istio tracing network calls

We can do it globally or based on specific pods to turn on istio tracing. In this post, we going to be looking into pod specific traces.

Create an EnvoyFilter using the following yaml

apiVersion: networking.istio.io/v1alpha3

kind: EnvoyFilter

metadata:

  name: trace-tcp-db-traffic

  namespace: testing

spec:

  workloadSelector:

    labels:

      app: customer_dapp_api

  configPatches:

  - applyTo: NETWORK_FILTER

    match:

      listener:

        portNumber: 1433

        filterChain:

          filter:

            name: "envoy.filters.network.tcp_proxy"

    patch:

      operation: MERGE

      value:

        typed_config:

          "@type": "type.googleapis.com/envoy.extensions.filters.network.tcp_proxy.v3.TcpProxy"

          stat_prefix: outbound_db

          access_log:

          - name: envoy.access_loggers.file

            typed_config:

              "@type": "type.googleapis.com/envoy.extensions.access_loggers.file.v3.FileAccessLog"

              path: "/dev/stdout"

              format: |

                [%START_TIME%] %DOWNSTREAM_REMOTE_ADDRESS% -> %UPSTREAM_HOST%: %BYTES_RECEIVED% bytes received, %BYTES_SENT% bytes sent

Next, apply it 

kubectl apply -f trace-tcp-db-traffic.yaml

To view those logs 

kubectl logs <pod-name> -c istio-proxy