查看Istio容器日志信息

最新推荐文章于 2023-12-07 08:33:10 发布
最新推荐文章于 2023-12-07 08:33:10 发布
阅读量3.1k 收藏 1
点赞数 1
分类专栏: Istio 文章标签: golang
版权声明:本文为博主原创文章,遵循 CC 4.0 BY-SA 版权协议,转载请附上原文出处链接和本声明。
本文链接:https://blog.csdn.net/violin_biubiubiu/article/details/120434208
版权

pod内容器

➜  ~kubectl logs productpage-v1-65576bb7bf-rcnfr 

error: a container name must be specified for pod productpage-v1-65576bb7bf-rcnfr, choose one of: [productpage istio-proxy] or one of the init containers: [istio-init]

istio-proxy 

➜  ~ kubectl logs productpage-v1-65576bb7bf-rcnfr -c istio-proxy
2021-09-23T02:52:11.293116Z	info	FLAG: --concurrency="2"
2021-09-23T02:52:11.293140Z	info	FLAG: --domain="default.svc.cluster.local"
2021-09-23T02:52:11.293145Z	info	FLAG: --help="false"
2021-09-23T02:52:11.293148Z	info	FLAG: --log_as_json="false"
2021-09-23T02:52:11.293150Z	info	FLAG: --log_caller=""
2021-09-23T02:52:11.293152Z	info	FLAG: --log_output_level="default:info"
2021-09-23T02:52:11.293155Z	info	FLAG: --log_rotate=""
2021-09-23T02:52:11.293157Z	info	FLAG: --log_rotate_max_age="30"
2021-09-23T02:52:11.293159Z	info	FLAG: --log_rotate_max_backups="1000"
2021-09-23T02:52:11.293162Z	info	FLAG: --log_rotate_max_size="104857600"
2021-09-23T02:52:11.293164Z	info	FLAG: --log_stacktrace_level="default:none"
2021-09-23T02:52:11.293169Z	info	FLAG: --log_target="[stdout]"
2021-09-23T02:52:11.293172Z	info	FLAG: --meshConfig="./etc/istio/config/mesh"
2021-09-23T02:52:11.293174Z	info	FLAG: --outlierLogPath=""
2021-09-23T02:52:11.293176Z	info	FLAG: --proxyComponentLogLevel="misc:error"
2021-09-23T02:52:11.293178Z	info	FLAG: --proxyLogLevel="warning"
2021-09-23T02:52:11.293181Z	info	FLAG: --serviceCluster="productpage.default"
2021-09-23T02:52:11.293183Z	info	FLAG: --stsPort="0"
2021-09-23T02:52:11.293185Z	info	FLAG: --templateFile=""
2021-09-23T02:52:11.293188Z	info	FLAG: --tokenManagerPlugin="GoogleTokenExchange"
2021-09-23T02:52:11.293205Z	info	Version 1.8.2-bfa8bcbc116a8736c301a5dfedc4ed2673e2bfa3-Clean
2021-09-23T02:52:11.293531Z	info	Obtained private IP [10.244.1.11 fe80::b4d3:afff:fea9:1988]
2021-09-23T02:52:11.293618Z	info	Apply proxy config from env {"proxyMetadata":{"DNS_AGENT":""}}

2021-09-23T02:52:11.295330Z	info	Effective config: binaryPath: /usr/local/bin/envoy
concurrency: 2
configPath: ./etc/istio/proxy
controlPlaneAuthPolicy: MUTUAL_TLS
discoveryAddress: istiod.istio-system.svc:15012
drainDuration: 45s
envoyAccessLogService: {}
envoyMetricsService: {}
parentShutdownDuration: 60s
proxyAdminPort: 15000
proxyMetadata:
  DNS_AGENT: ""
serviceCluster: productpage.default
statNameLength: 189
statusPort: 15020
terminationDrainDuration: 5s
tracing:
  zipkin:
    address: zipkin.istio-system:9411

