How to get insight into blocked external mesh requests due to missing ServiceEntry?

elsesiy · May 6, 2020, 1:13am

We were troubleshooting an issue today where one of our applications tried reaching a host that wasn’t allowed to be reached as it was lacking a ServiceEntry.
The envoy logs didn’t reveal anything helpful and neither did mixer.
What’s the best way to get a hold of these type of issues?

Thanks!

Istio: 1.4.7

Tomas_Kohout · May 6, 2020, 5:32am

I had similar experience and istioctl pc cluster pod.namespace --fqdn example.com was quite helpful to debug this. Also if you enable logs envoy will help you out.

Topic		Replies	Views
Blocking of ports in mesh (pre-1.1.3) Networking	4	2886	May 16, 2019
When routes are blocked during Egress, no entry in envoy logs Policies and Telemetry	0	423	April 22, 2019
External Service Entry to support ldap,netconf	6	1250	December 16, 2020
Request for Information on Traffic-management for the services not receiving any traffic through the Ingress Gateway	0	251	April 22, 2021
Egress gateway becomes not ready when service entry is added Networking	1	1028	December 10, 2019

How to get insight into blocked external mesh requests due to missing ServiceEntry?

Related Topics