istio
/
istio.io
mirror of https://github.com/istio/istio.io.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
istio.io/archive/v1.0/help/ops/traffic-management/proxy-cmd/index.html

231 lines
39 KiB
HTML
Raw Permalink Blame History

<!doctype html><html lang=en itemscope itemtype=https://schema.org/WebPage><head><meta charset=utf-8><meta http-equiv=x-ua-compatible content="IE=edge"><meta name=viewport content="width=device-width,initial-scale=1,shrink-to-fit=no"><meta name=theme-color content="#466BB0"><meta name=title content="Debugging Envoy and Pilot"><meta name=description content="Demonstrates how to debug Pilot and Envoy."><meta name=keywords content="microservices,services,mesh,debug,proxy,status,config,pilot,envoy"><meta property="og:title" content="Debugging Envoy and Pilot"><meta property="og:type" content="website"><meta property="og:description" content="Demonstrates how to debug Pilot and Envoy."><meta property="og:url" content="/v1.0/help/ops/traffic-management/proxy-cmd/"><meta property="og:image" content="/v1.0/img/istio-logo-blue-background.svg"><meta property="og:image:alt" content="Istio Logo"><meta property="og:image:width" content="112"><meta property="og:image:height" content="150"><meta property="og:site_name" content="Istio"><meta name=twitter:card content="summary"><meta name=twitter:site content="@IstioMesh"><title>Istioldie 1.0 / Debugging Envoy and Pilot</title><script async src="https://www.googletagmanager.com/gtag/js?id=UA-98480406-2"></script><script>window.dataLayer=window.dataLayer||[];function gtag(){dataLayer.push(arguments);}
gtag('js',new Date());gtag('config','UA-98480406-2');</script><script>var branchName="release-1.0";var docTitle="Debugging Envoy and Pilot";</script><link rel=alternate type=application/rss+xml title="Istio Blog" href=/v1.0/feed.xml><link rel="shortcut icon" href=/v1.0/favicons/favicon.ico><link rel=apple-touch-icon href=/v1.0/favicons/apple-touch-icon-180x180.png sizes=180x180><link rel=icon type=image/png href=/v1.0/favicons/favicon-16x16.png sizes=16x16><link rel=icon type=image/png href=/v1.0/favicons/favicon-32x32.png sizes=32x32><link rel=icon type=image/png href=/v1.0/favicons/android-36x36.png sizes=36x36><link rel=icon type=image/png href=/v1.0/favicons/android-48x48.png sizes=48x48><link rel=icon type=image/png href=/v1.0/favicons/android-72x72.png sizes=72x72><link rel=icon type=image/png href=/v1.0/favicons/android-96x196.png sizes=96x196><link rel=icon type=image/png href=/v1.0/favicons/android-144x144.png sizes=144x144><link rel=icon type=image/png href=/v1.0/favicons/android-192x192.png sizes=192x192><link rel=manifest href=/v1.0/manifest.json><meta name=apple-mobile-web-app-title content="Istio"><meta name=application-name content="Istio"><link rel=stylesheet href="https://fonts.googleapis.com/css?family=Chivo:400,100,100italic,300,300italic,400italic,500,500italic,700,700italic,900,900italic"><link rel=stylesheet href="https://fonts.googleapis.com/css?family=Work Sans:400,100,100italic,300,300italic,400italic,500,500italic,700,700italic,900,900italic"><link rel=stylesheet href=https://maxcdn.bootstrapcdn.com/bootstrap/4.0.0/css/bootstrap.min.css integrity=sha384-Gn5384xqQ1aoWXA+058RXPxPg6fy4IWvTNh0E263XmFcJlSAwiGgFAW/dAiS6JXm crossorigin=anonymous><link rel=stylesheet href=https://use.fontawesome.com/releases/v5.0.6/css/all.css><link rel=stylesheet href=/v1.0/css/light_theme_archive.css title=light><link rel="alternate stylesheet" href=/v1.0/css/dark_theme_archive.css title=dark><script src=/v1.0/js/styleSwitcher.min.js></script></head><body class=language-unknown><header><nav class="navbar navbar-expand-md navbar-dark fixed-top bg-dark justify-content-between"><a class=navbar-brand href=/v1.0/><span class=logo><svg viewBox="0 0 300 300"><circle cx="150" cy="150" r="150" stroke-width="2" /><polygon points="65,240 225,240 125,270"/><polygon points="65,230 125,220 125,110"/><polygon points="135,220 225,230 135,30"/></svg></span><span class=brand-name>Istioldie 1.0</span></a>
<button class=navbar-toggler type=button data-toggle=collapse data-target=#navbarCollapse aria-controls=navbarCollapse aria-expanded=false aria-label="Toggle navigation">