2021-09-23T02:52:11.295396Z	info	Proxy role: &model.Proxy{RWMutex:sync.RWMutex{w:sync.Mutex{state:0, sema:0x0}, writerSem:0x0, readerSem:0x0, readerCount:0, readerWait:0}, Type:"sidecar", IPAddresses:[]string{"10.244.1.11", "fe80::b4d3:afff:fea9:1988"}, ID:"productpage-v1-65576bb7bf-rcnfr.default", Locality:(*envoy_config_core_v3.Locality)(nil), DNSDomain:"default.svc.cluster.local", ConfigNamespace:"", Metadata:(*model.NodeMetadata)(nil), SidecarScope:(*model.SidecarScope)(nil), PrevSidecarScope:(*model.SidecarScope)(nil), MergedGateway:(*model.MergedGateway)(nil), ServiceInstances:[]*model.ServiceInstance(nil), IstioVersion:(*model.IstioVersion)(nil), VerifiedIdentity:(*spiffe.Identity)(nil), ipv6Support:false, ipv4Support:false, GlobalUnicastIP:"", XdsResourceGenerator:model.XdsResourceGenerator(nil), WatchedResources:map[string]*model.WatchedResource(nil)}
2021-09-23T02:52:11.295414Z	info	JWT policy is third-party-jwt
2021-09-23T02:52:11.295442Z	info	PilotSAN []string{"istiod.istio-system.svc"}
2021-09-23T02:52:11.295495Z	info	sa.serverOptions.CAEndpoint == istiod.istio-system.svc:15012 Citadel
2021-09-23T02:52:11.295581Z	info	Using CA istiod.istio-system.svc:15012 cert with certs: var/run/secrets/istio/root-cert.pem
2021-09-23T02:52:11.295693Z	info	citadelclient	Citadel client using custom root: istiod.istio-system.svc:15012 -----BEGIN CERTIFICATE-----
MIIC/TCCAeWgAwIBAgIRAOYOpkjwEDCsYkyLt1JY6rkwDQYJKoZIhvcNAQELBQAw
GDEWMBQGA1UEChMNY2x1c3Rlci5sb2NhbDAeFw0yMTA5MTAxMzUzMThaFw0zMTA5
MDgxMzUzMThaMBgxFjAUBgNVBAoTDWNsdXN0ZXIubG9jYWwwggEiMA0GCSqGSIb3
DQEBAQUAA4IBDwAwggEKAoIBAQC2B2ql/f3tZqnyLJ86NYtcpkMWux379jCl3sUb
0Lf3hqd2wD6VtnQpAuHO42PXacS56hiNJGwdkhU/Z8zlhFc58vGWeOShT5C8jLrC
z//9TjTsfvGUS4REjQ13O4QGQyHtYnjJZx47HJr7m4estVOLbaqmjMNkD1cpGpHR
3tv3LRMuqPQERx2RxVBIp5P1UD7kgyzWb2dOFzqmE5gYeCfoxc6E003rXyd5u4UU
C9D5lwGmSPICLKXFBgegrEd1A1JdmQKHC5urrykVpn70mwMZzAY2PHNc353CJdSD
Zk3dvMvc0/3KJdeXZijx4B8VgyTJyBrSdunJZGDh/N7gVDqTAgMBAAGjQjBAMA4G
A1UdDwEB/wQEAwICBDAPBgNVHRMBAf8EBTADAQH/MB0GA1UdDgQWBBRkc4FW0Drr
w/ux1836u3Wv1agGYTANBgkqhkiG9w0BAQsFAAOCAQEAVJkrYH8hvditinreypWI
+hNJBMGk5BeeYZGAAyRVCgmA2tuMIvy6Pd0O/VtM6CZDJq1ChHm/oHk9i3ScdMS7
2qCN9Jvgr9OQ/hehESqCDPwP81FqhpWK4d0P+8WGwpVuQF0WRZFa8RvAr8rWypz5
ouTB6yZJ5wdlH8FG51YRSCgeHQ3+VpeCF8/CLu5RghGYGgArATjf+zicegCvIemI
1p7NdrcfptXmhUkqiax7ePJuj4D1svrcKAJtIZJ+ocgNhwl/Uhb9Cz5l7TXUKqhN
56iNXtTfotqodlbAtgu033aMAdFny461CxuKyBi80mZq5OAE6AHRbndM0PcYWWHy
7A==
-----END CERTIFICATE-----

2021-09-23T02:52:11.334052Z	info	sds	SDS gRPC server for workload UDS starts, listening on "./etc/istio/proxy/SDS" 

2021-09-23T02:52:11.334321Z	info	xdsproxy	Initializing with upstream address istiod.istio-system.svc:15012 and cluster Kubernetes
2021-09-23T02:52:11.334265Z	info	sds	Start SDS grpc server
2021-09-23T02:52:11.334695Z	info	xdsproxy	adding watcher for certificate var/run/secrets/istio/root-cert.pem
2021-09-23T02:52:11.334927Z	info	Starting proxy agent
2021-09-23T02:52:11.335076Z	info	Opening status port 15020

