查看Envoy配置

Envoy在localhost:15000上提供了Admin端口,可以通过docker exec命令获取其Pilot向其下发的配置信息。

sudo docker exec a83696c9e7a2 curl http://127.0.0.1:15000/config_dump

除此以外,Envoy还提供了其他调试信息,可以通过help进行查询

sudo docker exec a83696c9e7a2 curl http://127.0.0.1:15000/help

admin commands are:
  /: Admin home page
  /certs: print certs on machine
  /clusters: upstream cluster status
  /config_dump: dump current Envoy configs (experimental)
  /cpuprofiler: enable/disable the CPU profiler
  /healthcheck/fail: cause the server to fail health checks
  /healthcheck/ok: cause the server to pass health checks
  /help: print out list of admin commands
  /hot_restart_version: print the hot restart compatibility version
  /listeners: print listener addresses
  /logging: query/change logging levels
  /quitquitquit: exit the server
  /reset_counters: reset all counters to zero
  /runtime: print runtime values
  /runtime_modify: modify runtime values
  /server_info: print server version/status information
  /stats: print server stats
  /stats/prometheus: print server stats in prometheus format

参考: https://www.envoyproxy.io/docs/envoy/latest/operations/admin

IPtable规则

proxy_init 容器会将设置的IPtable内容输出到标准输出中,可以查看到对那些IP端进行了拦截。

sudo docker logs 3ad9
......忽略掉前面无关的内容......

# Generated by iptables-save v1.6.0 on Fri Jan 11 07:10:19 2019
*nat
:PREROUTING ACCEPT [0:0]
:INPUT ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
:POSTROUTING ACCEPT [0:0]
:ISTIO_OUTPUT - [0:0]
:ISTIO_REDIRECT - [0:0]
-A PREROUTING -m comment --comment "istio/install-istio-prerouting" -j ISTIO_REDIRECT
-A OUTPUT -p tcp -m comment --comment "istio/install-istio-output" -j ISTIO_OUTPUT
-A ISTIO_OUTPUT ! -d 127.0.0.1/32 -o lo -m comment --comment "istio/redirect-implicit-loopback" -j ISTIO_REDIRECT
-A ISTIO_OUTPUT -m owner --uid-owner 1337 -m comment --comment "istio/bypass-envoy" -j RETURN
-A ISTIO_OUTPUT -d 127.0.0.1/32 -m comment --comment "istio/bypass-explicit-loopback" -j RETURN
-A ISTIO_OUTPUT -d 172.168.40.4/32 -m comment --comment "istio/bypass-msb-ip" -j RETURN
-A ISTIO_OUTPUT -d 100.100.0.0/16 -m comment --comment "istio/redirect-ip-range-100.100.0.0/16" -j ISTIO_REDIRECT
-A ISTIO_OUTPUT -d 172.168.40.0/24 -m comment --comment "istio/redirect-ip-range-172.168.40.0/24" -j ISTIO_REDIRECT
-A ISTIO_OUTPUT -m comment --comment "istio/bypass-default-outbound" -j RETURN
-A ISTIO_REDIRECT -p tcp -m comment --comment "istio/redirect-to-envoy-port" -j REDIRECT --to-ports 15001
COMMIT
# Completed on Fri Jan 11 07:10:19 2019
Copyright © zhaohuabing.com 2019 all right reserved,powered by Gitbook Updated at 2020-05-26 09:08:50

results matching ""

    No results matching ""