<span class=navbar-toggler-icon></span></button><div class="collapse navbar-collapse justify-content-end" id=navbarCollapse><ul id=navbar-links class="navbar-nav active"><li class=nav-item><a class=nav-link title="Learn how to deploy, use, and operate Istio." href=/v1.0/docs/>Docs</a></li><li class=nav-item><a class=nav-link title="Posts about using Istio." href=/v1.0/blog/2019/announcing-1.0.6/>Blog</a></li><li class=nav-item><a class="nav-link active" title="A bunch of resources to help you deploy, configure and use Istio." href=/v1.0/help/>Help</a></li><li class=nav-item><a class=nav-link title="Get a bit more in-depth info about the Istio project." href=/v1.0/about/>About</a></li><li class="nav-item dropdown" id=gearDropdown style=white-space:nowrap><a title="Options and Settings" href class=nav-link data-toggle=dropdown aria-label=Tools aria-haspopup=true aria-expanded=false><i style=width:1em class="fa fa-lg fa-cog"></i></a><div class="dropdown-menu dropdown-menu-right" aria-labelledby=gearDropdown><a class=dropdown-item id=light-theme-item href onclick="setActiveStyleSheet('light');return false;">Light Theme</a>
<a class=dropdown-item id=dark-theme-item href onclick="setActiveStyleSheet('dark');return false;">Dark Theme</a><div class=dropdown-divider></div><h6 class=dropdown-header>Other versions of this site</h6><a href=https://istio.io class=dropdown-item>Current Release</a>
<a href=https://preliminary.istio.io class=dropdown-item>Next Release</a>
<a href=https://archive.istio.io class=dropdown-item>Older Releases</a></div></li><li class=nav-item><a id=search_show class=nav-link href title="Search istio.io" aria-label=Search><i style=width:1em class="fa fa-lg fa-search"></i></a></li></ul><form name=cse id=search_form class="form-inline mr-sm-2" role=search><input type=hidden name=cx value=013699703217164175118:iwwf17ikgf4>
<input type=hidden name=ie value=utf-8>
<input type=hidden name=hl value=en>
<input type=hidden id=search_page_url value=/v1.0/search.html>
<input id=search_textbox class=form-control name=q type=text aria-label="Search this site">
<button id=search_close type=reset aria-label="Cancel Search"><i class="far fa-lg fa-times-circle"></i></button></form></div></nav></header><div class=container-fluid><div class="row row-offcanvas"><div class="col-0 col-md-3 col-xl-2 sidebar-offcanvas"><nav class="sidebar d-print-none"><div class=spacer></div><div class=directory role=tablist><div class=card><div class=card-header role=tab><div title="A bunch of resources to help you deploy, configure and use Istio."><img src=/v1.0/img/help.svg alt=Icon class=page_icon>
Need Help?</div></div><div role=tabpanel aria-labelledby=header0><div class=card-body><ul class=tree><li class=sublist><label class=tree-toggle><i class="fa fa-lg fa-caret-down"></i><a title="Hints, tips, tricks about running an Istio mesh." href=/v1.0/help/ops/>Operations Guide</a></label><ul class=tree><li><a title="Describes how to use component-level logging to get insights into a running component's behavior." href=/v1.0/help/ops/component-logging/>Component Logging</a></li><li><a title="Describes how to use ControlZ to get insight into individual running components." href=/v1.0/help/ops/controlz/>Component Introspection</a></li><li><a title="How to do low-level debugging of Istio components." href=/v1.0/help/ops/component-debugging/>Component Debugging</a></li><li class=sublist><label class=tree-toggle><i class="fa fa-lg fa-caret-down"></i><a title="Helps you manage the networking aspects of a running mesh." href=/v1.0/help/ops/traffic-management/>Traffic Management</a></label><ul class=tree><li><span class=current title="Demonstrates how to debug Pilot and Envoy.">Debugging Envoy and Pilot</span></li><li><a title="Provides specific deployment and configuration guidelines." href=/v1.0/help/ops/traffic-management/deploy-guidelines/>Deployment and Configuration Guidelines</a></li><li><a title="An introduction to Istio networking operational aspects." href=/v1.0/help/ops/traffic-management/introduction/>Introduction to Network Operations</a></li><li><a title="Describes tools and techniques to observe traffic management or issues related to traffic management." href=/v1.0/help/ops/traffic-management/observing/>Observing Traffic Management</a></li><li><a title="Describes tools and techniques that can be used to root cause networking issues." href=/v1.0/help/ops/traffic-management/troubleshooting/>Troubleshooting Networking Issues</a></li></ul></li><li class=sublist><label class=tree-toggle><i class="fa fa-lg fa-caret-right"></i><a title="Helps you manage the security aspects of a running mesh." href=/v1.0/help/ops/security/>Security</a></label><ul class="tree collapse"><li><a title="Demonstrates how to debug authorization." href=/v1.0/help/ops/security/debugging-authorization/>Debugging Authorization</a></li><li><a title="What to do if Citadel is not behaving properly." href=/v1.0/help/ops/security/repairing-citadel/>Repairing Citadel</a></li><li><a title="What to do if you suspect problems with Istio keys and certificates." href=/v1.0/help/ops/security/keys-and-certs/>Keys and Certificates</a></li><li><a title="What to do if mutual TLS authentication isn't working." href=/v1.0/help/ops/security/mutual-tls/>Mutual