istioctl工具使用指南

# ./istioctl ps
NAME                                                             CLUSTER        CDS          LDS          EDS          RDS          ISTIOD                      VERSION
test-1.istio-system                                                             NOT SENT     NOT SENT     NOT SENT     NOT SENT     istiod-66bd9d59d8-k6qzk     65536.65536.65536
test-1.istio-system                                                             NOT SENT     NOT SENT     NOT SENT     NOT SENT     istiod-66bd9d59d8-k6qzk     65536.65536.65536
istio-egressgateway-c5b57c584-rz9rw.istio-system                 Kubernetes     SYNCED       SYNCED       SYNCED       NOT SENT     istiod-66bd9d59d8-k6qzk     1.13.4
istio-ingressgateway-7767c959b4-jkbgb.istio-system               Kubernetes     SYNCED       SYNCED       SYNCED       NOT SENT     istiod-66bd9d59d8-k6qzk     1.13.4
mesh-demo-dubbo-consumer-test-rpzzh.pulsar-manager               Kubernetes     SYNCED       SYNCED       SYNCED       SYNCED       istiod-66bd9d59d8-k6qzk     1.14-dev
mesh-demo-dubbo-pv1111-test-rfmtg.pulsar-manager                 Kubernetes     SYNCED       SYNCED       SYNCED       SYNCED       istiod-66bd9d59d8-k6qzk     1.14-dev
mesh-demo-dubbo-pv2-test-gjhwb.pulsar-manager                    Kubernetes     SYNCED       SYNCED       SYNCED       SYNCED       istiod-66bd9d59d8-k6qzk     1.14-dev
mesh-demo-httpv1-test-8b7f5.pulsar-manager                       Kubernetes     SYNCED       SYNCED       SYNCED       SYNCED       istiod-66bd9d59d8-k6qzk     1.14-dev
mesh-demo-httpv2-test-qlkhb.pulsar-manager

# ./istioctl proxy-status components-provider-sfkt-default-test-6gw8b.components-nacos
Clusters Match
Listeners Match
Routes Match (RDS last loaded at Thu, 12 Jan 2023 09:50:37 CST)

istioctl proxy-config cluster <pod-name> [flags]

# istioctl pc c details-v1-7d88846999-lg849 --fqdn istio-egressgateway
SERVICE FQDN                                                   PORT     SUBSET     DIRECTION     TYPE     DESTINATION RULE
istio-egressgateway-lazyxds.istio-system.svc.cluster.local     8080     -          outbound      EDS
istio-egressgateway.istio-system.svc.cluster.local             80       -          outbound      EDS
istio-egressgateway.istio-system.svc.cluster.local             443      -          outbound      EDS

$ istioctl proxy-config bootstrap <pod-name> [flags]

# istioctl pc bootstrap details-v1-7d88846999-lg849
{
    "bootstrap": {
        "node": {
            "id": "sidecar~10.244.6.15~details-v1-7d88846999-lg849.default~default.svc.cluster.local",
            "cluster": "details.default",
            "metadata": {
                    "ANNOTATIONS": {
                                "cni.projectcalico.org/podIP": "10.244.6.15/32",
                                "kubectl.kubernetes.io/default-container": "details",
                                "kubectl.kubernetes.io/default-logs-container": "details",
                                "kubernetes.io/config.seen": "2023-01-04T11:58:05.195509813+08:00",
                                "kubernetes.io/config.source": "api",
                                "prometheus.io/path": "/stats/prometheus",
                                "prometheus.io/port": "15020",
                                "prometheus.io/scrape": "true",
                                "sidecar.istio.io/status": "{\"initContainers\":[\"istio-init\"],\"containers\":[\"istio-proxy\"],\"volumes\":[\"workload-socket\",\"credential-socket\",\"workload-certs\",\"istio-envoy\",\"istio-data\",\"istio-podinfo\",\"istio-token\",\"istiod-ca-cert\"],\"imagePullSecrets\":null,\"revision\":\"default\"}"
                            },
                    "APP_CONTAINERS": "details",
                    "CLUSTER_ID": "Kubernetes",
                    "ENVOY_PROMETHEUS_PORT": 15090,
                    "ENVOY_STATUS_PORT": 15021,
                    "INSTANCE_IPS": "10.244.6.15",
                    "INTERCEPTION_MODE": "REDIRECT",
<!--more-->

