-
Notifications
You must be signed in to change notification settings - Fork 1.6k
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
- Loading branch information
Showing
7 changed files
with
422 additions
and
0 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
25 changes: 25 additions & 0 deletions
25
content/en/boilerplates/snips/start-otel-collector-service.sh
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,25 @@ | ||
| #!/bin/bash | ||
| # shellcheck disable=SC2034,SC2153,SC2155,SC2164 | ||
|
|
||
| # Copyright Istio Authors. All Rights Reserved. | ||
| # | ||
| # Licensed under the Apache License, Version 2.0 (the "License"); | ||
| # you may not use this file except in compliance with the License. | ||
| # You may obtain a copy of the License at | ||
| # | ||
| # http://www.apache.org/licenses/LICENSE-2.0 | ||
| # | ||
| # Unless required by applicable law or agreed to in writing, software | ||
| # distributed under the License is distributed on an "AS IS" BASIS, | ||
| # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. | ||
| # See the License for the specific language governing permissions and | ||
| # limitations under the License. | ||
|
|
||
| #################################################################################################### | ||
| # WARNING: THIS IS AN AUTO-GENERATED FILE, DO NOT EDIT. PLEASE MODIFY THE ORIGINAL MARKDOWN FILE: | ||
| # boilerplates/start-otel-collector-service.md | ||
| #################################################################################################### | ||
|
|
||
| bpsnip_start_otel_collector_service__1() { | ||
| kubectl apply -f samples/open-telemetry/otel.yaml | ||
| } |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,7 @@ | ||
| --- | ||
| --- | ||
| * Start the [otel-collector]({{< github_tree >}}/samples/open-telemetry) sample. | ||
|
|
||
| {{< text bash >}} | ||
| $ kubectl apply -f @samples/open-telemetry/otel.yaml@ | ||
| {{< /text >}} |
197 changes: 197 additions & 0 deletions
197
content/en/docs/tasks/observability/logs/otel-provider/index.md
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,197 @@ | ||
| --- | ||
| title: OpenTelemetry Provider | ||
| description: This task shows you how to configure Envoy proxies to print access logs with OpenTelemetry Provider. | ||
| weight: 10 | ||
| keywords: [telemetry,logs] | ||
| aliases: | ||
| - /docs/tasks/telemetry/access-log | ||
| - /docs/tasks/telemetry/logs/access-log/ | ||
| owner: istio/wg-policies-and-telemetry-maintainers | ||
| test: yes | ||
| --- | ||
|
|
||
| After completing this task, you understand how to have your application participate in [Envoy's access logging](https://www.envoyproxy.io/docs/envoy/latest/configuration/observability/access_log/usage) with [OpenTelemetry (gRPC) Access Log](https://www.envoyproxy.io/docs/envoy/latest/api-v3/extensions/access_loggers/open_telemetry/v3/logs_service.proto). | ||
| Envoy proxies send access information to [otel-collector](https://github.com/open-telemetry/opentelemetry-collector)'s standard output. | ||
| The standard output of otel-collector's containers can then be printed by the `kubectl logs` command. | ||
|
|
||