2021-09-23T02:52:11.335241Z	info	Received new config, creating new Envoy epoch 0
2021-09-23T02:52:11.335322Z	info	Epoch 0 starting
2021-09-23T02:52:11.343146Z	info	Envoy command: [-c etc/istio/proxy/envoy-rev0.json --restart-epoch 0 --drain-time-s 45 --parent-shutdown-time-s 60 --service-cluster productpage.default --service-node sidecar~10.244.1.11~productpage-v1-65576bb7bf-rcnfr.default~default.svc.cluster.local --local-address-ip-version v4 --bootstrap-version 3 --log-format-prefix-with-location 0 --log-format %Y-%m-%dT%T.%fZ	%l	envoy %n	%v -l warning --component-log-level misc:error --concurrency 2]
2021-09-23T02:52:11.412475Z	warning	envoy runtime	Unable to use runtime singleton for feature envoy.http.headermap.lazy_map_min_size
2021-09-23T02:52:11.412672Z	warning	envoy runtime	Unable to use runtime singleton for feature envoy.http.headermap.lazy_map_min_size
2021-09-23T02:52:11.413442Z	warning	envoy runtime	Unable to use runtime singleton for feature envoy.http.headermap.lazy_map_min_size
2021-09-23T02:52:11.413569Z	warning	envoy runtime	Unable to use runtime singleton for feature envoy.http.headermap.lazy_map_min_size
2021-09-23T02:52:11.454710Z	warning	envoy main	there is no configured limit to the number of allowed active connections. Set a limit via the runtime key overload.global_downstream_max_connections
2021-09-23T02:52:11.455704Z	info	xdsproxy	Envoy ADS stream established
2021-09-23T02:52:11.455949Z	info	xdsproxy	connecting to upstream XDS server: istiod.istio-system.svc:15012
2021-09-23T02:52:11.473271Z	error	xdsproxy	failed to create upstream grpc client: rpc error: code = Unavailable desc = connection error: desc = "transport: Error while dialing dial tcp: lookup istiod.istio-system.svc on 10.96.0.10:53: no such host"
2021-09-23T02:52:11.473379Z	info	xdsproxy	disconnected from XDS server: istiod.istio-system.svc:15012
2021-09-23T02:52:11.474501Z	warning	envoy config	StreamAggregatedResources gRPC config stream closed: 14, connection error: desc = "transport: Error while dialing dial tcp: lookup istiod.istio-system.svc on 10.96.0.10:53: no such host"
2021-09-23T02:52:11.795970Z	info	xdsproxy	Envoy ADS stream established
2021-09-23T02:52:11.796062Z	info	xdsproxy	connecting to upstream XDS server: istiod.istio-system.svc:15012
2021-09-23T02:52:11.805039Z	error	xdsproxy	failed to create upstream grpc client: rpc error: code = Unavailable desc = connection error: desc = "transport: Error while dialing dial tcp: lookup istiod.istio-system.svc on 10.96.0.10:53: no such host"
2021-09-23T02:52:11.805183Z	info	xdsproxy	disconnected from XDS server: istiod.istio-system.svc:15012
2021-09-23T02:52:11.805472Z	warning	envoy config	StreamAggregatedResources gRPC config stream closed: 14, connection error: desc = "transport: Error while dialing dial tcp: lookup istiod.istio-system.svc on 10.96.0.10:53: no such host"
2021-09-23T02:52:12.611766Z	info	xdsproxy	Envoy ADS stream established
2021-09-23T02:52:12.611860Z	info	xdsproxy	connecting to upstream XDS server: istiod.istio-system.svc:15012
2021-09-23T02:52:12.616565Z	warning	envoy config	StreamAggregatedResources gRPC config stream closed: 14, connection error: desc = "transport: Error while dialing dial tcp: lookup istiod.istio-system.svc on 10.96.0.10:53: no such host"
2021-09-23T02:52:12.616339Z	error	xdsproxy	failed to create upstream grpc client: rpc error: code = Unavailable desc = connection error: desc = "transport: Error while dialing dial tcp: lookup istiod.istio-system.svc on 10.96.0.10:53: no such host"
2021-09-23T02:52:12.616351Z	info	xdsproxy	disconnected from XDS server: istiod.istio-system.svc:15012
2021-09-23T02:52:14.603617Z	info	xdsproxy	Envoy ADS stream established
2021-09-23T02:52:14.604067Z	info	xdsproxy	connecting to upstream XDS server: istiod.istio-system.svc:15012
2021-09-23T02:52:14.636949Z	error	xdsproxy	failed to create upstream grpc client: rpc error: code = Unavailable desc = connection error: desc = "transport: Error while dialing dial tcp: lookup istiod.istio-system.svc on 10.96.0.10:53: no such host"
2021-09-23T02:52:14.636970Z	info	xdsproxy	disconnected from XDS server: istiod.istio-system.svc:15012
2021-09-23T02:52:14.637360Z	warning	envoy config	StreamAggregatedResources gRPC config stream closed: 14, connection error: desc = "transport: Error while dialing dial tcp: lookup istiod.istio-system.svc on 10.96.0.10:53: no such host"
2021-09-23T02:52:15.699301Z	info	xdsproxy	Envoy ADS stream established
2021-09-23T02:52:15.699514Z	info	xdsproxy	connecting to upstream XDS server: istiod.istio-system.svc:15012
2021-09-23T02:52:15.706515Z	error	xdsproxy	failed to create upstream grpc client: rpc error: code = Unavailable desc = connection error: desc = "transport: Error while dialing dial tcp: lookup istiod.istio-system.svc on 10.96.0.10:53: no such host"
2021-09-23T02:52:15.706534Z	info	xdsproxy	disconnected from XDS server: istiod.istio-system.svc:15012
2021-09-23T02:52:15.706709Z	warning	envoy config	StreamAggregatedResources gRPC config stream closed: 14, connection error: desc = "transport: Error while dialing dial tcp: lookup istiod.istio-system.svc on 10.96.0.10:53: no such host"
2021-09-23T02:52:20.503604Z	info	xdsproxy	Envoy ADS stream established
2021-09-23T02:52:20.503706Z	info	xdsproxy	connecting to upstream XDS server: istiod.istio-system.svc:15012
