Istio Logging 101

Ask about this page
Perplexity
Grok

Istio is a leading open-source service mesh that works with Kubernetes. It enables applications running in a Kubernetes cluster to deliver more business value. A service mesh takes care of securing service-to-service communication, identity-based authentication and authorization, and fine-grained traffic control. The increased flexibility that Istio provides also introduces many new metrics, logs, and traces that need to be captured and consolidated into a unified telemetry pipeline.

Istio's architecture has a central control plane that handles the overall configuration, such as routing and access policies enforced at the pod level on each inbound and outbound request. Their About Istio page has a good description and some helpful diagrams.

Istio Logging at Its Core

At its core, the Istio architecture has a single control plane that tracks all aspects of the configuration of the services within its service mesh. Using standard cloud-native logging practices (namely, outputting data to stdout and stderr), the core of Istio logs data related to its activities. For example, it can act as the certificate authority to enable mTLS between services or authorize the virtual services in the service mesh and any other related policies that need enforcement.

The pod level is where enforcement occurs alongside network routing and most telemetry data. Still, the core is critical for ensuring consistency within the Kubernetes cluster and coordinating discovery data in multi-cluster deployments. These logs form the backbone of an Istio-based telemetry pipeline and help power downstream tools for analysis, visualization, and apm logging.

In addition to the control plane, all traffic flows in and out of an Istio service mesh need to pass through ingress and egress gateways. These are separate containers that use httpbin out of the box. They also use the most common cloud-native approach to Kubernetes logging, which means that logs can be easily exported and shipped to a central logging platform.

Endpoint Logging 

Istio injects Envoy as a sidecar into each pod to proxy network traffic. Envoy is a highly configurable cloud-native proxy that has become the standard way for service meshes to manage networking and observability at the pod level.

One of Envoy's core observability capabilities is that it can write detailed logs of what it has been processing. By default, these logs contain the kind of details that you would expect to find in an access log, like the source address, the protocol used, and the path requested. In addition, these logs include extra details that enable cross-service request tracing, including a unique request ID and the upstream service that originated the call. By default, these logs go to stdout and stderr, allowing standard Kubernetes log collection functionality to pick them up.

In larger deployments, using log rotation ensures that log files created by Envoy do not consume excessive disk space over time. This is especially important when persisting logs outside of standard stdout workflows.

You can adjust the log format if you want, and you can also configure Envoy to write to a specific file. However, that complicates the log collection and shipping process, so you only want to do it in particular circumstances. In some lightweight setups, users may experiment with alternatives like logspout, but Envoy provides more robust observability features tailored for service meshes.

Conclusion    

As a centralized collection point for logs, Mezmo enables consistent management and observability throughout the lifecycle of a Kubernetes cluster running Istio. Without it, you'd lose the logs created by hundreds or thousands of Envoy proxy instances as part of the cluster's application deployment cycle and all of the potential insights contained within the logs. When combined with a well-structured telemetry pipeline and log rotation strategies, Mezmo ensures Istio environments remain efficient, observable, and resilient.