| {{< boilerplate before-you-begin-egress >}} | ||
|
|
||
| {{< boilerplate start-httpbin-service >}} | ||
|
|
||
| {{< boilerplate start-otel-collector-service >}} | ||
|
|
||
| ## Enable Envoy's access logging | ||
|
|
||
| Istio offers a few ways to enable access logs. Use of the Telemetry API is recommended | ||
|
|
||
| ### Using Telemetry API | ||
|
|
||
| The Telemetry API can be used to enable or disable access logs: | ||
|
|
||
| Run the following script to edit the `MeshConfig`, update the YAML files to add `otel` provider. | ||
|
|
||
| {{< text bash >}} | ||
| $ cat <<EOF | kubectl apply -n istio-system -f - | ||
| apiVersion: v1 | ||
| kind: ConfigMap | ||
| metadata: | ||
| name: istio | ||
| namespace: istio-system | ||
| data: | ||
| mesh: |- | ||
| accessLogFile: /dev/stdout | ||
| defaultConfig: | ||
| discoveryAddress: istiod.istio-system.svc:15012 | ||
| proxyMetadata: {} | ||
| tracing: | ||
| zipkin: | ||
| address: zipkin.istio-system:9411 | ||
| enablePrometheusMerge: true | ||
| extensionProviders: | ||
| - name: otel | ||
| envoyOtelAls: | ||
| service: otel-collector.istio-system.svc.cluster.local | ||
| port: 4317 | ||
| rootNamespace: istio-system | ||
| trustDomain: cluster.local | ||
| meshNetworks: 'networks: {}' | ||
| EOF | ||
| {{< /text >}} | ||
|
|
||
| {{< text bash >}} | ||
| $ cat <<EOF | kubectl apply -n istio-system -f - | ||
| apiVersion: telemetry.istio.io/v1alpha1 | ||
| kind: Telemetry | ||
| metadata: | ||
| name: mesh-default | ||
| namespace: istio-system | ||
| spec: | ||
| accessLogging: | ||
| - providers: | ||
| - name: otel | ||
| EOF | ||
| {{< /text >}} | ||
|
|
||
| The above example uses the `otel` access log provider, and we do not configure anything other than default settings. | ||
|
|
||
| Similar configuration can also be applied on an individual namespace, or to an individual workload, to control logging at a fine grained level. | ||
|
|
||
| For more information about using the Telemetry API, see the [Telemetry API overview](/docs/tasks/observability/telemetry/). | ||
|
|
||
| ### Using Mesh Config | ||
|
|
||
| If you used an `IstioOperator` CR to install Istio, add the following field to your configuration: | ||
|
|
||
| {{< text yaml >}} | ||
| spec: | ||
| meshConfig: | ||
| accessLogFile: /dev/stdout | ||
| extensionProviders: | ||
| - name: otel | ||
| envoyOtelAls: | ||
| service: otel-collector.istio-system.svc.cluster.local | ||
| port: 4317 | ||
| defaultProviders: | ||
| accessLogging: | ||
| - envoy | ||
| - otel | ||
| {{< /text >}} | ||
|
|
||
| Otherwise, add the equivalent setting to your original `istioctl install` command, for example: | ||
|
|
||
| {{< text syntax=bash snip_id=none >}} | ||
| $ istioctl install -f <your-istio-operator-config-file> | ||
| {{< /text >}} | ||
|
|
||
| ## Default access log format | ||
|
|
||
| Istio will use the following default access log format if `accessLogFormat` is not specified: | ||
|
|
||
| {{< text plain >}} | ||
| [%START_TIME%] \"%REQ(:METHOD)% %REQ(X-ENVOY-ORIGINAL-PATH?:PATH)% %PROTOCOL%\" %RESPONSE_CODE% %RESPONSE_FLAGS% %RESPONSE_CODE_DETAILS% %CONNECTION_TERMINATION_DETAILS% | ||
