开启 Access 日志
1
2
3
4
5
6
7
8
9
10
| apiVersion: v1
kind: ConfigMap
metadata:
name: istio
namespace: istio-system
data:
mesh: |
accessLogEncoding: JSON
accessLogFile: /dev/stdout
accessLogFormat: ""
|
格式化 Access 日志
1
2
3
4
5
6
| apiVersion: v1
data:
mesh: |-
accessLogEncoding: JSON
accessLogFile: /dev/stdout
accessLogFormat: "{\"authority\":\"%REQ(:AUTHORITY)%\",\"bytes_received\":\"%BYTES_RECEIVED%\",\"bytes_sent\":\"%BYTES_SENT%\",\"downstream_local_address\":\"%DOWNSTREAM_LOCAL_ADDRESS%\",\"downstream_remote_address\":\"%DOWNSTREAM_REMOTE_ADDRESS%\",\"duration\":\"%DURATION%\",\"istio_policy_status\":\"%DYNAMIC_METADATA(istio.mixer:status)%\",\"method\":\"%REQ(:METHOD)%\",\"path\":\"%REQ(X-ENVOY-ORIGINAL-PATH?:PATH)%\",\"protocol\":\"%PROTOCOL%\",\"request_id\":\"%REQ(X-REQUEST-ID)%\",\"requested_server_name\":\"%REQUESTED_SERVER_NAME%\",\"response_code\":\"%RESPONSE_CODE%\",\"response_flags\":\"%RESPONSE_FLAGS%\",\"response_code_details\":\"%RESPONSE_CODE_DETAILS%\",\"connection_termination_details\":\"%CONNECTION_TERMINATION_DETAILS%\",\"route_name\":\"%ROUTE_NAME%\",\"start_time\":\"%START_TIME%\",\"upstream_cluster\":\"%UPSTREAM_CLUSTER%\",\"upstream_host\":\"%UPSTREAM_HOST%\",\"upstream_local_address\":\"%UPSTREAM_LOCAL_ADDRESS%\",\"upstream_service_time\":\"%RESP(X-ENVOY-UPSTREAM-SERVICE-TIME)%\",\"upstream_transport_failure_reason\":\"%UPSTREAM_TRANSPORT_FAILURE_REASON%\",\"user_agent\":\"%REQ(USER-AGENT)%\",\"x_forwarded_for\":\"%REQ(X-FORWARDED-FOR)%\"}"
|
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
| {
"authority": "%REQ(:AUTHORITY)%",
"bytes_received": "%BYTES_RECEIVED%",
"bytes_sent": "%BYTES_SENT%",
"downstream_local_address": "%DOWNSTREAM_LOCAL_ADDRESS%",
"downstream_remote_address": "%DOWNSTREAM_REMOTE_ADDRESS%",
"duration": "%DURATION%",
"istio_policy_status": "%DYNAMIC_METADATA(istio.mixer:status)%",
"method": "%REQ(:METHOD)%",
"path": "%REQ(X-ENVOY-ORIGINAL-PATH?:PATH)%",
"protocol": "%PROTOCOL%",
"request_id": "%REQ(X-REQUEST-ID)%",
"requested_server_name": "%REQUESTED_SERVER_NAME%",
"response_code": "%RESPONSE_CODE%",
"response_flags": "%RESPONSE_FLAGS%",
"route_name": "%ROUTE_NAME%",
"start_time": "%START_TIME%",
"upstream_cluster": "%UPSTREAM_CLUSTER%",
"upstream_host": "%UPSTREAM_HOST%",
"upstream_local_address": "%UPSTREAM_LOCAL_ADDRESS%",
"upstream_service_time": "%RESP(X-ENVOY-UPSTREAM-SERVICE-TIME)%",
"upstream_transport_failure_reason": "%UPSTREAM_TRANSPORT_FAILURE_REASON%",
"user_agent": "%REQ(USER-AGENT)%",
"x_forwarded_for": "%REQ(X-FORWARDED-FOR)%"
}
|
自定义日志文件路径
1
| accessLogFile: /var/log/envoy/envoy.log
|
局部启用
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
| cat << EOF | kubectl apply -f -
---
apiVersion: networking.istio.io/v1alpha3
kind: EnvoyFilter
metadata:
name: enable-accesslog
spec:
workloadSelector:
labels:
app: details
configPatches:
- applyTo: NETWORK_FILTER
match:
context: ANY
listener:
filterChain:
filter:
name: envoy.filters.network.http_connection_manager
patch:
