背景
很多场景下需要对ingress-nginx-controller访问日志进行收集保存,一方面可以对访问数据进行统计分析,另一方面也有助于分析问题解决问题。
ingress-nginx 部署
参考
k8s 部署 ingress-nginx 并对外暴露服务
创建本地目录
mkdir /var/log/nginx/
# 运行 ingress-nginx-controller 的 UserID 是 101
chown 101:101 /var/log/nginx/
将本地目录挂载到Pod内
~]# kubectl edit ds -n ingress-nginx ingress-nginx-controller
spec:
hostNetwork: true
containers:
- args:
- /nginx-ingress-controller
- --election-id=ingress-nginx-leader
- --controller-class=k8s.io/ingress-nginx
- --ingress-class=nginx
- --configmap=$(POD_NAMESPACE)/ingress-nginx-controller
- --validating-webhook=:8443
- --validating-webhook-certificate=/usr/local/certificates/cert
- --validating-webhook-key=/usr/local/certificates/key
- --log_dir=/var/log/nginx/ # If non-empty, write log files in this directory (no effect when -logtostderr=true)
- --logtostderr=false # log to standard error instead of files (default true)
......
volumeMounts:
- mountPath: /usr/local/certificates/
name: webhook-cert
readOnly: true
- mountPath: /etc/localtime # 挂载本地时区、避免日志时间不一致
name: tz-shanghai
readOnly: true
- mountPath: /var/log/nginx # 挂载本地日志目录
name: nginx-log
......
volumes:
- name: webhook-cert
secret:
secretName: ingress-nginx-admission
- name: tz-shanghai
hostPath:
path: /usr/share/zoneinfo/Asia/Shanghai
- name: nginx-log
hostPath:
path: /var/log/nginx
将日志格式修改为JSON格式
~]# kubectl edit cm -n ingress-nginx ingress-nginx-controller
kind: ConfigMap
apiVersion: v1
data:
log-format-escape-json: "true"
log-format-upstream: '{"time": "$time_iso8601", "remote_addr": "$proxy_protocol_addr",
"x_forward_for": "$proxy_add_x_forwarded_for", "request_id": "$req_id", "remote_user":
"$remote_user", "bytes_sent": $bytes_sent, "request_time": $request_time, "status":
$status, "vhost": "$host", "protocol": "$server_protocol", "path": "$uri", "request_length":
$request_length, "method": "$request_method", "referrer": "$http_referer", "ua":
"$http_user_agent", "upstream_addr": "$upstream_addr", "upstream_response_time":
$upstream_response_time, "upstream_status": $upstream_status}'