2021-09-23T02:52:20.586429Z	error	xdsproxy	failed to create upstream grpc client: rpc error: code = Unavailable desc = connection error: desc = "transport: Error while dialing dial tcp: lookup istiod.istio-system.svc on 10.96.0.10:53: no such host"
2021-09-23T02:52:20.586451Z	info	xdsproxy	disconnected from XDS server: istiod.istio-system.svc:15012
2021-09-23T02:52:20.598527Z	warning	envoy config	StreamAggregatedResources gRPC config stream closed: 14, connection error: desc = "transport: Error while dialing dial tcp: lookup istiod.istio-system.svc on 10.96.0.10:53: no such host"
2021-09-23T02:52:24.727314Z	info	xdsproxy	Envoy ADS stream established
2021-09-23T02:52:24.727920Z	info	xdsproxy	connecting to upstream XDS server: istiod.istio-system.svc:15012
2021-09-23T02:52:30.771217Z	error	xdsproxy	failed to create upstream grpc client: rpc error: code = Unavailable desc = connection error: desc = "transport: Error while dialing dial tcp 10.96.68.72:15012: connect: connection refused"
2021-09-23T02:52:30.771238Z	info	xdsproxy	disconnected from XDS server: istiod.istio-system.svc:15012
2021-09-23T02:52:30.774174Z	warning	envoy config	StreamAggregatedResources gRPC config stream closed: 14, connection error: desc = "transport: Error while dialing dial tcp 10.96.68.72:15012: connect: connection refused"
2021-09-23T02:52:42.907758Z	warn	Envoy proxy is NOT ready: config not received from Pilot (is Pilot running?): cds updates: 0 successful, 0 rejected; lds updates: 0 successful, 0 rejected
2021-09-23T02:52:44.913337Z	warn	Envoy proxy is NOT ready: config not received from Pilot (is Pilot running?): cds updates: 0 successful, 0 rejected; lds updates: 0 successful, 0 rejected
2021-09-23T02:52:46.905358Z	warn	Envoy proxy is NOT ready: config not received from Pilot (is Pilot running?): cds updates: 0 successful, 0 rejected; lds updates: 0 successful, 0 rejected
2021-09-23T02:52:48.907121Z	warn	Envoy proxy is NOT ready: config not received from Pilot (is Pilot running?): cds updates: 0 successful, 0 rejected; lds updates: 0 successful, 0 rejected
2021-09-23T02:52:50.920121Z	warn	Envoy proxy is NOT ready: config not received from Pilot (is Pilot running?): cds updates: 0 successful, 0 rejected; lds updates: 0 successful, 0 rejected
2021-09-23T02:52:52.059419Z	info	xdsproxy	Envoy ADS stream established
2021-09-23T02:52:52.059644Z	info	xdsproxy	connecting to upstream XDS server: istiod.istio-system.svc:15012
2021-09-23T02:52:52.117894Z	warning	envoy filter	mTLS PERMISSIVE mode is used, connection can be either plaintext or TLS, and client cert can be omitted. Please consider to upgrade to mTLS STRICT mode for more secure configuration that only allows TLS connection with client cert. See https://istio.io/docs/tasks/security/mtls-migration/
2021-09-23T02:52:52.119033Z	warning	envoy filter	mTLS PERMISSIVE mode is used, connection can be either plaintext or TLS, and client cert can be omitted. Please consider to upgrade to mTLS STRICT mode for more secure configuration that only allows TLS connection with client cert. See https://istio.io/docs/tasks/security/mtls-migration/
2021-09-23T02:52:52.124293Z	info	sds	resource:ROOTCA new connection
2021-09-23T02:52:52.124418Z	info	sds	Skipping waiting for gateway secret
2021-09-23T02:52:52.125335Z	info	sds	resource:default new connection
2021-09-23T02:52:52.125449Z	info	sds	Skipping waiting for gateway secret
2021-09-23T02:52:52.192179Z	info	cache	Root cert has changed, start rotating root cert for SDS clients
2021-09-23T02:52:52.192204Z	info	cache	GenerateSecret default
2021-09-23T02:52:52.197381Z	info	sds	resource:default pushed key/cert pair to proxy
2021-09-23T02:52:52.324549Z	info	cache	Loaded root cert from certificate ROOTCA
2021-09-23T02:52:52.324858Z	info	sds	resource:ROOTCA pushed root cert to proxy
2021-09-23T02:52:52.905575Z	info	Envoy proxy is ready
2021-09-23T03:24:59.695819Z	info	xdsproxy	disconnected from XDS server: istiod.istio-system.svc:15012
2021-09-23T03:24:59.696566Z	warning	envoy config	StreamAggregatedResources gRPC config stream closed: 0, 
2021-09-23T03:25:00.014333Z	info	xdsproxy	Envoy ADS stream established
2021-09-23T03:25:00.014561Z	info	xdsproxy	connecting to upstream XDS server: istiod.istio-system.svc:15012
[2021-09-23T03:37:25.147Z] "GET /details/0 HTTP/1.1" 503 UF "-" 0 91 90 - "-" "curl/7.52.1" "507f4f72-c53d-999a-864b-71c67c722717" "details:9080" "10.244.2.5:9080" outbound|9080||global-sidecar.default.svc.cluster.local - 10.96.206.167:9080 10.244.1.11:46772 - -
[2021-09-23T03:37:25.265Z] "GET /reviews/0 HTTP/1.1" 503 UF "-" 0 91 0 - "-" "curl/7.52.1" "507f4f72-c53d-999a-864b-71c67c722717" "reviews:9080" "10.244.2.5:9080" outbound|9080||global-sidecar.default.svc.cluster.local - 10.96.27.89:9080 10.244.1.11:42392 - -
[2021-09-23T03:37:25.274Z] "GET /reviews/0 HTTP/1.1" 503 UF "-" 0 91 0 - "-" "curl/7.52.1" "507f4f72-c53d-999a-864b-71c67c722717" "reviews:9080" "10.244.2.5:9080" outbound|9080||global-sidecar.default.svc.cluster.local - 10.96.27.89:9080 10.244.1.11:42396 - -
[2021-09-23T03:37:25.062Z] "GET /productpage HTTP/1.1" 200 - "-" 0 3769 247 227 "-" "curl/7.52.1" "507f4f72-c53d-999a-864b-71c67c722717" "productpage:9080" "127.0.0.1:9080" inbound|9080|| 127.0.0.1:54786 10.244.1.11:9080 10.244.2.12:57852 outbound_.9080_._.productpage.default.svc.cluster.local default

