istio: Capturing things routed to BlackHoleCluster or 502'd when REGISTRY_ONLY
Hey all,
We have istio-proxy intercept all outbound traffic, at the moment of a pod was to connect to say, cnn.com, and we didn’t have a ServiceEntry defined - then istio-proxy would (rightly) 404.
I would love it if requests to services that were not defined as service entries such as this were logged in some way as prometheus metrics, just like requests to correctly defined ServiceEntries are.
This would enable us to quickly identify:
- Applications attempting to make connections that are potentially malicious / unexpected
- Enable us to debug legacy apps we’ve moved over that frankly, we’re not 100% sure what they’re talking out to
Thanks Karl
About this issue
- Original URL
- State: closed
- Created 6 years ago
- Reactions: 6
- Comments: 27 (24 by maintainers)
Commits related to this issue
- Added telemetry for BlackHole/Passthrough cluster Fixes: #14664 Implements partial fix for #7669 — committed to nrjpoddar/istio by deleted user 5 years ago
- Added TCP telemetry for BlackHole/Passthrough cluster (#15512) * Added telemetry for BlackHole/Passthrough cluster Fixes: #14664 Implements partial fix for #7669 * Updated pluging interface with O... — committed to istio/istio by deleted user 5 years ago
- Sync prow-staging with master (#15900) * Remove test that was moved to istio/pkg repo (#15025) * Remove test that was moved to istio/pkg repo * Restore checks of command line typos * Mock re... — committed to istio/istio by howardjohn 5 years ago
Yeah the lesser of all the evils there is likely the third bullet point (sniffing). But they’re all a “gold standard” solution.
There is an interim I feel, where you simply track the ip, operators could quite easily correlate this to running applications on their cluster should they be investigating a problem (which is likely the scenario for needing this metric, or at least it is in my case).
This is a great suggestion. We can include
NR(and other envoy statuses) in the report call. We will expose these in metrics.