K8S kong网关日志配置

root@nx-eks-ctl:~# kg deployment.apps/kong-istio-kong -nkong-istio -oyaml
apiVersion: apps/v1
kind: Deployment
metadata:
  annotations:
    deployment.kubernetes.io/revision: "30"
    kuma.io/gateway: enabled
    meta.helm.sh/release-name: kong-istio
    meta.helm.sh/release-namespace: kong-istio
    traffic.sidecar.istio.io/includeInboundPorts: ""
  creationTimestamp: "2021-12-14T08:38:28Z"
  generation: 30
  labels:
    app.kubernetes.io/component: app
    app.kubernetes.io/instance: kong-istio
    app.kubernetes.io/managed-by: Helm
    app.kubernetes.io/name: kong
    app.kubernetes.io/version: "2.6"
    helm.sh/chart: kong-2.6.3
  name: kong-istio-kong
  namespace: kong-istio
  resourceVersion: "90088561"
  uid: 9f9bcb97-cc06-45b4-9f1f-360afb08b06d
spec:
  progressDeadlineSeconds: 600
  replicas: 1
  revisionHistoryLimit: 10
  selector:
    matchLabels:
      app.kubernetes.io/component: app
      app.kubernetes.io/instance: kong-istio
      app.kubernetes.io/name: kong
  strategy:
    rollingUpdate:
      maxSurge: 25%
      maxUnavailable: 25%
    type: RollingUpdate
  template:
    metadata:
      annotations:
        kuma.io/gateway: enabled
        traffic.sidecar.istio.io/includeInboundPorts: ""
      creationTimestamp: null
      labels:
        app: kong-istio-kong
        app.kubernetes.io/component: app
        app.kubernetes.io/instance: kong-istio
        app.kubernetes.io/managed-by: Helm
        app.kubernetes.io/name: kong
        app.kubernetes.io/version: "2.6"
        helm.sh/chart: kong-2.6.3
        version: "2.6"
    spec:
      automountServiceAccountToken: true
      containers:
      - env:
        - name: POD_NAME
          valueFrom:
            fieldRef:
              apiVersion: v1
              fieldPath: metadata.name
        - name: POD_NAMESPACE
          valueFrom:
            fieldRef:
              apiVersion: v1
              fieldPath: metadata.namespace
        - name: CONTROLLER_ELECTION_ID
          value: kong-ingress-controller-leader-kong
        - name: CONTROLLER_INGRESS_CLASS
          value: kong
        - name: CONTROLLER_KONG_ADMIN_TLS_SKIP_VERIFY
          value: "true"
        - name: CONTROLLER_KONG_ADMIN_URL
          value: https://localhost:8444
        - name: CONTROLLER_PUBLISH_SERVICE
          value: kong-istio/kong-istio-kong-proxy
        image: kong/kubernetes-ingress-controller:2.0
        imagePullPolicy: IfNotPresent
        livenessProbe:
          failureThreshold: 3
          httpGet:
            path: /healthz
            port: 10254
            scheme: HTTP
          initialDelaySeconds: 30
          periodSeconds: 10
          successThreshold: 1
          timeoutSeconds: 5
        name: ingress-controller
        ports:
        - containerPort: 10255
          name: cmetrics
          protocol: TCP
        readinessProbe:
          failureThreshold: 3
          httpGet:
            path: /healthz
            port: 10254
            scheme: HTTP
          initialDelaySeconds: 30
          periodSeconds: 10
          successThreshold: 1
          timeoutSeconds: 5
        resources:
          limits:
            cpu: "2"
            memory: 2Gi
          requests:
            cpu: 500m
            memory: 512Mi
        securityContext: {}
        terminationMessagePath: /dev/termination-log
        terminationMessagePolicy: File
      - env:
        - name: KONG_ADMIN_ACCESS_LOG
          value: /dev/stdout custom_fmt
        - name: KONG_ADMIN_ERROR_LOG
          value: /dev/stderr
        - name: KONG_ADMIN_GUI_ACCESS_LOG
          value: /dev/stdout custom_fmt
        - name: KONG_ADMIN_GUI_ERROR_LOG
          value: /dev/stderr
        - name: KONG_ADMIN_LISTEN
          value: 127.0.0.1:8444 http2 ssl
        - name: KONG_CLUSTER_LISTEN
          value: "off"
        - name: KONG_DATABASE
          value: "off"
        - name: KONG_KIC
          value: "on"
        - name: KONG_LUA_PACKAGE_PATH
          value: /opt/?.lua;/opt/?/init.lua;;
        - name: KONG_NGINX_HTTP_LUA_SHARED_DICT
          value: redis_cluster_slot_locks 100k
        - name: KONG_NGINX_WORKER_PROCESSES
          value: "2"
        - name: KONG_PLUGINS
          value: bundled,authentication
        - name: KONG_PORTAL_API_ACCESS_LOG
          value: /dev/stdout custom_fmt
        - name: KONG_PORTAL_API_ERROR_LOG
          value: /dev/stderr
        - name: KONG_PORT_MAPS
          value: 80:8000, 443:8443
        - name: KONG_PREFIX
          value: /kong_prefix/
        - name: KONG_PROXY_ACCESS_LOG
          value: /kong_prefix/logs/access-log.log custom_fmt
        - name: KONG_PROXY_ERROR_LOG
          value: /kong_prefix/logs/error-log.log
        - name: KONG_PROXY_LISTEN
          value: 0.0.0.0:8000, 0.0.0.0:8443 http2 ssl
        - name: KONG_STATUS_LISTEN
          value: 0.0.0.0:8100
        - name: KONG_STREAM_LISTEN
          value: "off"
        - name: KONG_NGINX_DAEMON
          value: "off"
        - name: KONG_LOG_LEVEL
          value: info
        - name: TZ
          value: Asia/Shanghai
        - name: KONG_NGINX_HTTP_LOG_FORMAT
          value: custom_fmt escape=json '{ \"@timestamp\":\"$time_iso8601\", \"@source\":\"$server_addr\",
            \"@hostname\":\"$hostname\", \"ip\":\"$remote_addr\", \"client\":\"$remote_addr\",
            \"request_method\":\"$request_method\", \"scheme\":\"$scheme\", \"domain\":\"$server_name\",
