K
Q

Istio Network Policy Logging

2/4/2020

Hello I have got a question about Istio Network Policies .

I created a network policy shown as below and tested it . It works .

apiVersion: networking.k8s.io/v1
kind: NetworkPolicy
metadata:
  name: api-policy
  namespace: point-1
spec:
  podSelector:
    matchLabels:
      run: api
  ingress:
  - ports:
    - protocol: TCP
      port: 80
    from:
    - podSelector:
        matchLabels:
          istio: ingress

In my case I want to log all requests all around the internal network , and track which request is blocked, denied according to the policy concerns ?

How Can I log the internal traffic activity in ISTIO .

-- Ayhan Balik
devops
istio
kubernetes
logging
tracking

Similar Questions

Missing kubernetes default API Resource Definitions
How do I capture external I.P. address of end user on Voyager/HAProxy/Kubernetes?
kubernetes persistent volume for nginx not showing the default index.html file
getting get-credentials requires edit permission error on gcp

1 Answer

2/4/2020

Istio deploys a envoy sidecar along with your pod and since all traffic goes through the envoy proxy you can get metrics and observability from envoy. You can follow Istio docs on how to collect metrics. Also envoy access logs can provide details of all http requests inside your mesh.

-- Arghya Sadhu
Source: StackOverflow