TLS</a></li><li><a title="How to get health checks working when mutual TLS is enabled." href=/v1.0/help/ops/security/health-checks-and-mtls/>Health Checks and Mutual TLS</a></li><li><a title="Authorization is enabled, but requests make it through anyway." href=/v1.0/help/ops/security/authorization-permissive/>Authorization Too Permissive</a></li><li><a title="Authorization is enabled and no requests make it through to the service." href=/v1.0/help/ops/security/authorization-restrictive/>Authorization Too Restrictive</a></li><li><a title="What to do if end-user authentication doesn't work." href=/v1.0/help/ops/security/end-user-auth/>End User Authentication</a></li></ul></li><li class=sublist><label class=tree-toggle><i class="fa fa-lg fa-caret-right"></i><a title="Helps you manage telemetry collection and visualization in a running mesh." href=/v1.0/help/ops/telemetry/>Telemetry</a></label><ul class="tree collapse"><li><a href=/v1.0/help/ops/telemetry/missing-metrics/>Missing Metrics</a></li><li><a title="Dealing with Grafana issues." href=/v1.0/help/ops/telemetry/grafana/>Grafana</a></li></ul></li><li class=sublist><label class=tree-toggle><i class="fa fa-lg fa-caret-right"></i><a title="Helps you diagnose and repair Istio installations." href=/v1.0/help/ops/setup/>Installation and Setup</a></label><ul class="tree collapse"><li><a title="Provides a general overview of Istio's use of Kubernetes webhooks and the related issues that can arise." href=/v1.0/help/ops/setup/webhook/>Dynamic Admission Webhooks Overview</a></li><li><a title="Describes Istio's use of Kubernetes webhooks for server-side configuration validation." href=/v1.0/help/ops/setup/validation/>Configuration Validation Webhook</a></li><li><a title="Describes Istio's use of Kubernetes webhooks for automatic sidecar injection." href=/v1.0/help/ops/setup/injection/>Sidecar Injection Webhook</a></li></ul></li><li><a title="Advice on tackling common problems with Istio." href=/v1.0/help/ops/misc/>Miscellaneous</a></li></ul></li><li class=sublist><label class=tree-toggle><i class="fa fa-lg fa-caret-right"></i><a title="Frequently Asked Questions about Istio." href=/v1.0/help/faq/>FAQ</a></label><ul class="tree collapse"><li><a title="General Q & A." href=/v1.0/help/faq/general/>General</a></li><li><a title="Setup Q & A." href=/v1.0/help/faq/setup/>Setup</a></li><li><a title="Security Q & A." href=/v1.0/help/faq/security/>Security</a></li><li><a title="Mixer Q & A." href=/v1.0/help/faq/mixer/>Mixer</a></li><li><a title="Telemetry Q & A." href=/v1.0/help/faq/telemetry/>Telemetry</a></li><li><a title="Traffic Management Q & A." href=/v1.0/help/faq/traffic-management/>Traffic Management</a></li></ul></li><li><a title="A glossary of common Istio terms." href=/v1.0/help/glossary/>Glossary</a></li></ul></div></div></div></div></nav></div><div class="col-12 col-md-9 col-xl-8"><p class=d-md-none><label class=sidebar-toggler data-toggle=offcanvas><i class="fa fa-sign-out-alt"></i></label></p><main aria-labelledby=title><div class=pagenav><p><a href=/v1.0/help/ops/traffic-management/ title="Helps you manage the networking aspects of a running mesh."><i style=transform:scaleX(-1) class="fa fa-level-up-alt"></i>&nbsp;Traffic Management</a></p></div><h1 id=title>Debugging Envoy and Pilot</h1><nav class="toc-inlined d-xl-none d-print-none"><hr><div class=directory role=directory><nav id=InlinedTableOfContents><ul><li><a href=#before-you-begin>Before you begin</a></li><li><a href=#get-an-overview-of-your-mesh>Get an overview of your mesh</a></li><li><a href=#retrieve-diffs-between-envoy-and-istio-pilot>Retrieve diffs between Envoy and Istio Pilot</a></li><li><a href=#deep-dive-into-envoy-configuration>Deep dive into Envoy configuration</a></li><li><a href=#inspecting-bootstrap-configuration>Inspecting Bootstrap configuration</a></li><li><a href=#see-also>See also</a></li></ul></nav></div><hr></nav><p>This task demonstrates how to use the <a href=/v1.0/docs/reference/commands/istioctl/#istioctl-proxy-status><code>proxy-status</code></a>
and <a href=/v1.0/docs/reference/commands/istioctl/#istioctl-proxy-config><code>proxy-config</code></a> commands. The <code>proxy-status</code> command
allows you to get an overview of your mesh and identify the proxy causing the problem. Then <code>proxy-config</code> can be used
to inspect Envoy configuration and diagnose the issue.</p><h2 id=before-you-begin>Before you begin</h2><ul><li>Have a Kubernetes cluster with Istio and Bookinfo installed (e.g use <code>istio.yaml</code> as described in
<a href=/v1.0/docs/setup/kubernetes/quick-start/#installation-steps>installation steps</a> and