| \"%UPSTREAM_TRANSPORT_FAILURE_REASON%\" %BYTES_RECEIVED% %BYTES_SENT% %DURATION% %RESP(X-ENVOY-UPSTREAM-SERVICE-TIME)% \"%REQ(X-FORWARDED-FOR)%\" \"%REQ(USER-AGENT)%\" \"%REQ(X-REQUEST-ID)%\" | ||
| \"%REQ(:AUTHORITY)%\" \"%UPSTREAM_HOST%\" %UPSTREAM_CLUSTER% %UPSTREAM_LOCAL_ADDRESS% %DOWNSTREAM_LOCAL_ADDRESS% %DOWNSTREAM_REMOTE_ADDRESS% %REQUESTED_SERVER_NAME% %ROUTE_NAME%\n | ||
| {{< /text >}} | ||
|
|
||
| The following table shows an example using the default access log format for a request sent from `sleep` to `httpbin`: | ||
|
|
||
| | Log operator | access log in sleep | access log in httpbin | | ||
| |--------------|---------------------|-----------------------| | ||
| | `[%START_TIME%]` | `[2020-11-25T21:26:18.409Z]` | `[2020-11-25T21:26:18.409Z]` | ||
| | `\"%REQ(:METHOD)% %REQ(X-ENVOY-ORIGINAL-PATH?:PATH)% %PROTOCOL%\"` | `"GET /status/418 HTTP/1.1"` | `"GET /status/418 HTTP/1.1"` | ||
| | `%RESPONSE_CODE%` | `418` | `418` | ||
| | `%RESPONSE_FLAGS%` | `-` | `-` | ||
| | `%RESPONSE_CODE_DETAILS%` | `via_upstream` | `via_upstream` | ||
| | `%CONNECTION_TERMINATION_DETAILS%` | `-` | `-` | ||
| | `\"%UPSTREAM_TRANSPORT_FAILURE_REASON%\"` | `"-"` | `"-"` | ||
| | `%BYTES_RECEIVED%` | `0` | `0` | ||
| | `%BYTES_SENT%` | `135` | `135` | ||
| | `%DURATION%` | `4` | `3` | ||
| | `%RESP(X-ENVOY-UPSTREAM-SERVICE-TIME)%` | `4` | `1` | ||
| | `\"%REQ(X-FORWARDED-FOR)%\"` | `"-"` | `"-"` | ||
| | `\"%REQ(USER-AGENT)%\"` | `"curl/7.73.0-DEV"` | `"curl/7.73.0-DEV"` | ||
| | `\"%REQ(X-REQUEST-ID)%\"` | `"84961386-6d84-929d-98bd-c5aee93b5c88"` | `"84961386-6d84-929d-98bd-c5aee93b5c88"` | ||
| | `\"%REQ(:AUTHORITY)%\"` | `"httpbin:8000"` | `"httpbin:8000"` | ||
| | `\"%UPSTREAM_HOST%\"` | `"10.44.1.27:80"` | `"127.0.0.1:80"` | ||
| | `%UPSTREAM_CLUSTER%` | <code>outbound|8000||httpbin.foo.svc.cluster.local</code> | <code>inbound|8000||</code> | ||
| | `%UPSTREAM_LOCAL_ADDRESS%` | `10.44.1.23:37652` | `127.0.0.1:41854` | ||
| | `%DOWNSTREAM_LOCAL_ADDRESS%` | `10.0.45.184:8000` | `10.44.1.27:80` | ||
| | `%DOWNSTREAM_REMOTE_ADDRESS%` | `10.44.1.23:46520` | `10.44.1.23:37652` | ||
| | `%REQUESTED_SERVER_NAME%` | `-` | `outbound_.8000_._.httpbin.foo.svc.cluster.local` | ||
| | `%ROUTE_NAME%` | `default` | `default` | ||
|
|
||
| ## Test the access log | ||
|
|
||
| 1. Send a request from `sleep` to `httpbin`: | ||
|
|
||
| {{< text bash >}} | ||
| $ kubectl exec "$SOURCE_POD" -c sleep -- curl -sS -v httpbin:8000/status/418 | ||
| ... | ||
| < HTTP/1.1 418 Unknown | ||
| < server: envoy | ||
| ... | ||
| -=[ teapot ]=- | ||
|
|
||
| _...._ | ||
| .' _ _ `. | ||
| | ."` ^ `". _, | ||
| \_;`"---"`|// | ||
| | ;/ | ||
| \_ _/ | ||
| `"""` | ||
| {{< /text >}} | ||
|
|
||
| 1. Check `otel-collector`'s log: | ||
|
|
||
| {{< text bash >}} | ||
| $ kubectl logs -l app=otel-collector -n istio-system | ||
| [2020-11-25T21:26:18.409Z] "GET /status/418 HTTP/1.1" 418 - via_upstream - "-" 0 135 3 1 "-" "curl/7.73.0-DEV" "84961386-6d84-929d-98bd-c5aee93b5c88" "httpbin:8000" "127.0.0.1:80" inbound|8000|| 127.0.0.1:41854 10.44.1.27:80 10.44.1.23:37652 outbound_.8000_._.httpbin.foo.svc.cluster.local default | ||
| {{< /text >}} | ||
|
|
||