应用容器

➜  ~ kubectl logs productpage-v1-65576bb7bf-rcnfr -c productpage
INFO:root:start at port 9080

 * Serving Flask app "productpage" (lazy loading)
 * Environment: production
   WARNING: Do not use the development server in a production environment.
   Use a production WSGI server instead.
 * Debug mode: on
   INFO:werkzeug: * Running on http://0.0.0.0:9080/ (Press CTRL+C to quit)
   INFO:werkzeug: * Restarting with stat
   INFO:root:start at port 9080
   WARNING:werkzeug: * Debugger is active!
   INFO:werkzeug: * Debugger PIN: 305-281-729
   DEBUG:urllib3.connectionpool:Starting new HTTP connection (1): details:9080
   send: b'GET /details/0 HTTP/1.1\r\nHost: details:9080\r\nuser-agent: curl/7.52.1\r\nAccept-Encoding: gzip, deflate\r\nAccept: */*\r\nConnection: keep-alive\r\nX-B3-TraceId: 3864470a4495b8d10216068955349927\r\nX-B3-SpanId: b88111f1d827040a\r\nX-B3-ParentSpanId: 0216068955349927\r\nX-B3-Sampled: 1\r\nx-request-id: 507f4f72-c53d-999a-864b-71c67c722717\r\n\r\n'
   reply: 'HTTP/1.1 503 Service Unavailable\r\n'
   header: content-length: 91
   header: content-type: text/plain
   header: date: Thu, 23 Sep 2021 03:37:24 GMT
   header: server: envoy
   DEBUG:urllib3.connectionpool:http://details:9080 "GET /details/0 HTTP/1.1" 503 91
   DEBUG:urllib3.connectionpool:Starting new HTTP connection (1): reviews:9080
   send: b'GET /reviews/0 HTTP/1.1\r\nHost: reviews:9080\r\nuser-agent: curl/7.52.1\r\nAccept-Encoding: gzip, deflate\r\nAccept: */*\r\nConnection: keep-alive\r\nX-B3-TraceId: 3864470a4495b8d10216068955349927\r\nX-B3-SpanId: b88111f1d827040a\r\nX-B3-ParentSpanId: 0216068955349927\r\nX-B3-Sampled: 1\r\nx-request-id: 507f4f72-c53d-999a-864b-71c67c722717\r\n\r\n'
   reply: 'HTTP/1.1 503 Service Unavailable\r\n'
   header: content-length: 91
   header: content-type: text/plain
   header: date: Thu, 23 Sep 2021 03:37:24 GMT
   header: server: envoy
   DEBUG:urllib3.connectionpool:http://reviews:9080 "GET /reviews/0 HTTP/1.1" 503 91
   DEBUG:urllib3.connectionpool:Starting new HTTP connection (1): reviews:9080
   send: b'GET /reviews/0 HTTP/1.1\r\nHost: reviews:9080\r\nuser-agent: curl/7.52.1\r\nAccept-Encoding: gzip, deflate\r\nAccept: */*\r\nConnection: keep-alive\r\nX-B3-TraceId: 3864470a4495b8d10216068955349927\r\nX-B3-SpanId: b88111f1d827040a\r\nX-B3-ParentSpanId: 0216068955349927\r\nX-B3-Sampled: 1\r\nx-request-id: 507f4f72-c53d-999a-864b-71c67c722717\r\n\r\n'
   reply: 'HTTP/1.1 503 Service Unavailable\r\n'
   header: content-length: 91
   header: content-type: text/plain
   header: date: Thu, 23 Sep 2021 03:37:24 GMT
   header: server: envoy
   DEBUG:urllib3.connectionpool:http://reviews:9080 "GET /reviews/0 HTTP/1.1" 503 91
   INFO:werkzeug:127.0.0.1 - - [23/Sep/2021 03:37:25] "GET /productpage HTTP/1.1" 200 -

istio-init 

➜  ~ kubectl logs productpage-v1-65576bb7bf-rcnfr -c istio-init 
   Environment:

------------

ENVOY_PORT=
INBOUND_CAPTURE_PORT=
ISTIO_INBOUND_INTERCEPTION_MODE=
ISTIO_INBOUND_TPROXY_MARK=
ISTIO_INBOUND_TPROXY_ROUTE_TABLE=
ISTIO_INBOUND_PORTS=
ISTIO_OUTBOUND_PORTS=
ISTIO_LOCAL_EXCLUDE_PORTS=
ISTIO_SERVICE_CIDR=
ISTIO_SERVICE_EXCLUDE_CIDR=

