I describe the pod and while i would expect to find my metrics on localhost:15090/stats/prometheus, i only find the envoy / istio ones.
Why doesnt it include the localhost:1399/actuator/prometheus?
@howardjohn any clues?
ISTIO_META_POD_PORTS: [
{"name":"http","containerPort":1399,"protocol":"TCP"}
]
ISTIO_META_APP_CONTAINERS: app
ISTIO_META_CLUSTER_ID: <some-non-default-id>
ISTIO_META_INTERCEPTION_MODE: REDIRECT
ISTIO_METAJSON_ANNOTATIONS: ...
ISTIO_META_WORKLOAD_NAME: dev-...
ISTIO_META_OWNER: ...
ISTIO_META_MESH_ID: <some-non-default-name>.local
DNS_AGENT:
ISTIO_PROMETHEUS_ANNOTATIONS: {"scrape":"true","path":"/actuator/prometheus","port":"1399"}
I also changed istio-proxy logging to debug and i dont see anything about scraping, is that normal?
It is on port 15020. 15020 has the merged ones, 15090 has the envoy stats only.
Same deal unfortunately
iam@dev-iam-backend-cf4dbfb5d-k7hm5:/iam-be$ curl localhost:1399/actuator/prometheus -s | tail -3
# TYPE jvm_buffer_count_buffers gauge
jvm_buffer_count_buffers{id="mapped",} 0.0
jvm_buffer_count_buffers{id="direct",} 13.0
iam@dev-iam-backend-cf4dbfb5d-k7hm5:/iam-be$ curl localhost:15020/stats/prometheus -s | grep jvm
iam@dev-iam-backend-cf4dbfb5d-k7hm5:/iam-be$
in fact it’s only istio / envoy metrics
iam@dev-iam-backend-cf4dbfb5d-k7hm5:/iam-be$ curl localhost:15020/stats/prometheus -s | grep -v envoy | grep -v istio | grep -v -e '^$'
iam@dev-iam-backend-cf4dbfb5d-k7hm5:/iam-be$
Can i somehow see the scraping job logs? I really tried to troubleshoot this, via configuration or log browsing but i could not find anything
@howardjohn it’s not the port, the metrics are just not scraped as you can see on my above post.
Is there any way to debug ? Some configuration to try? How can i see those scraping logs?
- I am using PeerAuthentication: STRICT in a govcloud cluster
- Therefore, I was very-much hoping to get merged metrics from the istio-agent.
- We are using the istio sidecar injector in our namespace to add istio-proxy (w/istio-agent inside).
- To guarantee metrics merging was turned on, I ran:
$ istioctl install --set meshConfig.enablePrometheusMerge=true
This will install the Istio 1.16.2 default profile with ["Istio core" "Istiod" "Ingress gateways"] components into the cluster. Proceed? (y/N) y
✔ Istio core installed
✔ Istiod installed
✔ Ingress gateways installed
✔ Installation complete
Making this installation the default for injection and validation.
- I am seeing these problems so far
- Only port 15090 is injected by the injector in istio-proxy. I understand this has istio metrics only.
- How do i get the sidecar injector to also declare port 15020 ??
- I have discovered that if I add the weird prometheus annotations declaring the application monitoring port, metrics merging will occur and the prometheus annotations will be rewritten:
(in the deployment)
spec:
template:
metadata:
annotations:
prometheus.io/path: /metrics
prometheus.io/port: "9538"
prometheus.io/scrape: "true"
from the deployment it is rewritten in the pod to:
(in the pod)
metadata:
annotations:
prometheus.io/path: /stats/prometheus
prometheus.io/port: '15090'
prometheus.io/scrape: 'true'
sidecar.istio.io/status: >-
{"initContainers":["istio-init"],"containers":["istio-proxy"],"volumes":["workload-socket","credential-socket","workload-certs","istio-envoy","istio-data","istio-podinfo","istio-token","istiod-ca-cert"],"imagePullSecrets":null,"revision":"default"}
spec:
containers:
- name: istio-proxy
image: docker.io/istio/proxyv2:1.16.2
ports:
- name: http-envoy-prom
containerPort: 15090
protocol: TCP
Which is certainly not very helpful because I want prometheus to scrape 15020, not 15090.
I have temporarily hacked my deployment by changing “containerPort” from 15090 to 15020 on L346 of the ConfigMap istio-sidecar-injector (in namespace istio-system), but this is not something that’s easy to hack with terraform or helm.