<a href=/v1.0/docs/examples/bookinfo/#if-you-are-running-on-kubernetes>Bookinfo installation steps</a>).</li></ul><p>OR</p><ul><li>Use similar commands against your own application running in a Kubernetes cluster.</li></ul><h2 id=get-an-overview-of-your-mesh>Get an overview of your mesh</h2><p>The <code>proxy-status</code> command allows you to get an overview of your mesh. If you suspect one of your sidecars isn't
receiving configuration or is out of sync then <code>proxy-status</code> will tell you this.</p><pre><code class=language-command>$ istioctl proxy-status
PROXY CDS LDS EDS RDS PILOT
details-v1-6dcc6fbb9d-wsjz4.default SYNCED SYNCED SYNCED (100%) SYNCED istio-pilot-75bdf98789-tfdvh
istio-egressgateway-c49694485-l9d5l.istio-system SYNCED SYNCED SYNCED (100%) NOT SENT istio-pilot-75bdf98789-tfdvh
istio-ingress-6458b8c98f-7ks48.istio-system SYNCED SYNCED SYNCED (100%) NOT SENT istio-pilot-75bdf98789-n2kqh
istio-ingressgateway-7d6874b48f-qxhn5.istio-system SYNCED SYNCED SYNCED (100%) SYNCED istio-pilot-75bdf98789-n2kqh
productpage-v1-6c886ff494-hm7zk.default SYNCED SYNCED SYNCED (100%) STALE istio-pilot-75bdf98789-n2kqh
ratings-v1-5d9ff497bb-gslng.default SYNCED SYNCED SYNCED (100%) SYNCED istio-pilot-75bdf98789-n2kqh
reviews-v1-55d4c455db-zjj2m.default SYNCED SYNCED SYNCED (100%) SYNCED istio-pilot-75bdf98789-n2kqh
reviews-v2-686bbb668-99j76.default SYNCED SYNCED SYNCED (100%) SYNCED istio-pilot-75bdf98789-tfdvh
reviews-v3-7b9b5fdfd6-4r52s.default SYNCED SYNCED SYNCED (100%) SYNCED istio-pilot-75bdf98789-n2kqh</code></pre><p>If a proxy is missing from this list it means that it is not currently connected to a Pilot instance so will not be
receiving any configuration.</p><ul><li><code>SYNCED</code> means that Envoy has acknowledged the last configuration Pilot has sent to it.</li><li><code>SYNCED (100%)</code> means that Envoy has successfully synced all of the endpoints in the cluster.</li><li><code>NOT SENT</code> means that Pilot hasn't sent anything to Envoy. This usually is because Pilot has nothing to send.</li><li><code>STALE</code> means that Pilot has sent an update to Envoy but has not received an acknowledgement. This usually indicates
a networking issue between Envoy and Pilot or a bug with Istio itself.</li></ul><h2 id=retrieve-diffs-between-envoy-and-istio-pilot>Retrieve diffs between Envoy and Istio Pilot</h2><p>The <code>proxy-status</code> command can also be used to retrieve a diff between the configuration Envoy has loaded and the
configuration Pilot would send, by providing a proxy ID. This can help you determine exactly what is out of sync and
where the issue may lie.</p><pre><code class=language-command-output-as-json>$ istioctl proxy-status details-v1-6dcc6fbb9d-wsjz4.default
--- Pilot Clusters
&#43;&#43;&#43; Envoy Clusters
@@ -374,36 &#43;374,14 @@
&#34;edsClusterConfig&#34;: {
&#34;edsConfig&#34;: {
&#34;ads&#34;: {
}
},
&#34;serviceName&#34;: &#34;outbound|443||public-cr0bdc785ce3f14722918080a97e1f26be-alb1.kube-system.svc.cluster.local&#34;
- },
- &#34;connectTimeout&#34;: &#34;1.000s&#34;,
- &#34;circuitBreakers&#34;: {
- &#34;thresholds&#34;: [
- {
-
- }
- ]
- }
- }
- },
- {
- &#34;cluster&#34;: {
- &#34;name&#34;: &#34;outbound|53||kube-dns.kube-system.svc.cluster.local&#34;,
- &#34;type&#34;: &#34;EDS&#34;,
- &#34;edsClusterConfig&#34;: {
- &#34;edsConfig&#34;: {
- &#34;ads&#34;: {
-
- }
- },
- &#34;serviceName&#34;: &#34;outbound|53||kube-dns.kube-system.svc.cluster.local&#34;
},
&#34;connectTimeout&#34;: &#34;1.000s&#34;,
&#34;circuitBreakers&#34;: {
&#34;thresholds&#34;: [
{
}
Listeners Match
Routes Match</code></pre><p>Here you can see that the listeners and routes match but the clusters are out of sync.</p><h2 id=deep-dive-into-envoy-configuration>Deep dive into Envoy configuration</h2><p>The <code>proxy-config</code> command can be used to see how a given Envoy instance is configured. This can then be used to
pinpoint any issues you are unable to detect by just looking through your Istio configuration and custom resources.
To get a basic summary of clusters, listeners or routes for a given pod use the command as follows (changing clusters
for listeners or routes when required):</p><pre><code class=language-command>$ istioctl proxy-config clusters -n istio-system istio-ingressgateway-7d6874b48f-qxhn5
SERVICE FQDN PORT SUBSET DIRECTION TYPE
BlackHoleCluster - - - STATIC
details.default.svc.cluster.local 9080 - outbound EDS
heapster.kube-system.svc.cluster.local 80 - outbound EDS
istio-citadel.istio-system.svc.cluster.local 8060 - outbound EDS
istio-citadel.istio-system.svc.cluster.local 9093 - outbound EDS
istio-egressgateway.istio-system.svc.cluster.local 80 - outbound EDS
...</code></pre><p>In order to debug Envoy you need to understand Envoy clusters/listeners/routes/endpoints and how they all interact.
