AccessLogPolicy
AccessLogPolicy API reference.
Proto: access_log_policy.proto
Package: observability.policy.gloo.solo.io
Configure how access logs are recorded for your services. You can use access log policies to configure log collection for workloads that have injected sidecars or are standalone proxies, such as gateways. AccessLogPolicies are applied at the Workload level.
Note: Be sure to enable access logging by modifying your default Istio operator installation.
Example
This example filters access logs for the reviews service, so that only
logs that contain the header foo: bar are recorded.
apiVersion: observability.policy.gloo.solo.io/v2
kind: AccessLogPolicy
metadata:
name: access-log-policy
namespace: bookinfo
spec:
applyToWorkloads:
- selector:
cluster: cluster1
labels:
app: reviews
namespace: bookinfo
config:
filters:
#- statusCodeMatcher:
# value: 200
# comparator: EQ
- headerMatcher:
name: foo
value: bar
regex: false
invertMatch: false
#includedRequestHeaders:
# - x-user-agent
#includedResponseHeaders:
# - x-server
#includedResponseTrailers:
# - x-expires
#includedFilterStateObjects:
AccessLogPolicyReport
The report shows the resources that the policy selects after the policy is successfully applied.
| Field | Description |
|---|---|
workspaces | (repeated AccessLogPolicyReport.WorkspacesEntry)A list of workspaces in which the policy can apply to workloads. |
selectedWorkloads | (repeated common.gloo.solo.io.WorkloadReference)A list of workloads selected by the policy. |
AccessLogPolicyReport.WorkspacesEntry
| Field | Description |
|---|---|
key | (string) |
value | (common.gloo.solo.io.Report) |
AccessLogPolicySpec
Specifications for the policy.
| Field | Description |
|---|---|
applyToWorkloads | (repeated common.gloo.solo.io.WorkloadSelector)Select the workloads where access logs will be collected. If empty, the policy applies to all workloads in the workspace. |
config | (AccessLogPolicySpec.Config)Details of the policy specifying how to collect access logs from the selected workloads. |
AccessLogPolicySpec.Config
Details of the policy specifying how to collect access logs from the selected workloads.
| Field | Description |
|---|---|
filters | (repeated AccessLogPolicySpec.Config.Filter)Criteria for determining which access logs are recorded for the workload. The list is disjunctive, meaning that a request is logged if it matches any filter. If empty, all access logs are recorded. |
includedRequestHeaders | (repeated string)Request headers to include in access logs. |
includedResponseHeaders | (repeated string)Response headers to include in access logs. |
includedResponseTrailers | (repeated string)Response trailers to include in access logs. |
includedFilterStateObjects | (repeated string)Filter state objects to include in access logs. |
AccessLogPolicySpec.Config.Filter
Criteria for recording access logs. A request must match all specified criteria in the filter to be recorded.
| Field | Description |
|---|---|
statusCodeMatcher | (common.gloo.solo.io.StatusCodeMatcher)Matches against a response HTTP status code. Omit to match any status code. |
headerMatcher | (common.gloo.solo.io.HeaderMatcher)Matches against a request or response HTTP header. Omit to match any headers. |
AccessLogPolicyStatus
The status of the policy after it is applied to your Gloo environment.
| Field | Description |
|---|---|
common | (common.gloo.solo.io.Status)The state and workspace conditions of the applied policy. |
numSelectedWorkloads | (uint32)The number of workloads selected by the policy. |