| Note that the messages corresponding to the request appear in logs of the Istio proxies of both the source and the destination, `sleep` and `httpbin`, respectively. You can see in the log the HTTP verb (`GET`), the HTTP path (`/status/418`), the response code (`418`) and other [request-related information](https://www.envoyproxy.io/docs/envoy/latest/configuration/observability/access_log/usage#format-rules). | ||
|
|
||
| ## Cleanup | ||
|
|
||
| Shutdown the [sleep]({{< github_tree >}}/samples/sleep) and [httpbin]({{< github_tree >}}/samples/httpbin) services: | ||
|
|
||
| {{< text bash >}} | ||
| $ kubectl delete -f @samples/sleep/sleep.yaml@ | ||
| $ kubectl delete -f @samples/httpbin/httpbin.yaml@ | ||
| $ kubectl delete -f @samples/open-telemetry/otel.yaml@ | ||
| {{< /text >}} | ||
|
|
||
| ### Disable Envoy's access logging | ||
|
|
||
| Remove, or set to `""`, the `meshConfig.extensionProviders` and `meshConfig.defaultProviders` setting in your Istio install configuration. | ||
|
|
||
| {{< tip >}} | ||
| In the example below, replace `default` with the name of the profile you used when you installed Istio. | ||
| {{< /tip >}} | ||
|
|
||
| {{< text bash >}} | ||
| $ istioctl install --set profile=default | ||
| ✔ Istio core installed | ||
| ✔ Istiod installed | ||
| ✔ Ingress gateways installed | ||
| ✔ Installation complete | ||
| {{< /text >}} |
132 changes: 132 additions & 0 deletions
132
content/en/docs/tasks/observability/logs/otel-provider/snips.sh
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,132 @@ | ||
| #!/bin/bash | ||
| # shellcheck disable=SC2034,SC2153,SC2155,SC2164 | ||
|
|
||
| # Copyright Istio Authors. All Rights Reserved. | ||
| # | ||
| # Licensed under the Apache License, Version 2.0 (the "License"); | ||
| # you may not use this file except in compliance with the License. | ||
| # You may obtain a copy of the License at | ||
| # | ||
| # http://www.apache.org/licenses/LICENSE-2.0 | ||
| # | ||
| # Unless required by applicable law or agreed to in writing, software | ||
| # distributed under the License is distributed on an "AS IS" BASIS, | ||
| # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. | ||
| # See the License for the specific language governing permissions and | ||
| # limitations under the License. | ||
|
|
||
| #################################################################################################### | ||
| # WARNING: THIS IS AN AUTO-GENERATED FILE, DO NOT EDIT. PLEASE MODIFY THE ORIGINAL MARKDOWN FILE: | ||
| # docs/tasks/observability/logs/otel-provider/index.md | ||
| #################################################################################################### | ||
| source "content/en/boilerplates/snips/before-you-begin-egress.sh" | ||
| source "content/en/boilerplates/snips/start-httpbin-service.sh" | ||
| source "content/en/boilerplates/snips/start-otel-collector-service.sh" | ||
|
|
||
| snip_using_telemetry_api_1() { | ||
| cat <<EOF | kubectl apply -n istio-system -f - | ||
| apiVersion: v1 | ||
| kind: ConfigMap | ||
| metadata: | ||
| name: istio | ||
| namespace: istio-system | ||
| data: | ||
| mesh: |- | ||
| accessLogFile: /dev/stdout | ||
| defaultConfig: | ||
| discoveryAddress: istiod.istio-system.svc:15012 | ||
| proxyMetadata: {} | ||
