.67:80" outbound|80||edition.cnn.com 10.4.0.10:57078 10.4.0.10:8080 10.4.2.6:36238 - -
我正在关注 istio 1.6 documentation example。
我已经部署了一个 ServiceEntry:
apiVersion: networking.istio.io/v1alpha3
kind: ServiceEntry
metadata:
name: cnn
spec:
hosts:
- edition.cnn.com
ports:
- number: 80
name: http-port
protocol: HTTP
- number: 443
name: https
protocol: HTTPS
resolution: DNS
网关和目标规则:
apiVersion: networking.istio.io/v1alpha3
kind: Gateway
metadata:
name: istio-egressgateway
spec:
selector:
istio: egressgateway
servers:
- port:
number: 80
name: http
protocol: HTTP
hosts:
- edition.cnn.com
---
apiVersion: networking.istio.io/v1alpha3
kind: DestinationRule
metadata:
name: egressgateway-for-cnn
spec:
host: istio-egressgateway.istio-system.svc.cluster.local
subsets:
- name: cnn
和虚拟服务:
apiVersion: networking.istio.io/v1alpha3
kind: VirtualService
metadata:
name: direct-cnn-through-egress-gateway
spec:
hosts:
- edition.cnn.com
gateways:
- istio-egressgateway
- mesh
http:
- match:
- gateways:
- mesh
port: 80
route:
- destination:
host: istio-egressgateway.istio-system.svc.cluster.local
subset: cnn
port:
number: 80
weight: 100
- match:
- gateways:
- istio-egressgateway
port: 80
route:
- destination:
host: edition.cnn.com
port:
number: 80
weight: 100
教程里都有,那我运行:
kubectl exec -it $SOURCE_POD -c sleep -- curl -sL -o /dev/null -D - http://edition.cnn.com/politics
然而,在第 6 步中:
Check the log of the istio-egressgateway pod for a line corresponding to our request. If Istio is deployed in the istio-system namespace, the command to print the log is:
$ kubectl logs -l istio=egressgateway -c istio-proxy -n istio-system | tail
You should see a line similar to the following:
[2019-09-03T20:57:49.103Z] "GET /politics HTTP/2" 301 - "-" "-" 0 0 90 89 "10.244.2.10" "curl/7.64.0" "ea379962-9b5c-4431-ab66-f01994f5a5a5" "edition.cnn.com" "151.101.65.67:80" outbound|80||edition.cnn.com - 10.244.1.5:80 10.244.2.10:50482 edition.cnn.com -
我在日志中看不到任何内容,看起来流量没有通过 egressgateway。我做错了什么,我基本上是按照教程的步骤做的
我成功重现了你的问题。 您似乎跳过了 开始之前 部分中提到的 Enable Envoy’s access logging。
你需要做的就是发出命令
istioctl install --set profile=demo --set meshConfig.accessLogFile="/dev/stdout"
然后再次发送请求
kubectl exec -it $SOURCE_POD -c sleep -- curl -sL -o /dev/null -D - https://edition.cnn.com/politics
并检查日志
kubectl logs -l istio=egressgateway -n istio-system
完成所有操作后,我在日志中看到了
...
[2021-05-14T05:51:41.940Z] "GET /politics HTTP/2" 301 - "-" "-" 0 0 23 22 "10.4.2.6" "curl/7.69.1" "fc2903d6-904c-91ce-bfde-24f395db67eb" "edition.cnn.com" "151.101.65.67:80" outbound|80||edition.cnn.com 10.4.0.10:57078 10.4.0.10:8080 10.4.2.6:36238 - -