Merge 8998f31a3b into 86889532aa

internal/ingress/controller/config/config.go

@@ -532,22 +532,23 @@ func NewDefault() Configuration {
 		UseHTTP2:                   true,
 		ProxyStreamTimeout:         "600s",
 		Backend: defaults.Backend{
-			ProxyBodySize:         bodySize,
+			ProxyBodySize:               bodySize,
-			ProxyConnectTimeout:   5,
+			ProxyConnectTimeout:         5,
-			ProxyReadTimeout:      60,
+			ProxyReadTimeout:            60,
-			ProxySendTimeout:      60,
+			ProxySendTimeout:            60,
-			ProxyBufferSize:       "4k",
+			ProxyBufferSize:             "4k",
-			ProxyCookieDomain:     "off",
+			ProxyCookieDomain:           "off",
-			ProxyCookiePath:       "off",
+			ProxyCookiePath:             "off",
-			ProxyNextUpstream:     "error timeout invalid_header http_502 http_503 http_504",
+			ProxyNextUpstream:           "error timeout invalid_header http_502 http_503 http_504",
-			ProxyRequestBuffering: "on",
+			ProxyRequestBuffering:       "on",
-			ProxyRedirectFrom:     "off",
+			ProxyRedirectFrom:           "off",
-			SSLRedirect:           true,
+			SSLRedirect:                 true,
-			CustomHTTPErrors:      []int{},
+			CustomHTTPErrors:            []int{},
-			WhitelistSourceRange:  []string{},
+			WhitelistSourceRange:        []string{},
-			SkipAccessLogURLs:     []string{},
+			SkipAccessLogURLs:           []string{},
-			LimitRate:             0,
+			SkipAccessLogHTTPStatuses:   []string{},
-			LimitRateAfter:        0,
+			LimitRate:                   0,
+			LimitRateAfter:              0,
 		},
 		UpstreamKeepaliveConnections: 32,
 		LimitConnZoneVariable:        defaultLimitConnZoneVariable,

internal/ingress/controller/template/configmap.go

@@ -32,14 +32,15 @@ import (
 )
 
 const (
-	customHTTPErrors     = "custom-http-errors"
+	customHTTPErrors          = "custom-http-errors"
-	skipAccessLogUrls    = "skip-access-log-urls"
+	skipAccessLogUrls         = "skip-access-log-urls"
-	whitelistSourceRange = "whitelist-source-range"
+	skipAccessLogHTTPStatuses = "skip-access-log-http-statuses"
-	proxyRealIPCIDR      = "proxy-real-ip-cidr"
+	whitelistSourceRange      = "whitelist-source-range"
-	bindAddress          = "bind-address"
+	proxyRealIPCIDR           = "proxy-real-ip-cidr"
-	httpRedirectCode     = "http-redirect-code"
+	bindAddress               = "bind-address"
-	proxyStreamResponses = "proxy-stream-responses"
+	httpRedirectCode          = "http-redirect-code"
-	hideHeaders          = "hide-headers"
+	proxyStreamResponses      = "proxy-stream-responses"
+	hideHeaders               = "hide-headers"
 )
 
 var (
@@ -56,6 +57,7 @@ func ReadConfig(src map[string]string) config.Configuration {
 
 	errors := make([]int, 0)
 	skipUrls := make([]string, 0)
+	skipHTTPStatuses := make([]string, 0)
 	whitelist := make([]string, 0)
 	proxylist := make([]string, 0)
 	hideHeaderslist := make([]string, 0)
@@ -83,6 +85,10 @@ func ReadConfig(src map[string]string) config.Configuration {
 		delete(conf, skipAccessLogUrls)
 		skipUrls = strings.Split(val, ",")
 	}
+	if val, ok := conf[skipAccessLogHTTPStatuses]; ok {
+		delete(conf, skipAccessLogHTTPStatuses)
+		skipHTTPStatuses = strings.Split(val, ",")
+	}
 	if val, ok := conf[whitelistSourceRange]; ok {
 		delete(conf, whitelistSourceRange)
 		whitelist = append(whitelist, strings.Split(val, ",")...)
@@ -137,6 +143,7 @@ func ReadConfig(src map[string]string) config.Configuration {
 	to := config.NewDefault()
 	to.CustomHTTPErrors = filterErrors(errors)
 	to.SkipAccessLogURLs = skipUrls
+	to.SkipAccessLogHTTPStatuses = skipHTTPStatuses
 	to.WhitelistSourceRange = whitelist
 	to.ProxyRealIPCIDR = proxylist
 	to.BindAddressIpv4 = bindAddressIpv4List

