ingress-nginx日志持久化

1、创建日志持久化存储路径

# mkdir /data/ingress-nginx-log
# chmod 777 /data/ingress-nginx-log # 也可以设置为ingress运行的用户

2、修改controller的日志保存方式,默认输出到系统/运维stderr

# vim gf.ingress.yaml

....省略
containers:
- name: nginx-ingress-controller
image: quay.io/kubernetes-ingress-controller/nginx-ingress-controller:0.30.0
args:
- /nginx-ingress-controller
- --configmap=$(POD_NAMESPACE)/nginx-configuration
- --tcp-services-configmap=$(POD_NAMESPACE)/tcp-services
- --udp-services-configmap=$(POD_NAMESPACE)/udp-services
- --publish-service=$(POD_NAMESPACE)/ingress-nginx
- --annotations-prefix=nginx.ingress.kubernetes.io
# 关闭ingress日志输出到stderr
- --logtostderr=false
# 输出到指定位置,不包含 access和error日志
- --log_dir=/var/log/nginx/
....省略

3linux命令、修改access、error日志的格式和存放位置

# vim gf.ingress.yaml

kind: ConfigMap
apiVersion: v1
metadata:
name: nginx-configuration
namespace: ingress-nginx
labels:
app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/part-of: ingress-nginx
data:
# 转发带下划线的header
enable-underscores-in-headers: "true"
# 自动调整进程数
worker-processes: "auto"
# 获取用户真实IP
use-forwarded-headers: "true"
# 默认日志格式
log-format-upstream: '"$remote_addr" - "$remote_user" [$time_local] "$request"
"$status" "$body_bytes_sent" "$http_referer"
"$http_user_agent" "$http_x_forwarded_for"
"$request_length" "$request_time"
"$host" "$upstream_addr" "$upstream_status"
"$upstream_response_length" "$upstream_response_time"'
# 日志存放位置
access-log-path: "/var/log/nginx/access.log"
error-log-path: "/var/log/nginx/error.log"

4、持久化日志

# vim gf.ingress.yaml

volumeMounts:
- name: localtime
mountPath: /etc/localtime
readOnly: true
- name: ingress-nginx-log
mountPath: /var/log/nginx
volumes:
- name: localtime
hostPath:
path: /etc/localtime
- name: ingress-nginx-log
hostPath:
path: "/data/ingress-nginx-log"

5、重新apply

# kubectl apply -f gf.ingress.yaml

6、查看一下日志是否挂载出来

# ls -l
总用量 28
-rw-r--r-- 1 33 tape 166 420 11:16 access.log
-rw-r--r-- 1 33 tape 120 420 11:14 error.log
lrwxrwxrwx 1 33 tape 97 420 11:10 nginx-ingress-controller.INFO -> nginx-ingress-controller.nginx-ingress-controller-685dfdc6d4-2lszn.xfs.log.INFO.20220420-111027.7
-rw-r--r-- 1 33 tape 10728 420 11:14 nginx-ingress-controller.nginx-ingress-controller-685dfdc6d4-2lszn.xfs.log.INFO.20220420-111027.7
-rw-r--r-- 1 33 tape 5286 420 11:14 nginx-ingress-controller.nginx-ingress-controller-685dfdc6d4-2lszn.xfs.log.WARNING.20220420-111027.7
lrwxrwxrwx 1 33 tape 100 420 11:10 nginx-ingress-controller.WARNING -> nginx-ingress-controller.nginx-ingress-controller-685dfdc6d4-2lszn.xfs.log.WARNING.20220420-111027.7

7、测试访问,查看日志

# curl test.web.com:30940
ingress-nginx-log-test
# tailf access.log
"172.16.8.92" - "-" [20/Apr/2022:11:16:21 +0800] "HEAD / HTTP/1.1" "200" "0" "-" "curl/7.29.0" "-" "83" "0.032" "test.web.com" "10.244.159.184:80" "200" "0" "0.032"

8、按域名生成log文件

# Ingress文件内添加
annotations:
kubernetes.io/ingress.class: "nginx"
nginx.ingress.kubernetes.io/enable-access-log: "true"
nginx.ingress.kubernetes.io/configuration-snippet: |
access_log /var/log/nginx/test.web.com.log upstreaminfo;

9linux、效果

# ls -l
总用量 72
-rw-r--r-- 1 33 tape 333 420 11:29 access.log
-rw-r--r-- 1 33 tape 1405 420 12:23 error.log
lrwxrwxrwx 1 33 tape 98 420 12:21 nginx-ingress-controller.ERROR -> nginx-ingress-controller.nginx-ingress-controller-685dfdc6d4-2lszn.xfs.log.ERROR.20220420-122150.7
lrwxrwxrwx 1 33 tape 97 420 11:10 nginx-ingress-controller.INFO -> nginx-ingress-controller.nginx-ingress-controller-685dfdc6d4-2lszn.xfs.log.INFO.20220420-111027.7
-rw-r--r-- 1 33 tape 4338 420 12:22 nginx-ingress-controller.nginx-ingress-controller-685dfdc6d4-2lszn.xfs.log.ERROR.20220420-122150.7
-rw-r--r-- 1 33 tape 29156 420 12:23 nginx-ingress-controller.nginx-ingress-controller-685dfdc6d4-2lszn.xfs.log.INFO.20220420-111027.7
-rw-r--r-- 1 33 tape 19526 420 12:23 nginx-ingress-controller.nginx-ingress-controller-685dfdc6d4-2lszn.xfs.log.WARNING.20220420-111027.7
lrwxrwxrwx 1 33 tape 100 420 11:10 nginx-ingress-controller.WARNING -> nginx-ingress-controller.nginx-ingress-controller-685dfdc6d4-2lszn.xfs.log.WARNING.20220420-111027.7
-rw-r--r-- 1 33 tape 1205 420 12:23 test.web.com.log