| tracing: | ||
| zipkin: | ||
| address: zipkin.istio-system:9411 | ||
| enablePrometheusMerge: true | ||
| extensionProviders: | ||
| - name: otel | ||
| envoyOtelAls: | ||
| service: otel-collector.istio-system.svc.cluster.local | ||
| port: 4317 | ||
| rootNamespace: istio-system | ||
| trustDomain: cluster.local | ||
| meshNetworks: 'networks: {}' | ||
| EOF | ||
| } | ||
|
|
||
| snip_using_telemetry_api_2() { | ||
| cat <<EOF | kubectl apply -n istio-system -f - | ||
| apiVersion: telemetry.istio.io/v1alpha1 | ||
| kind: Telemetry | ||
| metadata: | ||
| name: mesh-default | ||
| namespace: istio-system | ||
| spec: | ||
| accessLogging: | ||
| - providers: | ||
| - name: otel | ||
| EOF | ||
| } | ||
|
|
||
| ! read -r -d '' snip_using_mesh_config_1 <<\ENDSNIP | ||
| spec: | ||
| meshConfig: | ||
| accessLogFile: /dev/stdout | ||
| extensionProviders: | ||
| - name: otel | ||
| envoyOtelAls: | ||
| service: otel-collector.istio-system.svc.cluster.local | ||
| port: 4317 | ||
| defaultProviders: | ||
| accessLogging: | ||
| - envoy | ||
| - otel | ||
| ENDSNIP | ||
|
|
||
| ! read -r -d '' snip_default_access_log_format_1 <<\ENDSNIP | ||
| [%START_TIME%] \"%REQ(:METHOD)% %REQ(X-ENVOY-ORIGINAL-PATH?:PATH)% %PROTOCOL%\" %RESPONSE_CODE% %RESPONSE_FLAGS% %RESPONSE_CODE_DETAILS% %CONNECTION_TERMINATION_DETAILS% | ||
| \"%UPSTREAM_TRANSPORT_FAILURE_REASON%\" %BYTES_RECEIVED% %BYTES_SENT% %DURATION% %RESP(X-ENVOY-UPSTREAM-SERVICE-TIME)% \"%REQ(X-FORWARDED-FOR)%\" \"%REQ(USER-AGENT)%\" \"%REQ(X-REQUEST-ID)%\" | ||
| \"%REQ(:AUTHORITY)%\" \"%UPSTREAM_HOST%\" %UPSTREAM_CLUSTER% %UPSTREAM_LOCAL_ADDRESS% %DOWNSTREAM_LOCAL_ADDRESS% %DOWNSTREAM_REMOTE_ADDRESS% %REQUESTED_SERVER_NAME% %ROUTE_NAME%\n | ||
| ENDSNIP | ||
|
|
||
| snip_test_the_access_log_1() { | ||
| kubectl exec "$SOURCE_POD" -c sleep -- curl -sS -v httpbin:8000/status/418 | ||
| } | ||
|
|
||
| ! read -r -d '' snip_test_the_access_log_1_out <<\ENDSNIP | ||
| ... | ||
| < HTTP/1.1 418 Unknown | ||
| < server: envoy | ||
| ... | ||
| -=[ teapot ]=- | ||
| _...._ | ||
| .' _ _ `. | ||
| | ."` ^ `". _, | ||
| \_;`"---"`|// | ||
| | ;/ | ||
| \_ _/ | ||
| `"""` | ||
| ENDSNIP | ||
| snip_test_the_access_log_2() { | ||
| kubectl logs -l app=otel-collector -n istio-system | ||
| } | ||
| ! read -r -d '' snip_test_the_access_log_2_out <<\ENDSNIP | ||
| [2020-11-25T21:26:18.409Z] "GET /status/418 HTTP/1.1" 418 - via_upstream - "-" 0 135 3 1 "-" "curl/7.73.0-DEV" "84961386-6d84-929d-98bd-c5aee93b5c88" "httpbin:8000" "127.0.0.1:80" inbound|8000|| 127.0.0.1:41854 10.44.1.27:80 10.44.1.23:37652 outbound_.8000_._.httpbin.foo.svc.cluster.local default | ||
| ENDSNIP | ||
| snip_cleanup_1() { | ||
| kubectl delete -f samples/sleep/sleep.yaml | ||
| kubectl delete -f samples/httpbin/httpbin.yaml | ||
| kubectl delete -f samples/open-telemetry/otel.yaml | ||
| } | ||
| snip_disable_envoys_access_logging_1() { | ||
| istioctl install --set profile=default | ||
| } | ||
| ! read -r -d '' snip_disable_envoys_access_logging_1_out <<\ENDSNIP | ||
| ✔ Istio core installed | ||
| ✔ Istiod installed | ||
| ✔ Ingress gateways installed | ||
| ✔ Installation complete | ||
| ENDSNIP |
Oops, something went wrong.