Variables:

PROXY_PORT=15001
PROXY_INBOUND_CAPTURE_PORT=15006
PROXY_TUNNEL_PORT=15008
PROXY_UID=1337
PROXY_GID=1337
INBOUND_INTERCEPTION_MODE=REDIRECT
INBOUND_TPROXY_MARK=1337
INBOUND_TPROXY_ROUTE_TABLE=133
INBOUND_PORTS_INCLUDE=*
INBOUND_PORTS_EXCLUDE=15090,15021,15020
OUTBOUND_IP_RANGES_INCLUDE=*
OUTBOUND_IP_RANGES_EXCLUDE=
OUTBOUND_PORTS_INCLUDE=
OUTBOUND_PORTS_EXCLUDE=
KUBEVIRT_INTERFACES=
ENABLE_INBOUND_IPV6=false

Writing following contents to rules file:  /tmp/iptables-rules-1632365525899234396.txt110258964

* nat
  -N ISTIO_INBOUND
  -N ISTIO_REDIRECT
  -N ISTIO_IN_REDIRECT
  -N ISTIO_OUTPUT
  -A ISTIO_INBOUND -p tcp --dport 15008 -j RETURN
  -A ISTIO_REDIRECT -p tcp -j REDIRECT --to-ports 15001
  -A ISTIO_IN_REDIRECT -p tcp -j REDIRECT --to-ports 15006
  -A PREROUTING -p tcp -j ISTIO_INBOUND
  -A ISTIO_INBOUND -p tcp --dport 22 -j RETURN
  -A ISTIO_INBOUND -p tcp --dport 15090 -j RETURN
  -A ISTIO_INBOUND -p tcp --dport 15021 -j RETURN
  -A ISTIO_INBOUND -p tcp --dport 15020 -j RETURN
  -A ISTIO_INBOUND -p tcp -j ISTIO_IN_REDIRECT
  -A OUTPUT -p tcp -j ISTIO_OUTPUT
  -A ISTIO_OUTPUT -o lo -s 127.0.0.6/32 -j RETURN
  -A ISTIO_OUTPUT -o lo ! -d 127.0.0.1/32 -m owner --uid-owner 1337 -j ISTIO_IN_REDIRECT
  -A ISTIO_OUTPUT -o lo -m owner ! --uid-owner 1337 -j RETURN
  -A ISTIO_OUTPUT -m owner --uid-owner 1337 -j RETURN
  -A ISTIO_OUTPUT -o lo ! -d 127.0.0.1/32 -m owner --gid-owner 1337 -j ISTIO_IN_REDIRECT
  -A ISTIO_OUTPUT -o lo -m owner ! --gid-owner 1337 -j RETURN
  -A ISTIO_OUTPUT -m owner --gid-owner 1337 -j RETURN
  -A ISTIO_OUTPUT -d 127.0.0.1/32 -j RETURN
  -A ISTIO_OUTPUT -j ISTIO_REDIRECT
  COMMIT

iptables-restore --noflush /tmp/iptables-rules-1632365525899234396.txt110258964
Writing following contents to rules file:  /tmp/ip6tables-rules-1632365526282819021.txt568430947

ip6tables-restore --noflush /tmp/ip6tables-rules-1632365526282819021.txt568430947
iptables-save 

Generated by iptables-save v1.6.1 on Thu Sep 23 02:52:06 2021

*nat
:PREROUTING ACCEPT [0:0]
:INPUT ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
:POSTROUTING ACCEPT [0:0]
:ISTIO_INBOUND - [0:0]
:ISTIO_IN_REDIRECT - [0:0]
:ISTIO_OUTPUT - [0:0]
:ISTIO_REDIRECT - [0:0]
-A PREROUTING -p tcp -j ISTIO_INBOUND
-A OUTPUT -p tcp -j ISTIO_OUTPUT
-A ISTIO_INBOUND -p tcp -m tcp --dport 15008 -j RETURN
-A ISTIO_INBOUND -p tcp -m tcp --dport 22 -j RETURN
-A ISTIO_INBOUND -p tcp -m tcp --dport 15090 -j RETURN
-A ISTIO_INBOUND -p tcp -m tcp --dport 15021 -j RETURN
-A ISTIO_INBOUND -p tcp -m tcp --dport 15020 -j RETURN
-A ISTIO_INBOUND -p tcp -j ISTIO_IN_REDIRECT
-A ISTIO_IN_REDIRECT -p tcp -j REDIRECT --to-ports 15006
-A ISTIO_OUTPUT -s 127.0.0.6/32 -o lo -j RETURN
-A ISTIO_OUTPUT ! -d 127.0.0.1/32 -o lo -m owner --uid-owner 1337 -j ISTIO_IN_REDIRECT
-A ISTIO_OUTPUT -o lo -m owner ! --uid-owner 1337 -j RETURN
-A ISTIO_OUTPUT -m owner --uid-owner 1337 -j RETURN
-A ISTIO_OUTPUT ! -d 127.0.0.1/32 -o lo -m owner --gid-owner 1337 -j ISTIO_IN_REDIRECT
-A ISTIO_OUTPUT -o lo -m owner ! --gid-owner 1337 -j RETURN
-A ISTIO_OUTPUT -m owner --gid-owner 1337 -j RETURN
-A ISTIO_OUTPUT -d 127.0.0.1/32 -j RETURN
-A ISTIO_OUTPUT -j ISTIO_REDIRECT
-A ISTIO_REDIRECT -p tcp -j REDIRECT --to-ports 15001
COMMIT