operation: MERGE
value:
typed_config:
"@type": "type.googleapis.com/envoy.extensions.filters.network.http_connection_manager.v3.HttpConnectionManager"
access_log:
- name: envoy.access_loggers.file
typed_config:
"@type": type.googleapis.com/envoy.extensions.access_loggers.file.v3.FileAccessLog
path: "/var/log/istio/access.log"
log_format:
json_format:
authority: "%REQ(:AUTHORITY)%"
bytes_received: "%BYTES_RECEIVED%"
bytes_sent: "%BYTES_SENT%"
downstream_local_address: "%DOWNSTREAM_LOCAL_ADDRESS%"
downstream_remote_address: "%DOWNSTREAM_REMOTE_ADDRESS%"
duration: "%DURATION%"
method: "%REQ(:METHOD)%"
path: "%REQ(X-ENVOY-ORIGINAL-PATH?:PATH)%"
protocol: "%PROTOCOL%"
connection_termination_details: "%CONNECTION_TERMINATION_DETAILS%"
request_id: "%REQ(X-REQUEST-ID)%"
requested_server_name: "%REQUESTED_SERVER_NAME%"
response_code: "%RESPONSE_CODE%"
response_flags: "%RESPONSE_FLAGS%"
response_code_detail: "%RESPONSE_CODE_DETAILS%",
route_name: "%ROUTE_NAME%"
start_time: "%START_TIME%"
upstream_cluster: "%UPSTREAM_CLUSTER%"
upstream_host: "%UPSTREAM_HOST%"
upstream_local_address: "%UPSTREAM_LOCAL_ADDRESS%"
upstream_service_time: "%RESP(X-ENVOY-UPSTREAM-SERVICE-TIME)%"
upstream_transport_failure_reason: "%UPSTREAM_TRANSPORT_FAILURE_REASON%"
user_agent: "%REQ(USER-AGENT)%"
x_forwarded_for: "%REQ(X-FORWARDED-FOR)%"
EOF
|
日志滚动
当输出到独立文件时,存在一个问题,日志不断增长导致磁盘空间不足,需要针对落盘文件进行滚动处理;
在这里采用社区提供的 logrotate 镜像,具体介绍可以参考【2】,通过 Istio 注入模板增加 Container 来实现日志滚动;当然也可以在这个基础上拓展采集对应的日志,但是sidecar形式资源成本较多,可以以 Daemonset 形式部署采集端。
修改Istio 注入模板
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
| apiVersion: v1
data:
config: |-
...
templates:
sidecar: |
spec:
...
containers:
{{- if contains "/" (annotation .ObjectMeta `sidecar.istio.io/logrotate` .Values.global.logrotate.enable) }}
- name: logrotate
{{- if contains "/" (annotation .ObjectMeta `sidecar.istio.io/logrotateImage` .Values.global.logrotate.image) }}
image: "{{ annotation .ObjectMeta `sidecar.istio.io/logrotateImage` .Values.global.logrotate.image }}"
{{- else }}
image: "realz/logrotate"
{{- end }}
imagePullPolicy: IfNotPresent
- env:
- name: CRON_EXPR
value: {{ .Values.global.logrotate.cronexpr | default "*/30 * * * *" | quote }}
- name: LOGROTATE_LOGFILES
value: /data/log/ingress/*.log
- name: LOGROTATE_FILESIZE
value: {{ .Values.global.logrotate.filesize | default 100M | quote }}
- name: LOGROTATE_FILENUM
value: {{ .Values.global.logrotate.filenum | default "5" | quote }}
volumeMounts:
- mountPath: /data/log/ingress
name: log
resources:
limits:
cpu: 200m
memory: 100Mi
requests:
cpu: 10m
memory: 100Mi
{{end}}
- name: istio-proxy
...
volumes:
{{- if contains "/" (annotation .ObjectMeta `sidecar.istio.io/logrotate` .Values.global.logrotate.enable )}}
- hostPath:
path: /data/log/ingress
type: ""
name: log
{{end}}
- emptyDir:
name: workload-socket
...
values: |-
{
"global": {
"logrotate": {
"enable": true,
"cronexpr": "*/30 * * * *",
"filesize": "100M",
"filenum": "5"
}
}
}
|
参考资料
istio 官方文档给出的常见变量
docker-logrotate