            \"referer\":\"$http_referer\", \"request\":\"$request_uri\", \"args\":\"$args\",
            \"status\":\"$status\", \"upstream_status\":\"$upstream_status\", \"size\":\"$body_bytes_sent\",
            \"http_user_agent\":\"$http_user_agent\", \"responsetime\":\"$request_time\",
            \"upstreamtime\":\"$upstream_response_time\", \"upstreamaddr\":\"$upstream_addr\",
            \"https\":\"$https\" }'
        image: 796597397193.dkr.ecr.cn-northwest-1.amazonaws.com.cn/kong:2.6.conf
        imagePullPolicy: IfNotPresent
        lifecycle:
          preStop:
            exec:
              command:
              - /bin/sh
              - -c
              - /bin/sleep 15 && kong quit
        livenessProbe:
          failureThreshold: 3
          httpGet:
            path: /status
            port: status
            scheme: HTTP
          initialDelaySeconds: 30
          periodSeconds: 10
          successThreshold: 1
          timeoutSeconds: 5
        name: proxy
        ports:
        - containerPort: 8000
          name: proxy
          protocol: TCP
        - containerPort: 8443
          name: proxy-tls
          protocol: TCP
        - containerPort: 8100
          name: status
          protocol: TCP
        readinessProbe:
          failureThreshold: 3
          httpGet:
            path: /status
            port: status
            scheme: HTTP
          initialDelaySeconds: 30
          periodSeconds: 10
          successThreshold: 1
          timeoutSeconds: 5
        resources: {}
        securityContext: {}
        terminationMessagePath: /dev/termination-log
        terminationMessagePolicy: File
        volumeMounts:
        - mountPath: /kong_prefix/
          name: kong-istio-kong-prefix-dir
        - mountPath: /tmp
          name: kong-istio-kong-tmp
        - mountPath: /opt/kong/plugins/authentication
          name: kong-plugin-authentication
          readOnly: true
      dnsPolicy: ClusterFirst
      imagePullSecrets:
      - name: docker-registry-secret
      initContainers:
      - command:
        - rm
        - -vrf
        - $KONG_PREFIX/pids
        env:
        - name: KONG_ADMIN_ACCESS_LOG
          value: /dev/stdout
        - name: KONG_ADMIN_ERROR_LOG
          value: /dev/stderr
        - name: KONG_ADMIN_GUI_ACCESS_LOG
          value: /dev/stdout
        - name: KONG_ADMIN_GUI_ERROR_LOG
          value: /dev/stderr
        - name: KONG_ADMIN_LISTEN
          value: 127.0.0.1:8444 http2 ssl
        - name: KONG_CLUSTER_LISTEN
          value: "off"
        - name: KONG_DATABASE
          value: "off"
        - name: KONG_KIC
          value: "on"
        - name: KONG_LUA_PACKAGE_PATH
          value: /opt/?.lua;/opt/?/init.lua;;
        - name: KONG_NGINX_HTTP_LUA_SHARED_DICT
          value: redis_cluster_slot_locks 100k
        - name: KONG_NGINX_WORKER_PROCESSES
          value: "2"
        - name: KONG_PLUGINS
          value: bundled,authentication
        - name: KONG_PORTAL_API_ACCESS_LOG
          value: /dev/stdout
        - name: KONG_PORTAL_API_ERROR_LOG
          value: /dev/stderr
        - name: KONG_PORT_MAPS
          value: 80:8000, 443:8443
        - name: KONG_PREFIX
          value: /kong_prefix/
        - name: KONG_PROXY_ACCESS_LOG
          value: /dev/stdout
        - name: KONG_PROXY_ERROR_LOG
          value: /dev/stderr
        - name: KONG_PROXY_LISTEN
          value: 0.0.0.0:8000, 0.0.0.0:8443 http2 ssl
        - name: KONG_STATUS_LISTEN
          value: 0.0.0.0:8100
        - name: KONG_STREAM_LISTEN
          value: "off"
        - name: KONG_LOG_LEVEL
          value: info
        image: 796597397193.dkr.ecr.cn-northwest-1.amazonaws.com.cn/kong:2.6.conf
        imagePullPolicy: IfNotPresent
        name: clear-stale-pid
        resources: {}
        securityContext: {}
        terminationMessagePath: /dev/termination-log
        terminationMessagePolicy: File
        volumeMounts:
        - mountPath: /kong_prefix/
          name: kong-istio-kong-prefix-dir
        - mountPath: /tmp
          name: kong-istio-kong-tmp
        - mountPath: /opt/kong/plugins/authentication
          name: kong-plugin-authentication
          readOnly: true
      restartPolicy: Always
      schedulerName: default-scheduler
      securityContext: {}
      serviceAccount: kong-istio-kong
      serviceAccountName: kong-istio-kong
      terminationGracePeriodSeconds: 30
      volumes:
      - emptyDir: {}
        name: kong-istio-kong-tmp
      - configMap:
          defaultMode: 420
          name: kong-plugin-authentication
        name: kong-plugin-authentication
      - hostPath:
          path: /data/logs/kong/
          type: ""
        name: kong-istio-kong-prefix-dir
status:
  availableReplicas: 1
  conditions:
  - lastTransitionTime: "2022-04-01T16:54:58Z"
    lastUpdateTime: "2022-04-01T16:54:58Z"
    message: Deployment has minimum availability.
    reason: MinimumReplicasAvailable
    status: "True"
    type: Available
  - lastTransitionTime: "2022-06-06T08:51:18Z"
    lastUpdateTime: "2022-06-07T02:58:50Z"
    message: ReplicaSet "kong-istio-kong-6758cb9b96" is progressing.
    reason: ReplicaSetUpdated
    status: "True"
    type: Progressing
  observedGeneration: 28
  readyReplicas: 1
  replicas: 2
  unavailableReplicas: 1
  updatedReplicas: 1