#Completed on Thu Sep 23 02:52:06 2021

➜  ~

violin_biubiubiu
关注
专栏目录
云原生之深入解析K8S Istio Gateway服务的架构分析与实战操作
╰つ栺尖篴夢ゞ
07-07 3095
Istio 提供一种简单的方式来为已部署的服务建立网络,该网络具有负载均衡、服务间认证、监控、网关等功能,而不需要对服务的代码做任何改动。istio 适用于容器或虚拟机环境(特别是 k8s),兼容异构架构;istio 使用 sidecar(边车模式)代理服务的网络,不需要对业务代码本身做任何的改动;HTTP、gRPC、WebSocket 和 TCP 流量的自动负载均衡;istio 通过丰富的路由规则、重试、故障转移和故障注入,可以对流量行为进行细粒度控制;支持访问控制、速率限制和配额。
如何用istio实现监控和日志采集
weixin_42538690的博客
12-29 4310
大家都知道istio可以帮助我们实现灰度发布、流量监控、流量治理等一些功能。每一个功能都帮助我们在不同场景中实现不同的业务。那我们Istio是如何帮助我们实现监控和日志采集的呢? 这里我们依然以Bookinfo应用程序作为贯穿此任务的示例程序。首先在集群中安装并部署Istio。 收集遥测数据 创建一个新的YAML文件,用来保存Istio将自动生成和收集的新度量标准和日志流的配置。如下图所示 ...
istio访问日志
最新发布
weixin_39246554的博客
12-07 1156
码x2675263825 (舍得), qq:2675263825。[外链图片转存中…(img-pICMRoCb-1701909151066)]🍀 微信公众号《云原生架构师实战》[外链图片转存中…(img-oiUMo0u9-1701909151066)]🍀 个人博客站点[外链图片转存中…(img-7lNopM19-1701909151067)][外链图片转存中…(img-hwPl0lVx-1701909151068)]🍀 语雀。
Istio组件日志设置
热门推荐
罗小爬的技术宝书
09-24 2万+
1.istio-pilot日志级别 编辑istio-system.deployment.istio-pilot,修改args中--log_output_level=default:指定日志级别 2.istio-policy日志级别设置同istio-pilot 3.istio-proxy(envoy日志级别设置 进入istio-proxy容器中,通过如下命令进行设置: curl -...
Istio组件日志与请求日志采集方案
weixin_42688255的博客
09-29 2673
这里写自定义目录标题Istio日志方案背景说明关键问题解决方案实现思路调整范围组件日志请求日志测试流程压测目标压测过程压测结果优化方案附录参考资料 Istio日志方案 背景说明 为方便故障定位、问题溯源和运营分析,采集istio组件日志、请求日志和业务日志是服务网格落地的重要步骤之一。默认情况下,istio相关日志打在容器内,pod销毁重建后日志消失。此外,istio日志量没有预估和分级,很可能出现日志量过大而导致k8s集群不稳定等风险。 关键问题 Istio默认情况下,日志易丢失、难查找和未分级,很容易出
Istio介绍
阿仆的专栏
06-15 2万+
Istio
Kubernetes+Docker+Istio 容器云实践
gao2175的博客
10-17 1236
随着社会的进步与技术的发展,人们对资源的高效利用有了更为迫切的需求。近年来,互联网、移动互联网的高速发展与成熟,大应用的微服务化也引起了企业的热情关注,而基于Kubernetes+Docker的容器云方案也随之进入了大众的视野。开普勒云是一个基于Kubernetes+Docker+Istio的微服务治理解决方案。 一、Microservices 1.1 解决大应用微服务化后的问题 现在各大企业都在...
Istio服务网格技术与实践
03-29
Istio的Pilot组件作为控制面,与Kubernetes API Server交互,动态获取服务信息,并通过Envoy代理(Sidecar)实现服务发现和流量控制。 3. Istio的关键能力: - 流量管理:Istio提供了丰富的路由规则,支持灰度发布...
Istio在阿里云容器服务的部署实践.pptx
10-10
Istio是一个强大的服务网格工具,它在微服务架构中起着关键的作用,尤其是在阿里云容器服务(ACK)上。服务网格是专为处理服务间通信而设计的基础设施层,它使得服务之间的交互更加安全、高效和可管理。在阿里云环境...
istio介绍(二)
chengfangdong的博客
10-21 505
ks-controller-manager 封装的对象,ks-controller-manager的封装功能逻辑以crd对象的方式表现在etcd中,ks-apiserver通过连接k8s-apiserver操作etcd中的crd数据(crd data)即可,操作 ks-controller-manager 扩展的逻辑功能。原因是他们共享了一个分析流水线。ks-apiserver 的主要功能是聚合整个系统的业务功能对外提供同一的API入口,如下图所示ks-apiserver聚合的功能对象主要包含以下几类。
consul connect envoy 启动acls和tls后,grpc连接异常
qq_34884729的博客
10-12 878