We will use the <code>proxy-config</code> command with the <code>-o json</code> and filtering flags to follow Envoy as it determines where
to send a request from the <code>productpage</code> pod to the <code>reviews</code> pod at <code>reviews:9080</code>.</p><ol><li><p>If you query the listener summary on a pod you will notice Istio generates the following listeners:</p><ul><li>A listener on <code>0.0.0.0:15001</code> that receives all traffic into and out of the pod, then hands the request over to
a virtual listener.</li><li>A virtual listener per service IP, per each non-HTTP for outbound TCP/HTTPS traffic.</li><li>A virtual listener on the pod IP for each exposed port for inbound traffic.</li><li>A virtual listener on <code>0.0.0.0</code> per each HTTP port for outbound HTTP traffic.</li></ul><pre><code class=language-command>$ istioctl proxy-config listeners productpage-v1-6c886ff494-7vxhs
ADDRESS PORT TYPE
172.21.252.250 15005 TCP &lt;--&#43;
172.21.252.250 15011 TCP |
172.21.79.56 42422 TCP |
172.21.160.5 443 TCP |
172.21.157.6 443 TCP |
172.21.117.222 443 TCP |
172.21.0.10 53 TCP |
172.21.126.131 443 TCP | Receives outbound non-HTTP traffic for relevant IP:PORT pair from listener `0.0.0.0_15001`
172.21.160.5 31400 TCP |
172.21.81.159 9102 TCP |
172.21.0.1 443 TCP |
172.21.126.131 80 TCP |
172.21.119.8 443 TCP |
172.21.112.64 80 TCP |
172.21.179.54 443 TCP |
172.21.165.197 443 TCP &lt;--&#43;
0.0.0.0 9090 HTTP &lt;-&#43;
0.0.0.0 8060 HTTP |
0.0.0.0 15010 HTTP |
0.0.0.0 15003 HTTP |
0.0.0.0 15004 HTTP |
0.0.0.0 9093 HTTP | Receives outbound HTTP traffic for relevant port from listener `0.0.0.0_15001`
0.0.0.0 15007 HTTP |
0.0.0.0 8080 HTTP |
0.0.0.0 9091 HTTP |
0.0.0.0 9080 HTTP |
0.0.0.0 80 HTTP &lt;-&#43;
0.0.0.0 15001 TCP // Receives all inbound and outbound traffic to the pod from IP tables and hands over to virtual listener
172.30.164.190 9080 HTTP // Receives all inbound traffic on 9080 from listener `0.0.0.0_15001`</code></pre></li><li><p>From the above summary you can see that every sidecar has a listener bound to <code>0.0.0.0:15001</code> which is where
IP tables routes all inbound and outbound pod traffic to. This listener has <code>useOriginalDst</code> set to true which means
it hands the request over to the listener that best matches the original destination of the request.
If it can't find any matching virtual listeners it sends the request to the <code>BlackHoleCluster</code> which returns a 404.</p><pre><code class=language-command-output-as-json>$ istioctl proxy-config listeners productpage-v1-6c886ff494-7vxhs --port 15001 -o json
{
&#34;name&#34;: &#34;virtual&#34;,
&#34;address&#34;: {
&#34;socketAddress&#34;: {
&#34;address&#34;: &#34;0.0.0.0&#34;,
&#34;portValue&#34;: 15001
}
},
&#34;filterChains&#34;: [
{
&#34;filters&#34;: [
{
&#34;name&#34;: &#34;envoy.tcp_proxy&#34;,
&#34;config&#34;: {
&#34;cluster&#34;: &#34;BlackHoleCluster&#34;,
&#34;stat_prefix&#34;: &#34;BlackHoleCluster&#34;
}
}
]
}
],
&#34;useOriginalDst&#34;: true
}</code></pre></li><li><p>Our request is an outbound HTTP request to port <code>9080</code> this means it gets handed off to the <code>0.0.0.0:9080</code> virtual
listener. This listener then looks up the route configuration in its configured RDS. In this case it will be looking
up route <code>9080</code> in RDS configured by Pilot (via ADS).</p><pre><code class=language-command-output-as-json>$ istioctl proxy-config listeners productpage-v1-6c886ff494-7vxhs -o json --address 0.0.0.0 --port 9080
...
&#34;rds&#34;: {
&#34;config_source&#34;: {
&#34;ads&#34;: {}
},
&#34;route_config_name&#34;: &#34;9080&#34;
}
...</code></pre></li><li><p>The <code>9080</code> route configuration only has a virtual host for each service. Our request is heading to the reviews
service so Envoy will select the virtual host to which our request matches a domain. Once matched on domain Envoy
looks for the first route that matches the request. In this case we don't have any advanced routing so there is only
one route that matches on everything. This route tells Envoy to send the request to the
<code>outbound|9080||reviews.default.svc.cluster.local</code> cluster.</p><pre><code class=language-command-output-as-json>$ istioctl proxy-config routes productpage-v1-6c886ff494-7vxhs --name 9080 -o json
[
{
&#34;name&#34;: &#34;9080&#34;,
&#34;virtualHosts&#34;: [
{
&#34;name&#34;: &#34;reviews.default.svc.cluster.local:9080&#34;,
&#34;domains&#34;: [
&#34;reviews.default.svc.cluster.local&#34;,