Table of contents

    More articles

    How to Reduce Log Volume Without Losing Visibility
    How to Reduce Log Volume Without Losing Visibility
    Log Management
    What Is Log Rehydration? Understanding the Process and Benefits
    What Is Log Rehydration? Understanding the Process and Benefits
    Log Management
    Log Metrics: What are they? How can they be used? What insights can be garnered at scale?
    Log Metrics: What are they? How can they be used? What insights can be garnered at scale?
    Log Management
    What is MultiCloud Monitoring & Management?
    What is MultiCloud Monitoring & Management?
    Log Management
    Live Tail: What It Is, Why It’s Useful, How To Use It
    Live Tail: What It Is, Why It’s Useful, How To Use It
    Log Management
    Log Data: What it is and why it matters
    Log Data: What it is and why it matters
    Log Management
    How to Use JSON Logs
    How to Use JSON Logs
    Log Management
    Understanding and Leveraging AWS Cloudwatch Logs
    Understanding and Leveraging AWS Cloudwatch Logs
    Log Management
    What Is a Tail Log?
    What Is a Tail Log?
    Log Management
    How to Use S3 Access Logs
    How to Use S3 Access Logs
    Log Management
    Benefits of Data Logging
    Benefits of Data Logging
    Log Management
    What is Real-time Log Monitoring?
    What is Real-time Log Monitoring?
    Log Management
    Managing Digital Compliance During Digital Transformation
    Managing Digital Compliance During Digital Transformation
    Log Management
    A Comprehensive Guide to Kubernetes Monitoring Tools
    A Comprehensive Guide to Kubernetes Monitoring Tools
    Log Management
    The Role of Infrastructure Monitoring in DevOps
    The Role of Infrastructure Monitoring in DevOps
    Log Management
    5 Practical Ways to Build a Secure CI/CD Pipeline
    5 Practical Ways to Build a Secure CI/CD Pipeline
    Log Management
    Why and How to Analyze Deployment Health Through CI/CD Logs
    Why and How to Analyze Deployment Health Through CI/CD Logs
    Log Management
    What is Application Lifecycle Management
    What is Application Lifecycle Management
    Log Management
    What Is A Real-Time Dashboard?
    What Is A Real-Time Dashboard?
    Log Management
    Log Indexing and Rotation for Optimized Archival
    Log Indexing and Rotation for Optimized Archival
    Log Management
    What is Log Rotation? How Does it Work?
    What is Log Rotation? How Does it Work?
    Log Management
    Logging for Application Security
    Logging for Application Security
    Log Management
    How Do You Manage Logs?
    How Do You Manage Logs?
    Log Management
    How Custom Parsing Can Boost Developer Productivity
    How Custom Parsing Can Boost Developer Productivity
    Log Management
    7 Best Practices for Log Management and Analytics
    7 Best Practices for Log Management and Analytics
    Log Management
    Enhancing Communication Across Your Teams With Logging
    Enhancing Communication Across Your Teams With Logging
    Log Management
    Which Log Files Should Users Onboard to Build an Observability Platform?
    Which Log Files Should Users Onboard to Build an Observability Platform?
    Log Management
    What Information Does Log Aggregation Capture?
    What Information Does Log Aggregation Capture?
    Log Management
    The Key Benefits of Log Data
    The Key Benefits of Log Data
    Log Management
    Planning Your Log Collection
    Planning Your Log Collection
    Log Management
    Capturing the Most Critical Information Within Your Logs
    Capturing the Most Critical Information Within Your Logs
    Log Management
    The Importance of Data Privacy and Confidentiality for Log Management
    The Importance of Data Privacy and Confidentiality for Log Management
    Log Management
    SOC 2 and its Benefits
    SOC 2 and its Benefits
    Log Management
    Logging for Microservices
    Logging for Microservices
    Log Management
    System Logging Best Practices
    System Logging Best Practices
    Log Management
    Why HIPAA and Compliance Matters to Logging
    Why HIPAA and Compliance Matters to Logging
    Log Management
    Application Security and Compliance through Logging
    Application Security and Compliance through Logging
    Log Management
    Log Management Compliance for Saas Applications
    Log Management Compliance for Saas Applications
    Log Management
    What is Log Aggregation? Log Aggregation Explained
    What is Log Aggregation? Log Aggregation Explained
    Log Management
    What is Log Analysis?
    What is Log Analysis?
    Log Management
    What to Look for in a HIPAA-Compliant Log Management Tool
    What to Look for in a HIPAA-Compliant Log Management Tool
    Log Management
    What is Structured Logging?
    What is Structured Logging?
    Log Management
    Why Is Log Management Important?
    Why Is Log Management Important?
    Log Management
    Top Use Cases for Log Analysis
    Top Use Cases for Log Analysis
    Log Management