但我情况有点怪,系统环境感觉不生效,直接输出的都正常,就是grpc有问题。看到别人说的一个例子,试了一下,居然正常了。consul的文档变得有点快,但看起来越来越清晰,之前看1.13.1的文档,配置啥的东一块西一块,陷阱都有说,但不是在一起!首先,consul的配置很重要,一开始我也是这样想的,后面把研究反向对到envoy身上,为啥envoy集群起不来。少了这个,因为envoy是要用到grpc的,而且consul的grpc专门就是给envoy 的xdc 用的。就这样就可以跑起来的话,就没下面的什么事情了。
解决执行go mod tidy时报错的问题:dial tcp: lookup xxx: no such host
米诺有糖吃
06-09 1910
解决执行go mod tidy时报错的问题:dial tcp: lookup xxx: no such host。
istio-1.8.2 离线安装中出现的问题
changchangaaa的博客
02-24 3169
istio-1.8.2 离线安装中出现的问题 1.出现的istio-ingressgateway与istio-egressgateway的探针检测问题 这个问题国内外经常出现,google,百度都很多,但是没有人最终给一个确切的解决方法,分析很多,具体解决很少。在困扰半个多月,解决问题之后希望记录下来,让大家可以参考。 istio的版本为1.8.2,是这个时间较为新和稳定的一个版本,K8S的版本为1.18也是比较新和稳定的版本,集群环境为K8S上搭建了antrea网络,在此基础上搭建istio环境。以上环境
Istio 限流使用错误记录
baobaoxiannv的博客
09-27 573
原始错误日志: 2021-09-26T09:05:45.937681Z warning envoy config gRPC config for type.googleapis.com/envoy.config.listener.v3.Listener rejected: Error adding/updating listener(s) virtualInbound: local rate descriptor limit is not a multiple of token bucket fill ti
Istio从懵圈到熟练 – 二分之一活的微服务
chikuai9995的博客
09-05 909
Istio is the future!基本上,我相信对云原生技术趋势有些微判断的同学,都会有这个觉悟。其背后的逻辑其实是比较简单的:当容器集群,特别是K8S成为事实上的标准之后,应用必然会不断的复杂化,服务治理肯定会成为强需求。 Istio的现状是,聊的人很多,用的人其实很少。所以导致我们...
Istio中,到底怎么获取 Envoy 访问日志
万猫学社
07-12 1866
httpbin 服务作为接收请求的服务端, sleep 服务作为发送请求的客户端。 还需要开启 Envoy 访问日志,执行以下命令修改 istio 配置:
Istio】error initializing configuration '/etc/istio/proxy/envoy-rev0.json': malformed IP address: is...
weixin_33895475的博客
11-19 562
  今天遇到一个问题,istio的组件一直在重启,查看log大概是这个样子 018-05-03T07:29:49.935580Z info Epoch 0 starting 2018-05-03T07:29:49.936317Z info Envoy command: [-c /etc/istio/proxy/envoy-rev0.json --restart-...
gRPC Service Config
小小书童
12-22 3543
gRPC中的服务配置目的服务配置是一种机制,允许服务所有者发布参数以供其服务的所有客户端自动使用。格式服务配置是以下形式的JSON字符串:{ // 负载均衡策略名称(不区分大小写)。 // 目前,gRPC提供的唯一可选择的客户端策略是“round_robin”,但是第三方可以添加自己的策略。 // 这个字段是可选的; 如果未设置,默认行为是选择第一个可用的后端地址。 // 如果策略名
gRPC LB
小小书童
12-19 3289
gRPC负载均衡范围本文档解释了gRPC内的负载均衡设计。背景每个呼叫负载均衡值得注意的是,gRPC内部的负载均衡是基于每个呼叫而不是每个连接的基础上发生的。换句话说,即使所有请求来自单个客户端,我们仍然希望它们在所有服务器之间进行负载均衡。负载均衡的方法在任何gRPC细节之前,我们探讨一些常用的方法来实现负载均衡。代理模式使用代理提供了一个坚实可靠的客户端,可以向负载均衡系统报告负载。代理通常需要
Istio容器服务的智能监控与流量管理
Kubernetes主要负责应用程序流量的承载、容器编排和扩展,而Istio则负责路由流量、策略执行、流量管理和负载均衡,以及收集和聚合指标、日志和跟踪数据。Istio可作为容器基础设施的监控和警报系统,通过Envoy代理...
评论
添加红包

请填写红包祝福语或标题

红包个数最小为10个

红包金额最低5元

当前余额3.43前往充值 >
需支付:10.00
成就一亿技术人!
领取后你会自动成为博主和红包主的粉丝 规则
hope_wisdom
发出的红包
实付
使用余额支付
点击重新获取
扫码支付
钱包余额 0

抵扣说明:

1.余额是钱包充值的虚拟货币,按照1:1的比例进行支付金额的抵扣。
2.余额无法直接购买下载,可以购买VIP、付费专栏及课程。

余额充值