Work with Telemetry API

 2 minute read     page test

Telemetry API has been in Istio as a first-class API for quite sometime now. Previously users had to configure telemetry in the MeshConfig section of Istio configuration.

Get started with Telemetry API

  1. Enable access logging

    $ cat <<EOF | kubectl apply -n default -f -
apiVersion: telemetry.istio.io/v1alpha1
kind: Telemetry
metadata:
  name: mesh-logging-default
  namespace: istio-system
spec:
  accessLogging:
  - providers:
    - name: envoy
EOF

    The above example uses the built-in envoy access log provider, and we do not configure anything other than default settings.

  2. Disable access log for specific workload

    You can disable access log for details service with the following configuration:

    $ cat <<EOF | kubectl apply -n default -f -
apiVersion: telemetry.istio.io/v1alpha1
kind: Telemetry
metadata:
  name: disable-details-logging
  namespace: istio-system
spec:
  selector:
    matchLabels:
      app: details
  accessLogging:
  - providers:
    - name: envoy
    disabled: true
EOF

  3. Filter access log with workload mode

    You can disable inbound access log for details service with the following configuration:

    $ cat <<EOF | kubectl apply -n default -f -
apiVersion: telemetry.istio.io/v1alpha1
kind: Telemetry
metadata:
  name: disable-details-logging
  namespace: istio-system
spec:
  selector:
    matchLabels:
      app: details
  accessLogging:
  - providers:
    - name: envoy
    match:
      mode: SERVER
    disabled: true
EOF

  4. Filter access log with CEL expression

    The following configuration displays access log only when response code is greater or equal to 500:

    $ cat <<EOF | kubectl apply -n default -f -
apiVersion: telemetry.istio.io/v1alpha1
kind: Telemetry
metadata:
  name: disable-details-logging
  namespace: istio-system
spec:
  selector:
    matchLabels:
      app: httpbin
  accessLogging:
  - providers:
    - name: envoy
    filter:
      expression: response.code >= 500
EOF

  5. Set default filter access log with CEL expression

    The following configuration displays access logs only when the response code is greater or equal to 400 or the request went to the BlackHoleCluster or the PassthroughCluster: Note: The xds.cluster_name is only available with Istio release 1.16.2 and higher

    $ cat <<EOF | kubectl apply -f -
apiVersion: telemetry.istio.io/v1alpha1
kind: Telemetry
metadata:
  name: default-exception-logging
  namespace: istio-system
spec:
  accessLogging:
  - providers:
    - name: envoy
    filter:
      expression: "response.code >= 400 || xds.cluster_name == 'BlackHoleCluster' ||  xds.cluster_name == 'PassthroughCluster' "

EOF

    For more information, see Use expressions for values

Work with OpenTelemetry provider

Istio supports sending access logs with OpenTelemetry protocol, as explained here.

Was this information useful?
Do you have any suggestions for improvement?

Thanks for your feedback!