$ istioctl proxy-config listener <pod-name> [flags]

# istioctl pc l details-v1-7d88846999-lg849
ADDRESS       PORT  MATCH                                                                                           DESTINATION
10.96.0.10    53    ALL                                                                                             Cluster: outbound|53||kube-dns.kube-system.svc.cluster.local
0.0.0.0       80    Trans: raw_buffer; App: http/1.1,h2c                                                            Route: 80
0.0.0.0       80    ALL                                                                                             PassthroughCluster
10.96.84.49   80    Trans: raw_buffer; App: http/1.1,h2c                                                            Route: wordpress.default.svc.cluster.local:80
10.96.84.49   80    ALL                                                                                             Cluster: outbound|80||wordpress.default.svc.cluster.local
10.96.0.1     443   ALL                                                                                             Cluster: outbound|443||kubernetes.default.svc.cluster.local
10.96.114.129 443   ALL                                                                                             Cluster: outbound|443||istio-ingressgateway.istio-system.svc.cluster.local
10.96.129.201 443   ALL                                                                                             Cluster: outbound|443||ingress-controller-ingress-nginx-controller-admission.ingress-nginx.svc.cluster.local
...
...
...

$ istioctl proxy-config route <pod-name> [flags]

# istioctl pc r details-v1-7d88846999-lg849
NAME                                                          DOMAINS                                                                                          MATCH                  VIRTUAL SERVICE
80                                                            ingress-controller-ingress-nginx-controller.ingress-nginx, 10.96.150.192                         /*
80                                                            istio-egressgateway.istio-system, 10.96.133.49                                                   /*
80                                                            istio-ingressgateway.istio-system, 10.96.114.129                                                 /*
80                                                            lazyxds-placeholder-service.istio-system, 10.96.16.81                                            /*
80                                                            tracing.istio-system, 10.96.4.72                                                                 /*
80                                                            wordpress, wordpress.default + 1 more...                                                         /*
8080                                                          istio-egressgateway-lazyxds.istio-system, 10.96.231.188                                          /*
...
...
...

$ istioctl proxy-config endpoints <pod-name> [flags]

# kubectl  exec details-v1-7d88846999-lg849 -c istio-proxy -- curl 127.0.0.1:15000/config_dump > details-config.json

# istioctl pc r -f details-config.json
NAME                                                          DOMAINS                                                                                          MATCH                  VIRTUAL SERVICE
80                                                            ingress-controller-ingress-nginx-controller.ingress-nginx, 10.96.150.192                         /*
80                                                            istio-egressgateway.istio-system, 10.96.133.49                                                   /*
80                                                            istio-ingressgateway.istio-system, 10.96.114.129                                                 /*
80                                                            lazyxds-placeholder-service.istio-system, 10.96.16.81                                            /*
80                                                            tracing.istio-system, 10.96.4.72                                                                 /*
80                                                            wordpress, wordpress.default + 1 more...                                                         /*
...
...
...
# istioctl pc l -f details-config.json
ADDRESS       PORT  MATCH                                                                                           DESTINATION
10.96.0.10    53    ALL                                                                                             Cluster: outbound|53||kube-dns.kube-system.svc.cluster.local
0.0.0.0       80    Trans: raw_buffer; App: http/1.1,h2c                                                            Route: 80
0.0.0.0       80    ALL                                                                                             PassthroughCluster
10.96.84.49   80    Trans: raw_buffer; App: http/1.1,h2c                                                            Route: wordpress.default.svc.cluster.local:80
10.96.84.49   80    ALL                                                                                             Cluster: outbound|80||wordpress.default.svc.cluster.local
10.96.0.1     443   ALL                                                                                             Cluster: outbound|443||kubernetes.default.svc.cluster.local
10.96.114.129 443   ALL                                                                                             Cluster: outbound|443||istio-ingressgateway.istio-system.svc.cluster.local
10.96.129.201 443   ALL                                                                                             Cluster: outbound|443||ingress-controller-ingress-nginx-controller-admission.ingress-nginx.svc.cluster.local
...
...
...