Configure access logs with Telemetry API
Telemetry API has been in Istio as a first-class API for quite sometime now.
Previously users had to configure telemetry in the MeshConfig
section of Istio configuration.
Before you begin
Setup Istio by following the instructions in the Installation guide6.
Deploy the curl8 sample app to use as a test source for sending requests. If you have automatic sidecar injection enabled, run the following command to deploy the sample app:
Otherwise, manually inject the sidecar before deploying the
curl
application with the following command:Set the
SOURCE_POD
environment variable to the name of your source pod:
Start the httpbin10 sample.
If you have enabled automatic sidecar injection, deploy the
httpbin
service:Otherwise, you have to manually inject the sidecar before deploying the
httpbin
application:
Installation
In this example, we will send logs to Grafana Loki12 so make sure it is installed:
Get started with Telemetry API
Enable access logging
The above example uses the built-in
envoy
access log provider, and we do not configure anything other than default settings.Disable access log for specific workload
You can disable access log for
curl
service with the following configuration:Filter access log with workload mode
You can disable inbound access log for
httpbin
service with the following configuration:Filter access log with CEL expression
The following configuration displays access log only when response code is greater or equal to 500:
Set default filter access log with CEL expression
The following configuration displays access logs only when the response code is greater or equal to 400 or the request went to the BlackHoleCluster or the PassthroughCluster: Note: The
xds.cluster_name
is only available with Istio release 1.16.2 and higherFilter health check access logs with CEL expression
The following configuration displays access logs only when the logs are not generated by the Amazon Route 53 Health Check Service. Note: The
request.useragent
is specific to HTTP traffic, therefore to avoid breaking TCP traffic, we need to check for the existence of the field. For more information, see CEL Type CheckingFor more information, see Use expressions for values
Work with OpenTelemetry provider
Istio supports sending access logs with OpenTelemetry16 protocol, as explained here17.
Cleanup
Remove all Telemetry API:
Remove
loki
:Uninstall Istio from the cluster: