K8S kong网关日志配置
root@nx-eks-ctl:~# kg deployment.apps/kong-istio-kong -nkong-istio -oyaml
apiVersion: apps/v1
kind: Deployment
metadata:
annotations:
deployment.kubernetes.io/revision: "30"
kuma.io/gateway: enabled
meta.helm.sh/release-name: kong-istio
meta.helm.sh/release-namespace: kong-istio
traffic.sidecar.istio.io/includeInboundPorts: ""
creationTimestamp: "2021-12-14T08:38:28Z"
generation: 30
labels:
app.kubernetes.io/component: app
app.kubernetes.io/instance: kong-istio
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: kong
app.kubernetes.io/version: "2.6"
helm.sh/chart: kong-2.6.3
name: kong-istio-kong
namespace: kong-istio
resourceVersion: "90088561"
uid: 9f9bcb97-cc06-45b4-9f1f-360afb08b06d
spec:
progressDeadlineSeconds: 600
replicas: 1
revisionHistoryLimit: 10
selector:
matchLabels:
app.kubernetes.io/component: app
app.kubernetes.io/instance: kong-istio
app.kubernetes.io/name: kong
strategy:
rollingUpdate:
maxSurge: 25%
maxUnavailable: 25%
type: RollingUpdate
template:
metadata:
annotations:
kuma.io/gateway: enabled
traffic.sidecar.istio.io/includeInboundPorts: ""
creationTimestamp: null
labels:
app: kong-istio-kong
app.kubernetes.io/component: app
app.kubernetes.io/instance: kong-istio
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: kong
app.kubernetes.io/version: "2.6"
helm.sh/chart: kong-2.6.3
version: "2.6"
spec:
automountServiceAccountToken: true
containers:
- env:
- name: POD_NAME
valueFrom:
fieldRef:
apiVersion: v1
fieldPath: metadata.name
- name: POD_NAMESPACE
valueFrom:
fieldRef:
apiVersion: v1
fieldPath: metadata.namespace
- name: CONTROLLER_ELECTION_ID
value: kong-ingress-controller-leader-kong
- name: CONTROLLER_INGRESS_CLASS
value: kong
- name: CONTROLLER_KONG_ADMIN_TLS_SKIP_VERIFY
value: "true"
- name: CONTROLLER_KONG_ADMIN_URL
value: https://localhost:8444
- name: CONTROLLER_PUBLISH_SERVICE
value: kong-istio/kong-istio-kong-proxy
image: kong/kubernetes-ingress-controller:2.0
imagePullPolicy: IfNotPresent
livenessProbe:
failureThreshold: 3
httpGet:
path: /healthz
port: 10254
scheme: HTTP
initialDelaySeconds: 30
periodSeconds: 10
successThreshold: 1
timeoutSeconds: 5
name: ingress-controller
ports:
- containerPort: 10255
name: cmetrics
protocol: TCP
readinessProbe:
failureThreshold: 3
httpGet:
path: /healthz
port: 10254
scheme: HTTP
initialDelaySeconds: 30
periodSeconds: 10
successThreshold: 1
timeoutSeconds: 5
resources:
limits:
cpu: "2"
memory: 2Gi
requests:
cpu: 500m
memory: 512Mi
securityContext: {}
terminationMessagePath: /dev/termination-log
terminationMessagePolicy: File
- env:
- name: KONG_ADMIN_ACCESS_LOG
value: /dev/stdout custom_fmt
- name: KONG_ADMIN_ERROR_LOG
value: /dev/stderr
- name: KONG_ADMIN_GUI_ACCESS_LOG
value: /dev/stdout custom_fmt
- name: KONG_ADMIN_GUI_ERROR_LOG
value: /dev/stderr
- name: KONG_ADMIN_LISTEN
value: 127.0.0.1:8444 http2 ssl
- name: KONG_CLUSTER_LISTEN
value: "off"
- name: KONG_DATABASE
value: "off"
- name: KONG_KIC
value: "on"
- name: KONG_LUA_PACKAGE_PATH
value: /opt/?.lua;/opt/?/init.lua;;
- name: KONG_NGINX_HTTP_LUA_SHARED_DICT
value: redis_cluster_slot_locks 100k
- name: KONG_NGINX_WORKER_PROCESSES
value: "2"
- name: KONG_PLUGINS
value: bundled,authentication
- name: KONG_PORTAL_API_ACCESS_LOG
value: /dev/stdout custom_fmt
- name: KONG_PORTAL_API_ERROR_LOG
value: /dev/stderr
- name: KONG_PORT_MAPS
value: 80:8000, 443:8443
- name: KONG_PREFIX
value: /kong_prefix/
- name: KONG_PROXY_ACCESS_LOG
value: /kong_prefix/logs/access-log.log custom_fmt
- name: KONG_PROXY_ERROR_LOG
value: /kong_prefix/logs/error-log.log
- name: KONG_PROXY_LISTEN
value: 0.0.0.0:8000, 0.0.0.0:8443 http2 ssl
- name: KONG_STATUS_LISTEN
value: 0.0.0.0:8100
- name: KONG_STREAM_LISTEN
value: "off"
- name: KONG_NGINX_DAEMON
value: "off"
- name: KONG_LOG_LEVEL
value: info
- name: TZ
value: Asia/Shanghai
- name: KONG_NGINX_HTTP_LOG_FORMAT