修改输出地址:

- name: KONG_PROXY_ACCESS_LOG
  value: /kong_prefix/logs/access-log.log custom_fmt
- name: KONG_PROXY_ERROR_LOG
  value: /kong_prefix/logs/error-log.log

修改日志格式为json格式:

        - name: KONG_NGINX_HTTP_LOG_FORMAT
          value: custom_fmt escape=json '{ \"remote_addr\":\"$remote_addr\", \"time_local\":\"$time_local\",
            \"request_method\":\"$request_method\", \"request\":\"$request\", \"status\":\"$status\",
            \"upstream_status\":\"$upstream_status\", \"body_bytes_sent\":\"$body_bytes_sent\",
            \"http_referer\":\"$http_referer\", \"http_user_agent\":\"$http_user_agent\",
            \"request_time\":\"$request_time\", \"upstream_response_time\":\"$upstream_response_time\"
            }'
            
-------------------------------原始格式-----最新----------------------------------
value: custom_fmt escape=json '{ \"@timestamp\":\"$time_iso8601\", \"source\":\"$server_addr\", \"hostname\":\"$hostname\", \"client\":\"$remote_addr\", \"request_method\":\"$request_method\", \"scheme\":\"$scheme\", \"domain\":\"$server_name\", \"referer\":\"$http_referer\", \"path\":\"$uri\", \"request\":\"$request_uri\", \"args\":\"$args\", \"status\":\"$status\", \"size\":\"$body_bytes_sent\", \"http_user_agent\":\"$http_user_agent\", \"responsetime\":\"$request_time\", \"upstreamtime\":\"$upstream_response_time\", \"upstreamaddr\":\"$upstream_addr\", \"https\":\"$https\" }'

----------------------------------更多字段-------------------------------------------
KONG_NGINX_HTTP_LOG_FORMAT="backend escape=json '{ \"x_forwarded_for\":\"\$http_x_forwarded_for\", \"client_ip\": \"\$remote_addr\", \"remote_user\": \"\$remote_user\", \"msec\": \"\$msec\", \"verb\": \"\$request_method\", \"base_url\": \"\$http_x_forwarded_proto://\$http_host\", \"url_path\": \"\$request_uri\", \"protocol_version\": \"\$server_protocol\", \"response\": \"\$status\", \"size_bytes\": \"\$body_bytes_sent\", \"http_referer\": \"\$http_referer\", \"useragent\": \"\$http_user_agent\", \"response_time\": \"\$upstream_header_time\", \"backend\": \"\$http_x_backend_name\", \"medium\": \"\$http_medium\", \"platform\": \"\$http_platform\", \"app_version\": \"\$http_app_version\", \"app_build\": \"\$http_app_build\", \"content_encoding\": \"\$http_content_encoding\", \"accept_encoding\": \"\$http_accept_encoding\" }'"

修改时区:

- name: TZ
  value: Asia/Shanghai

效果:


本博客所有文章除特别声明外,均采用 CC BY-SA 4.0 协议 ,转载请注明出处!