Managed version anthos has not log

Google Cloud Serverless Applications
1

We use asm-managed-rapid, use ConfigMap to enable access log:

# apiVersion: install.istio.io/v1alpha1
# kind: IstioOperator
# metadata:
#   name: istio-ingressgateway
#   namespace: istio-system
# spec:
#   meshConfig:
#     accessLogFile: "/dev/stdout"
# //error: Wating Istio Operator

# apiVersion: telemetry.istio.io/v1alpha1
# kind: Telemetry
# metadata:
#   name: istio-ingressgateway
#   namespace: istio-system
# spec:
#   accessLogging:
#     - providers:
#       - name: envoy
#         format: '{"request": "%REQ(:METHOD)% %REQ(X-ENVOY-ORIGINAL-PATH?:PATH)%", "response": "%RESPONSE_CODE%", "response_time": "%DURATION%"}'
#         outputFormat: '{"request": "%REQ(:METHOD)% %REQ(X-ENVOY-ORIGINAL-PATH?:PATH)%", "response": "%RESPONSE_CODE%", "response_time": "%DURATION%"}'
#         envoy:
#           format: '{"request": "%REQ(:METHOD)% %REQ(X-ENVOY-ORIGINAL-PATH?:PATH)%", "response": "%RESPONSE_CODE%", "response_time": "%DURATION%"}'
#           outputFormat: '{"request": "%REQ(:METHOD)% %REQ(X-ENVOY-ORIGINAL-PATH?:PATH)%", "response": "%RESPONSE_CODE%", "response_time": "%DURATION%"}'
#         format: '{"time":"%START_TIME%","method":"%REQ(:METHOD)%","path":"%REQ(X-ENVOY-ORIGINAL-PATH?:PATH)%","protocol":"%PROTOCOL%","status":%RESPONSE_CODE%,"duration":%DURATION%,"response_size":%RESPONSE_SIZE%,"upstream_host":"%UPSTREAM_HOST%","x_forwarded_for":"%REQ(X-FORWARDED-FOR)%","user_agent":"%REQ(USER-AGENT)%","request_id":"%REQ(X-REQUEST-ID)%","server_name":"%REQ(:AUTHORITY)%","local_address":"%DOWNSTREAM_LOCAL_ADDRESS%","client_address":"%REQ(X-CLIENT-IPPORT)%","route_name":"%ROUTE_NAME%"}'
#         config:
#           envoy:
#             format: '{"time":"%START_TIME%","method":"%REQ(:METHOD)%","path":"%REQ(X-ENVOY-ORIGINAL-PATH?:PATH)%","protocol":"%PROTOCOL%","status":%RESPONSE_CODE%,"duration":%DURATION%,"response_size":%RESPONSE_SIZE%,"upstream_host":"%UPSTREAM_HOST%","x_forwarded_for":"%REQ(X-FORWARDED-FOR)%","user_agent":"%REQ(USER-AGENT)%","request_id":"%REQ(X-REQUEST-ID)%","server_name":"%REQ(:AUTHORITY)%","local_address":"%DOWNSTREAM_LOCAL_ADDRESS%","client_address":"%REQ(X-CLIENT-IPPORT)%","route_name":"%ROUTE_NAME%"}'
# //error: Format does't work

apiVersion: v1
kind: ConfigMap
metadata:
  name: istio-asm-managed-rapid
  namespace: istio-system
data:
  mesh: |-
    defaultProviders:
      accessLogging:
        - stdout
    enableEnvoyAccessLogService: true
    accessLogFile: /dev/stdout
    accessLogEncoding: JSON
    accessLogFormat: '{"time":"%START_TIME%","method":"%REQ(:METHOD)%","path":"%REQ(X-ENVOY-ORIGINAL-PATH?:PATH)%","protocol":"%PROTOCOL%","status":%RESPONSE_CODE%,"duration":%DURATION%,"response_size":%RESPONSE_SIZE%,"upstream_host":"%UPSTREAM_HOST%","x_forwarded_for":"%REQ(X-FORWARDED-FOR)%","user_agent":"%REQ(USER-AGENT)%","request_id":"%REQ(X-REQUEST-ID)%","server_name":"%REQ(:AUTHORITY)%","local_address":"%DOWNSTREAM_LOCAL_ADDRESS%","client_address":"%REQ(X-CLIENT-IPPORT)%","route_name":"%ROUTE_NAME%"}'
# //error: No log