value: custom_fmt escape=json '{ \"@timestamp\":\"$time_iso8601\", \"@source\":\"$server_addr\",
\"@hostname\":\"$hostname\", \"ip\":\"$remote_addr\", \"client\":\"$remote_addr\",
\"request_method\":\"$request_method\", \"scheme\":\"$scheme\", \"domain\":\"$server_name\",
\"referer\":\"$http_referer\", \"request\":\"$request_uri\", \"args\":\"$args\",
\"status\":\"$status\", \"upstream_status\":\"$upstream_status\", \"size\":\"$body_bytes_sent\",
\"http_user_agent\":\"$http_user_agent\", \"responsetime\":\"$request_time\",
\"upstreamtime\":\"$upstream_response_time\", \"upstreamaddr\":\"$upstream_addr\",
\"https\":\"$https\" }'
image: 796597397193.dkr.ecr.cn-northwest-1.amazonaws.com.cn/kong:2.6.conf
imagePullPolicy: IfNotPresent
lifecycle:
preStop:
exec:
command:
- /bin/sh
- -c
- /bin/sleep 15 && kong quit
livenessProbe:
failureThreshold: 3
httpGet:
path: /status
port: status
scheme: HTTP
initialDelaySeconds: 30
periodSeconds: 10
successThreshold: 1
timeoutSeconds: 5
name: proxy
ports:
- containerPort: 8000
name: proxy
protocol: TCP
- containerPort: 8443
name: proxy-tls
protocol: TCP
- containerPort: 8100
name: status
protocol: TCP
readinessProbe:
failureThreshold: 3
httpGet:
path: /status
port: status
scheme: HTTP
initialDelaySeconds: 30
periodSeconds: 10
successThreshold: 1
timeoutSeconds: 5
resources: {}
securityContext: {}
terminationMessagePath: /dev/termination-log
terminationMessagePolicy: File
volumeMounts:
- mountPath: /kong_prefix/
name: kong-istio-kong-prefix-dir
- mountPath: /tmp
name: kong-istio-kong-tmp
- mountPath: /opt/kong/plugins/authentication
name: kong-plugin-authentication
readOnly: true
dnsPolicy: ClusterFirst
imagePullSecrets:
- name: docker-registry-secret
initContainers:
- command:
- rm
- -vrf
- $KONG_PREFIX/pids
env:
- name: KONG_ADMIN_ACCESS_LOG
value: /dev/stdout
- name: KONG_ADMIN_ERROR_LOG
value: /dev/stderr
- name: KONG_ADMIN_GUI_ACCESS_LOG
value: /dev/stdout
- name: KONG_ADMIN_GUI_ERROR_LOG
value: /dev/stderr
- name: KONG_ADMIN_LISTEN
value: 127.0.0.1:8444 http2 ssl
- name: KONG_CLUSTER_LISTEN
value: "off"
- name: KONG_DATABASE
value: "off"
- name: KONG_KIC
value: "on"
- name: KONG_LUA_PACKAGE_PATH
value: /opt/?.lua;/opt/?/init.lua;;
- name: KONG_NGINX_HTTP_LUA_SHARED_DICT
value: redis_cluster_slot_locks 100k
- name: KONG_NGINX_WORKER_PROCESSES
value: "2"
- name: KONG_PLUGINS
value: bundled,authentication
- name: KONG_PORTAL_API_ACCESS_LOG
value: /dev/stdout
- name: KONG_PORTAL_API_ERROR_LOG
value: /dev/stderr
- name: KONG_PORT_MAPS
value: 80:8000, 443:8443
- name: KONG_PREFIX
value: /kong_prefix/
- name: KONG_PROXY_ACCESS_LOG
value: /dev/stdout
- name: KONG_PROXY_ERROR_LOG
value: /dev/stderr
- name: KONG_PROXY_LISTEN
value: 0.0.0.0:8000, 0.0.0.0:8443 http2 ssl
- name: KONG_STATUS_LISTEN
value: 0.0.0.0:8100
- name: KONG_STREAM_LISTEN
value: "off"
- name: KONG_LOG_LEVEL
value: info
image: 796597397193.dkr.ecr.cn-northwest-1.amazonaws.com.cn/kong:2.6.conf
imagePullPolicy: IfNotPresent
name: clear-stale-pid
resources: {}
securityContext: {}
terminationMessagePath: /dev/termination-log
terminationMessagePolicy: File
volumeMounts:
- mountPath: /kong_prefix/
name: kong-istio-kong-prefix-dir
- mountPath: /tmp
name: kong-istio-kong-tmp
- mountPath: /opt/kong/plugins/authentication
name: kong-plugin-authentication
readOnly: true
restartPolicy: Always
schedulerName: default-scheduler
securityContext: {}
serviceAccount: kong-istio-kong
serviceAccountName: kong-istio-kong
terminationGracePeriodSeconds: 30
volumes:
- emptyDir: {}
name: kong-istio-kong-tmp
- configMap:
defaultMode: 420
name: kong-plugin-authentication
name: kong-plugin-authentication
- hostPath:
path: /data/logs/kong/
type: ""
name: kong-istio-kong-prefix-dir
status:
availableReplicas: 1
conditions:
- lastTransitionTime: "2022-04-01T16:54:58Z"
lastUpdateTime: "2022-04-01T16:54:58Z"
message: Deployment has minimum availability.