internal/ingress/controller/template/configmap_test.go

@@ -33,20 +33,21 @@ func TestFilterErrors(t *testing.T) {
 
 func TestMergeConfigMapToStruct(t *testing.T) {
 	conf := map[string]string{
-		"custom-http-errors":         "300,400,demo",
+		"custom-http-errors":            "300,400,demo",
-		"proxy-read-timeout":         "1",
+		"proxy-read-timeout":            "1",
-		"proxy-send-timeout":         "2",
+		"proxy-send-timeout":            "2",
-		"skip-access-log-urls":       "/log,/demo,/test",
+		"skip-access-log-urls":          "/log,/demo,/test",
-		"use-proxy-protocol":         "true",
+		"skip-access-log-http-statuses": "^[23],204,302,^201",
-		"disable-access-log":         "true",
+		"use-proxy-protocol":            "true",
-		"access-log-path":            "/var/log/test/access.log",
+		"disable-access-log":            "true",
-		"error-log-path":             "/var/log/test/error.log",
+		"access-log-path":               "/var/log/test/access.log",
-		"use-gzip":                   "true",
+		"error-log-path":                "/var/log/test/error.log",
-		"enable-dynamic-tls-records": "false",
+		"use-gzip":                      "true",
-		"gzip-types":                 "text/html",
+		"enable-dynamic-tls-records":    "false",
-		"proxy-real-ip-cidr":         "1.1.1.1/8,2.2.2.2/24",
+		"gzip-types":                    "text/html",
-		"bind-address":               "1.1.1.1,2.2.2.2,3.3.3,2001:db8:a0b:12f0::1,3731:54:65fe:2::a7,33:33:33::33::33",
+		"proxy-real-ip-cidr":            "1.1.1.1/8,2.2.2.2/24",
-		"worker-shutdown-timeout":    "99s",
+		"bind-address":                  "1.1.1.1,2.2.2.2,3.3.3,2001:db8:a0b:12f0::1,3731:54:65fe:2::a7,33:33:33::33::33",
+		"worker-shutdown-timeout":       "99s",
 	}
 	def := config.NewDefault()
 	def.CustomHTTPErrors = []int{300, 400}
@@ -54,6 +55,7 @@ func TestMergeConfigMapToStruct(t *testing.T) {
 	def.AccessLogPath = "/var/log/test/access.log"
 	def.ErrorLogPath = "/var/log/test/error.log"
 	def.SkipAccessLogURLs = []string{"/log", "/demo", "/test"}
+	def.SkipAccessLogHTTPStatuses = []string{"^[23]", "204", "302", "^201"}
 	def.ProxyReadTimeout = 1
 	def.ProxySendTimeout = 2
 	def.EnableDynamicTLSRecords = false

internal/ingress/defaults/main.go

@@ -95,6 +95,12 @@ type Backend struct {
 	// By default this list is empty
 	SkipAccessLogURLs []string `json:"skip-access-log-urls,-"`
 
+	// SkipAccessLogHTTPStatuses sets a list of HTTP statuses that should not appear in the NGINX access log
+	// The status strings provided are interpreted by an NGINX map as regex
+	// This is useful with statuses like 2xx and 3xx that make "complex" reading the logs
+	// By default this list is empty
+	SkipAccessLogHTTPStatuses []string `json:"skip-access-log-http-statuses,-"`
+
 	// Enables or disables the redirect (301) to the HTTPS port
 	SSLRedirect bool `json:"ssl-redirect"`
 

rootfs/etc/nginx/template/nginx.tmpl

@@ -157,9 +157,20 @@ http {
 
     {{/* map urls that should not appear in access.log */}}
     {{/* http://nginx.org/en/docs/http/ngx_http_log_module.html#access_log */}}
-    map $request_uri $loggable {
+    map $request_uri $loggable_request_url {
         {{ range $reqUri := $cfg.SkipAccessLogURLs }}
         {{ $reqUri }} 0;{{ end }}
+    }
+
+    {{/* map HTTP statuses that should not appear in access.log */}}
+    {{/* http://nginx.org/en/docs/http/ngx_http_log_module.html#access_log */}}
+    map $status $loggable_http_status {
+        {{ range $reqHTTPStatus := $cfg.SkipAccessLogHTTPStatuses }}
+        ~{{ $reqHTTPStatus }} 0;{{ end }}
+    }
+
+    map "${loggable_request_url}${loggable_http_status}" $loggable {
+        ~0  0;
         default 1;
     }