I’m pretty istio load the config, this is istio bootstrap’s log:

2023-04-20T12:00:22.157556Z	info	Maximum file descriptors (ulimit -n): 1048576
82
2023-04-20T12:00:22.157889Z	info	Proxy role	ips=[10.185.129.39] type=router id=istio-ingressgateway-946d56bff-mzwzj.asm-ingress domain=asm-ingress.svc.cluster.local
81
2023-04-20T12:00:22.158065Z	info	Apply mesh config from file defaultProviders:
enableEnvoyAccessLogService: true
accessLogFile: /dev/stdout
accessLogEncoding: JSON
accessLogFormat: '{"time":"%START_TIME%","method":"%REQ(:METHOD)%","path":"%REQ(X-ENVOY-ORIGINAL-PATH?:PATH)%","protocol":"%PROTOCOL%","status":%RESPONSE_CODE%,"duration":%DURATION%,"response_size":%RESPONSE_SIZE%,"upstream_host":"%UPSTREAM_HOST%","x_forwarded_for":"%REQ(X-FORWARDED-FOR)%","user_agent":"%REQ(USER-AGENT)%","request_id":"%REQ(X-REQUEST-ID)%","server_name":"%REQ(:AUTHORITY)%","local_address":"%DOWNSTREAM_LOCAL_ADDRESS%","client_address":"%REQ(X-CLIENT-IPPORT)%","route_name":"%ROUTE_NAME%"}'
74

But it does’t work!

When I use Telemetry, it works. But Telemetry does’t support log format.

Please save my life.

2

Hello sword,

Welcome to GCC!

Have you tried using the Default access log format by not specifying it?
As stated in this document:

Istio will use the following default access log format if accessLogFormat is not specified:> > [%START_TIME%] "%REQ(:METHOD)% %REQ(X-ENVOY-ORIGINAL-PATH?:PATH)% %PROTOCOL%" %RESPONSE_CODE% %RESPONSE_FLAGS% %RESPONSE_CODE_DETAILS% %CONNECTION_TERMINATION_DETAILS% "%UPSTREAM_TRANSPORT_FAILURE_REASON%" %BYTES_RECEIVED% %BYTES_SENT% %DURATION% %RESP(X-ENVOY-UPSTREAM-SERVICE-TIME)% "%REQ(X-FORWARDED-FOR)%" "%REQ(USER-AGENT)%" "%REQ(X-REQUEST-ID)%" "%REQ(:AUTHORITY)%" "%UPSTREAM_HOST%" %UPSTREAM_CLUSTER% %UPSTREAM_LOCAL_ADDRESS% %DOWNSTREAM_LOCAL_ADDRESS% %DOWNSTREAM_REMOTE_ADDRESS% %REQUESTED_SERVER_NAME% %ROUTE_NAME%\n

To enable Envoy access logging:

  1. Add accessLogFile: /dev/stdout
cat <<EOF | kubectl apply -f -
apiVersion: v1
data:
  mesh: |-
    accessLogFile: /dev/stdout
kind: ConfigMap
metadata:
  name: istio-asm-managed-rapid
  namespace: istio-system
EOF

release-channel is your asm-managed-rapid

  1. View the configmap
kubectl get configmap istio-asm-managed-rapid -n istio-system -o yaml
  1. Verify that access logging is enabled, ensure the accessLogFile: /dev/stdout appears in the mesh
...
apiVersion: v1
data:
  mesh: |
    ....
    accessLogFile: /dev/stdout
...

For more info, see Enable optional features on managed Anthos Service Mesh

I hope this helps