reason: MinimumReplicasAvailable
status: "True"
type: Available
- lastTransitionTime: "2022-06-06T08:51:18Z"
lastUpdateTime: "2022-06-07T02:58:50Z"
message: ReplicaSet "kong-istio-kong-6758cb9b96" is progressing.
reason: ReplicaSetUpdated
status: "True"
type: Progressing
observedGeneration: 28
readyReplicas: 1
replicas: 2
unavailableReplicas: 1
updatedReplicas: 1
修改输出地址:
- name: KONG_PROXY_ACCESS_LOG
value: /kong_prefix/logs/access-log.log custom_fmt
- name: KONG_PROXY_ERROR_LOG
value: /kong_prefix/logs/error-log.log
修改日志格式为json格式:
- name: KONG_NGINX_HTTP_LOG_FORMAT
value: custom_fmt escape=json '{ \"remote_addr\":\"$remote_addr\", \"time_local\":\"$time_local\",
\"request_method\":\"$request_method\", \"request\":\"$request\", \"status\":\"$status\",
\"upstream_status\":\"$upstream_status\", \"body_bytes_sent\":\"$body_bytes_sent\",
\"http_referer\":\"$http_referer\", \"http_user_agent\":\"$http_user_agent\",
\"request_time\":\"$request_time\", \"upstream_response_time\":\"$upstream_response_time\"
}'
-------------------------------原始格式-----最新----------------------------------
value: custom_fmt escape=json '{ \"@timestamp\":\"$time_iso8601\", \"source\":\"$server_addr\", \"hostname\":\"$hostname\", \"client\":\"$remote_addr\", \"request_method\":\"$request_method\", \"scheme\":\"$scheme\", \"domain\":\"$server_name\", \"referer\":\"$http_referer\", \"path\":\"$uri\", \"request\":\"$request_uri\", \"args\":\"$args\", \"status\":\"$status\", \"size\":\"$body_bytes_sent\", \"http_user_agent\":\"$http_user_agent\", \"responsetime\":\"$request_time\", \"upstreamtime\":\"$upstream_response_time\", \"upstreamaddr\":\"$upstream_addr\", \"https\":\"$https\" }'
----------------------------------更多字段-------------------------------------------
KONG_NGINX_HTTP_LOG_FORMAT="backend escape=json '{ \"x_forwarded_for\":\"\$http_x_forwarded_for\", \"client_ip\": \"\$remote_addr\", \"remote_user\": \"\$remote_user\", \"msec\": \"\$msec\", \"verb\": \"\$request_method\", \"base_url\": \"\$http_x_forwarded_proto://\$http_host\", \"url_path\": \"\$request_uri\", \"protocol_version\": \"\$server_protocol\", \"response\": \"\$status\", \"size_bytes\": \"\$body_bytes_sent\", \"http_referer\": \"\$http_referer\", \"useragent\": \"\$http_user_agent\", \"response_time\": \"\$upstream_header_time\", \"backend\": \"\$http_x_backend_name\", \"medium\": \"\$http_medium\", \"platform\": \"\$http_platform\", \"app_version\": \"\$http_app_version\", \"app_build\": \"\$http_app_build\", \"content_encoding\": \"\$http_content_encoding\", \"accept_encoding\": \"\$http_accept_encoding\" }'"
修改时区:
- name: TZ
value: Asia/Shanghai
效果:
本博客所有文章除特别声明外,均采用 CC BY-SA 4.0 协议 ,转载请注明出处!