I have istio 1.1.3 with mtls and service-registry on a kubespray k8 cluster. I want to secure all outgoing traffic, hence I create service-entries for each external service that my services want to talk to.
I would like to use istio-proxy logs to see the blocked communication attempts for all sort of traffic.
If i curl from within container to a (blocked) http://google.com i see 404 NR in istio-proxy logs. Also curl receives 404. As expected
If i change call to use https, and curl (still blocked) https://google.com, i see the following curl error (35) Unknown SSL protocol error in connection to google.com:443 and nothing shows up in istio-proxy logs (why nothing?)
How can i see all connection attempts in istio-proxy? I have a pretty convoluted bunch of services that do covert-ops outgoing calls and i need to figure out what hostnames/ips/ports they are trying to hit
If I understand you correctly you can try to set different logging levels with:
--log_output_level <string> Comma-separated minimum per-scope logging level of messages to output, in the form of :,:,... where scope can be one of [all, default, model, rbac] and level can be one of [debug, info, warn, error, fatal, none] (default
default:info)
More info can be found here
Please let me know if that helped.