Search code examples
kubernetesistioistio-gateway

Egressgateway enable to see the requests in the log

I am following the istio 1.6 documentation example.

I have deployed a ServiceEntry:

apiVersion: networking.istio.io/v1alpha3
kind: ServiceEntry
metadata:
  name: cnn
spec:
  hosts:
  - edition.cnn.com
  ports:
  - number: 80
    name: http-port
    protocol: HTTP
  - number: 443
    name: https
    protocol: HTTPS
  resolution: DNS

The Gateway and destination rule:

apiVersion: networking.istio.io/v1alpha3
kind: Gateway
metadata:
  name: istio-egressgateway
spec:
  selector:
    istio: egressgateway
  servers:
  - port:
      number: 80
      name: http
      protocol: HTTP
    hosts:
    - edition.cnn.com
---
apiVersion: networking.istio.io/v1alpha3
kind: DestinationRule
metadata:
  name: egressgateway-for-cnn
spec:
  host: istio-egressgateway.istio-system.svc.cluster.local
  subsets:
  - name: cnn

and the VirtualService:

apiVersion: networking.istio.io/v1alpha3
kind: VirtualService
metadata:
  name: direct-cnn-through-egress-gateway
spec:
  hosts:
  - edition.cnn.com
  gateways:
  - istio-egressgateway
  - mesh
  http:
  - match:
    - gateways:
      - mesh
      port: 80
    route:
    - destination:
        host: istio-egressgateway.istio-system.svc.cluster.local
        subset: cnn
        port:
          number: 80
      weight: 100
  - match:
    - gateways:
      - istio-egressgateway
      port: 80
    route:
    - destination:
        host: edition.cnn.com
        port:
          number: 80
      weight: 100

Everything like it is in the tutorial, then I ran:

 kubectl exec -it $SOURCE_POD -c sleep -- curl -sL -o /dev/null -D - http://edition.cnn.com/politics

However, in step 6:

Check the log of the istio-egressgateway pod for a line corresponding to our request. If Istio is deployed in the istio-system namespace, the command to print the log is:

$ kubectl logs -l istio=egressgateway -c istio-proxy -n istio-system | tail

You should see a line similar to the following:

[2019-09-03T20:57:49.103Z] "GET /politics HTTP/2" 301 - "-" "-" 0 0 90 89 "10.244.2.10" "curl/7.64.0" "ea379962-9b5c-4431-ab66-f01994f5a5a5" "edition.cnn.com" "151.101.65.67:80" outbound|80||edition.cnn.com - 10.244.1.5:80 10.244.2.10:50482 edition.cnn.com -

I cannot see anything in my logs, it looks like the traffic is not getting passed by the egressgateway. What am I doing wrong, I am basically following the same steps as the tutorial

Solution

  • I managed to reproduce your issue. It seems you skipped the Enable Envoy’s access logging mentioned in Before you begin section.

    what you need to do is to issue the command

    istioctl install --set profile=demo --set meshConfig.accessLogFile="/dev/stdout"

    then send the request again

    kubectl exec -it $SOURCE_POD -c sleep -- curl -sL -o /dev/null -D - https://edition.cnn.com/politics

    and check the logs

    kubectl logs -l istio=egressgateway -n istio-system

    after doing all that, I see in my logs

    ...
[2021-05-14T05:51:41.940Z] "GET /politics HTTP/2" 301 - "-" "-" 0 0 23 22 "10.4.2.6" "curl/7.69.1" "fc2903d6-904c-91ce-bfde-24f395db67eb" "edition.cnn.com" "151.101.65.67:80" outbound|80||edition.cnn.com 10.4.0.10:57078 10.4.0.10:8080 10.4.2.6:36238 - -