&#34;reviews.default.svc.cluster.local:9080&#34;,
&#34;reviews&#34;,
&#34;reviews:9080&#34;,
&#34;reviews.default.svc.cluster&#34;,
&#34;reviews.default.svc.cluster:9080&#34;,
&#34;reviews.default.svc&#34;,
&#34;reviews.default.svc:9080&#34;,
&#34;reviews.default&#34;,
&#34;reviews.default:9080&#34;,
&#34;172.21.152.34&#34;,
&#34;172.21.152.34:9080&#34;
],
&#34;routes&#34;: [
{
&#34;match&#34;: {
&#34;prefix&#34;: &#34;/&#34;
},
&#34;route&#34;: {
&#34;cluster&#34;: &#34;outbound|9080||reviews.default.svc.cluster.local&#34;,
&#34;timeout&#34;: &#34;0.000s&#34;
},
...</code></pre></li><li><p>This cluster is configured to retrieve the associated endpoints from Pilot (via ADS). So Envoy will then use the
<code>serviceName</code> field as a key to look up the list of Endpoints and proxy the request to one of them.</p><pre><code class=language-command-output-as-json>$ istioctl proxy-config clusters --fqdn reviews.default.svc.cluster.local -o json
[
{
&#34;name&#34;: &#34;outbound|9080||reviews.default.svc.cluster.local&#34;,
&#34;type&#34;: &#34;EDS&#34;,
&#34;edsClusterConfig&#34;: {
&#34;edsConfig&#34;: {
&#34;ads&#34;: {}
},
&#34;serviceName&#34;: &#34;outbound|9080||reviews.default.svc.cluster.local&#34;
},
&#34;connectTimeout&#34;: &#34;1.000s&#34;,
&#34;circuitBreakers&#34;: {
&#34;thresholds&#34;: [
{}
]
}
}
]</code></pre></li></ol><h2 id=inspecting-bootstrap-configuration>Inspecting Bootstrap configuration</h2><p>So far we have looked at configuration retrieved (mostly) from Pilot, however Envoy requires some bootstrap configuration that
includes information like where Pilot can be found. To view this use the following command:</p><pre><code class=language-command-output-as-json>$ istioctl proxy-config bootstrap -n istio-system istio-ingressgateway-7d6874b48f-qxhn5
{
&#34;bootstrap&#34;: {
&#34;node&#34;: {
&#34;id&#34;: &#34;router~172.30.86.14~istio-ingressgateway-7d6874b48f-qxhn5.istio-system~istio-system.svc.cluster.local&#34;,
&#34;cluster&#34;: &#34;istio-ingressgateway&#34;,
&#34;metadata&#34;: {
&#34;POD_NAME&#34;: &#34;istio-ingressgateway-7d6874b48f-qxhn5&#34;,
&#34;istio&#34;: &#34;sidecar&#34;
},
&#34;buildVersion&#34;: &#34;0/1.8.0-dev//RELEASE&#34;
},
...</code></pre><h2 id=see-also>See also</h2><div class=see-also><div class=container-fluid><div class=row><div class="col-xs-12 col-sm-6 col-xl-4"><p class=link><a href=/v1.0/help/ops/security/debugging-authorization/>Debugging Authorization</a></p><p class=desc>Demonstrates how to debug authorization.</p></div><div class="col-xs-12 col-sm-6 col-xl-4"><p class=link><a href=/v1.0/docs/concepts/policies-and-telemetry/>Policies and Telemetry</a></p><p class=desc>Describes the policy enforcement and telemetry mechanisms.</p></div></div></div></div></main><div class="container-fluid d-print-none"><br><div class=row><div class="col-6 pagenav"></div><div class="col-6 pagenav" style=text-align:right><p><a title="Provides specific deployment and configuration guidelines." href=/v1.0/help/ops/traffic-management/deploy-guidelines/>Deployment and Configuration Guidelines
<i class="fa fa-long-arrow-alt-right"></i></a></p></div></div></div><div class="d-none d-print-block" aria-hidden=true><h2>Links</h2><ol id=endnotes></ol></div></div><div class="col-12 col-md-2 d-none d-xl-block d-print-none"><nav class=toc><div class=spacer></div><div id=toc class=directory role=directory><nav id=TableOfContents><ul><li><a href=#before-you-begin>Before you begin</a></li><li><a href=#get-an-overview-of-your-mesh>Get an overview of your mesh</a></li><li><a href=#retrieve-diffs-between-envoy-and-istio-pilot>Retrieve diffs between Envoy and Istio Pilot</a></li><li><a href=#deep-dive-into-envoy-configuration>Deep dive into Envoy configuration</a></li><li><a href=#inspecting-bootstrap-configuration>Inspecting Bootstrap configuration</a></li><li><a href=#see-also>See also</a></li></ul></nav></div></nav></div></div></div><footer class="d-print-none container-fluid"><div class=row><div class="col-5 col-lg-4" role=navigation><div class=container-fluid><div class=row><div class=icon><span>discuss</span>
<a title="Join the Istio discussion board to participate in discussions and get help troubleshooting problems" href=https://discuss.istio.io aria-label="Istio discussion board"><svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 448 512"><path d="M225.9 32C103.3 32 0 130.5.0 252.1.0 256 .1 480 .1 480l225.8-.2c122.7.0 222.1-102.3 222.1-223.9S348.6 32 225.9 32zM224 384c-19.4.0-37.9-4.3-54.4-12.1L88.5 392l22.9-75c-9.8-18.1-15.4-38.9-15.4-61 0-70.7 57.3-128 128-128s128 57.3 128 128-57.3 128-128 128z" /></svg></a></div><div class=icon><span>slack</span>
