How to enable Envoy access logging in Rancher v2.3 and v2.4 deployed Istio
This document (000020038) is provided subject to the disclaimer at the end of this document.
Situation
Task
This article details how to enable Envoy's access logging, for Rancher deployed Istio, in Rancher v2.3 and v2.4
Pre-requisites
- A Kubernetes cluster managed by Rancher v2.3 or v2.4, with Istio enabled
Resolution
Access logging can be enabled for Envoy, in Rancher deployed Istio, by setting the global.proxy.accessLogFile
path and global.proxy.accessLogEncoding
type via Custom Answers on the Istio configuration.
Setting the accessLogFile
path to /dev/stdout
will route the Envoy access logs to the istio-sidecar
container logs, exposing them via kubectl logs
or any log forwarding endpoint you have configured in the cluster.
The log format, specified in accessLogEncoding
, can be set to JSON or TEXT.
To enable access logging, perform the following steps:
- Navigate to the cluster view in the Rancher UI for the desired cluster and select
Tools
>Istio
. -
Under the
Custom Answers
section, enter the following two value pairs and clickSave
orEnable
(the option will depend on whether you have Istio enabled in the cluster already):global.proxy.accessLogFile=/dev/stdout global.proxxy.accessLogEncoding=JSON
-
After enabling access logging, you can test the configuration with the Istio
sleep
andhttpbin
sample applications, per the Istio documentation.
Further reading
Disclaimer
This Support Knowledgebase provides a valuable tool for SUSE customers and parties interested in our products and solutions to acquire information, ideas and learn from one another. Materials are provided for informational, personal or non-commercial use within your organization and are presented "AS IS" WITHOUT WARRANTY OF ANY KIND.
- Document ID:000020038
- Creation Date: 06-May-2021
- Modified Date:06-May-2021
-
- SUSE Rancher
For questions or concerns with the SUSE Knowledgebase please contact: tidfeedback[at]suse.com