<a title="Interactively discuss issues with the Istio community on Slack" href=https://istio.slack.com aria-label=slack><svg viewBox="0 0 31.444 31.443"><path d="M31.202 16.369c-.62-1.388-2.249-2.011-3.637-1.391l-1.325.594-3.396-7.591 1.325-.592c1.388-.622 2.01-2.25 1.389-3.637-.62-1.389-2.248-2.012-3.637-1.39l-1.324.593-.593-1.326c-.621-1.388-2.249-2.009-3.637-1.388-1.388.62-2.009 2.247-1.389 3.637l.593 1.325L7.98 8.598 7.388 7.273c-.621-1.39-2.249-2.009-3.637-1.39C2.363 6.504 1.742 8.132 2.362 9.52l.592 1.324L1.63 11.438c-1.388.621-2.01 2.247-1.389 3.636.62 1.388 2.249 2.01 3.637 1.39l1.325-.594 3.394 7.592-1.325.592c-1.388.621-2.009 2.25-1.389 3.637.621 1.389 2.249 2.011 3.637 1.391l1.324-.593.593 1.325c.621 1.389 2.249 2.01 3.637 1.389 1.387-.62 2.009-2.248 1.388-3.636l-.591-1.326 7.591-3.394.592 1.321c.621 1.391 2.248 2.013 3.637 1.392 1.388-.619 2.01-2.248 1.389-3.637l-.592-1.324 1.323-.594C31.201 19.384 31.823 17.757 31.202 16.369zM13.623 21.215l-3.395-7.593 7.591-3.394 3.395 7.591L13.623 21.215z"/></svg></a></div><div class=icon><span>twitter</span>
<a title="Follow us on Twitter to get the latest news" href=https://twitter.com/IstioMesh aria-label=Twitter><svg viewBox="0 0 310 310"><path d="M302.973 57.388c-4.87 2.16-9.877 3.983-14.993 5.463 6.057-6.85 10.675-14.91 13.494-23.73.632-1.977-.023-4.141-1.648-5.434-1.623-1.294-3.878-1.449-5.665-.39-10.865 6.444-22.587 11.075-34.878 13.783-12.381-12.098-29.197-18.983-46.581-18.983-36.695.0-66.549 29.853-66.549 66.547.0 2.89.183 5.764.545 8.598C101.163 99.244 58.83 76.863 29.76 41.204c-1.036-1.271-2.632-1.956-4.266-1.825-1.635.128-3.104 1.05-3.93 2.467-5.896 10.117-9.013 21.688-9.013 33.461.0 16.035 5.725 31.249 15.838 43.137-3.075-1.065-6.059-2.396-8.907-3.977-1.529-.851-3.395-.838-4.914.033-1.52.871-2.473 2.473-2.513 4.224-.007.295-.007.59-.007.889.0 23.935 12.882 45.484 32.577 57.229-1.692-.169-3.383-.414-5.063-.735-1.732-.331-3.513.276-4.681 1.597-1.17 1.32-1.557 3.16-1.018 4.84 7.29 22.76 26.059 39.501 48.749 44.605-18.819 11.787-40.34 17.961-62.932 17.961-4.714.0-9.455-.277-14.095-.826-2.305-.274-4.509 1.087-5.294 3.279-.785 2.193.047 4.638 2.008 5.895 29.023 18.609 62.582 28.445 97.047 28.445 67.754.0 110.139-31.95 133.764-58.753 29.46-33.421 46.356-77.658 46.356-121.367.0-1.826-.028-3.67-.084-5.508 11.623-8.757 21.63-19.355 29.773-31.536 1.237-1.85 1.103-4.295-.33-5.998C307.394 57.037 305.009 56.486 302.973 57.388z"/></svg></a></div><div class=icon><span>stack overflow</span>
<a title="Stack Overflow is where you can ask questions and find curated answers on deploying, configuring, and using Istio" href=https://stackoverflow.com/questions/tagged/istio aria-label="Stack Overflow"><svg viewBox="0 0 120 120"><polygon points="84.4,93.8 84.4,70.6 92.1,70.6 92.1,101.5 22.6,101.5 22.6,70.6 30.3,70.6 30.3,93.8"/><path d="M38.8 68.4l37.8 7.9 1.6-7.6-37.8-7.9L38.8 68.4zM43.8 50.4l35 16.3 3.2-7-35-16.4L43.8 50.4zM53.5 33.2l29.7 24.7 4.9-5.9L58.4 27.3 53.5 33.2zM72.7 14.9l-6.2 4.6 23 31 6.2-4.6-23-31zM38 86h38.6v-7.7H38V86z"/></svg></a></div></div><div class="tag row d-none d-lg-flex">for everyone</div></div></div><div class="col-7 col-lg-4"><p class="text-center copyright" role=contentinfo>Istio
Archive
1.0<br>&copy; 2019 Istio Authors, <a href=https://policies.google.com/privacy>Privacy Policy</a><br>Archived on March 19, 2019</p></div><div class="col-6 col-lg-4 d-none d-lg-flex" role=navigation><div class=container-fluid><div class="row justify-content-end"><div class=icon><span>github</span>
<a title="GitHub is where development takes place on Istio code" href=https://github.com/istio/community aria-label=GitHub><svg viewBox="0 0 478.165 478.165"><path d="M349.22 55.768c6.136 14.046 10.241 37.556 4.224 54.69 24.426 20.999 33.073 71.904 21.079 113.704 35.006 2.73 76.666-1.235 103.642 9.484-25.183-3.248-59.651-9.563-91.987-7.431-6.136.458-15.361-.239-14.903 8.408 37.735 3.008 75.092 6.117 105.894 15.779-30.702-4.981-67.74-12.552-105.894-13.668-15.54 30.921-47.239 46.262-90.991 49.49 4.682 10.261 13.847 14.066 15.879 30.702 3.267 24.406-4.881 60.328 3.208 76.686 4.064 7.89 10.579 8.009 14.863 14.604-10.699 12.871-37.257-1.395-40.186-14.604-5.14-22.852 7.89-58.256-6.415-73.737.996 24.865-5.718 59.85.996 82.145 2.789 8.806 10.659 12.113 8.647 20.063-49.809 5.08-28.989-64.373-37.177-105.356-7.471.697-4.204 11.197-4.224 15.76-.199 40.106 8.189 94.836-34.846 89.556-1.315-8.348 5.838-11.217 8.467-19.007 7.91-22.434-1.454-56.045 2.112-83.161-16.417 12.512 1.793 55.666-8.428 77.961-5.838 12.671-24.785 18.27-39.19 12.651 1.873-9.464 11.695-7.989 15.879-16.875 5.818-12.452.02-30.244 2.092-48.494-30.423 6.097-53.993-.877-65.608-20.023-5.12-8.507-6.356-18.708-12.632-26.219-6.117-7.551-16.098-8.507-19.087-18.808 37.755-9.185 39.17 38.771 73.06 39.807 10.44.418 15.799-2.909 25.402-5.16 2.749-12.113 8.428-21.039 16.875-27.494-42.078-5.658-76.865-18.788-93.023-50.466-38.293 1.893-73.339 7.013-105.894 14.843 29.547-10.679 65.807-14.604 104.778-15.819-2.351-13.807-22.434-10.022-34.866-9.543C47.677 227.17 18.449 230.138.0 233.645c26.817-9.543 64.233-8.348 100.454-8.428-11.038-34.767-7.232-90.014 17.015-110.615-6.854-17.254-4.722-45.346 4.184-58.834 27.036 1.175 43.374 12.891 60.388 24.247 21.019-6.017 43.035-9.045 71.904-7.451 12.133.677 24.705 6.097 33.731 5.32 8.906-.877 18.728-10.898 27.534-14.843C326.507 58.099 336.17 56.206 349.22 55.768z"/></svg></a></div><div class=icon><span>drive</span>
<a title="Access our team drive if you'd like to take a look at the Istio technical design documents" href=https://groups.google.com/forum/#!forum/istio-team-drive-access aria-label="team drive"><svg viewBox="0 0 207.027 207.027"><path d="M69.866 15.557.0 138.919l28.732 52.552 143.288-.029 35.008-59.588L136.39 15.735 69.866 15.557zM17.166 139.046 74.268 38.205 91.21 67.783 33.24 168.447 17.166 139.046zM99.841 82.851l23.805 41.558-47.732-.006L99.841 82.851zM163.434 176.443l-117.332.024 21.53-37.065 64.606.008.067.119 52.865-.085L163.434 176.443zM140.932 124.411 90.157 35.767l-2.966-5.178 40.751.121 57.003 93.706L140.932 124.411z"/></svg></a></div><div class=icon><span>working groups</span>
<a title="If you'd like to contribute to the Istio project, consider participating in our working groups" href=https://github.com/istio/community/blob/master/WORKING-GROUPS.md aria-label="working groups"><svg viewBox="0 -45 439.833 439.833"><polygon points="246.048,195.833 299.966,235.085 319.497,227.296 276.278,195.833"/><polygon points="193.786,195.833 163.556,195.833 120.33,227.3 139.862,235.089"/><path d="M219.927 11.558c-23.854.0-37.057 12.362-36.814 36.182.348 32.623 14.211 52.414 36.814 52.068.0.0 36.802 1.492 36.802-52.068C256.729 23.918 244.294 11.558 219.927 11.558z"/><path d="M285.017 124.567l-36.77-14.659-8.608-7.256c-2.274-1.922-5.636-1.78-7.741.317l-11.973 11.904-12.008-11.907c-2.109-2.094-5.465-2.229-7.736-.313l-8.611 7.256-36.77 14.661c-11.842 4.715-11.83 46.647-12.848 50.497h155.93C296.866 171.228 296.862 129.28 285.017 124.567z"/><path d="M77.976 228.568s36.801 1.492 36.801-52.068c0-23.82-12.434-36.182-36.801-36.182-23.854.0-37.057 12.362-36.814 36.182C41.509 209.124 55.372 228.915 77.976 228.568z"/><path d="M143.065 253.329l-36.77-14.658-8.609-7.256c-2.275-1.923-5.635-1.781-7.742.315l-11.971 11.904-12.008-11.908c-2.109-2.094-5.465-2.229-7.736-.312l-8.611 7.256-36.77 14.66C1.006 258.045 1.018 299.977.0 303.827h155.93C154.915 299.988 154.911 258.042 143.065 253.329z"/><path d="M361.878 228.568s36.801 1.492 36.801-52.068c0-23.82-12.434-36.182-36.801-36.182-23.854.0-37.057 12.362-36.812 36.182C325.411 209.124 339.274 228.915 361.878 228.568z"/><path d="M426.968 253.329l-36.77-14.658-8.609-7.256c-2.273-1.923-5.635-1.781-7.742.315l-11.971 11.904-12.008-11.908c-2.109-2.094-5.465-2.229-7.736-.312l-8.61 7.256-36.771 14.66c-11.842 4.715-11.83 46.646-12.848 50.497h155.93C438.817 299.988 438.812 258.042 426.968 253.329z"/></svg></a></div></div><div class="tag row justify-content-end text-right">for developers</div></div></div></div></footer><div class="d-xl-none d-print-none"><button id=scroll-to-top aria-hidden=true onclick=scrollToTop() title="Back to top"><i class="fa fa-lg fa-arrow-up"></i></button></div><script src=https://code.jquery.com/jquery-3.2.1.slim.min.js integrity=sha384-KJ3o2DKtIkvYIK3UENzmM7KCkRr/rE9/Qpg6aAZGJwFDMVNA/GpGFF93hXpG5KkN crossorigin=anonymous></script><script src=https://maxcdn.bootstrapcdn.com/bootstrap/4.0.0/js/bootstrap.min.js integrity=sha384-JZR6Spejh4U02d8jOt6vLEHfe/JQGiRRSQQxSfFWpi1MquVdAyjUar5+76PVCmYl crossorigin=anonymous></script><script src=https://cdnjs.cloudflare.com/ajax/libs/clipboard.js/1.7.1/clipboard.min.js></script><script src="https://www.google.com/cse/brand?form=search_form"></script><script src=/v1.0/js/all.min.js data-manual></script></body></html>
Reference in New Issue View Git Blame Copy Permalink