DevFW-CICD/ingress-nginx-helm
14
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Merge pull request #3780 from arturxx8/master

Browse source 
Enable access log for default backend
This commit is contained in:
Kubernetes Prow Robot 2019-02-26 05:51:39 -08:00 committed by GitHub
commit ec632817ad
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
5 changed files with 119 additions and 71 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

5
docs/user-guide/nginx-configuration/configmap.md
View file

@ -32,6 +32,7 @@ The following table shows a configuration option's name, type, and the default v
|[hide-headers](#hide-headers)|string array|empty| |[hide-headers](#hide-headers)|string array|empty|
|[access-log-params](#access-log-params)|string|""| |[access-log-params](#access-log-params)|string|""|
|[access-log-path](#access-log-path)|string|"/var/log/nginx/access.log"| |[access-log-path](#access-log-path)|string|"/var/log/nginx/access.log"|
|[enable-access-log-for-default-backend](#enable-access-log-for-default-backend)|bool|"false"|
|[error-log-path](#error-log-path)|string|"/var/log/nginx/error.log"| |[error-log-path](#error-log-path)|string|"/var/log/nginx/error.log"|
|[enable-dynamic-tls-records](#enable-dynamic-tls-records)|bool|"true"| |[enable-dynamic-tls-records](#enable-dynamic-tls-records)|bool|"true"|
|[enable-modsecurity](#enable-modsecurity)|bool|"false"| |[enable-modsecurity](#enable-modsecurity)|bool|"false"|
@ -184,6 +185,10 @@ Access log path. Goes to `/var/log/nginx/access.log` by default.
__Note:__ the file `/var/log/nginx/access.log` is a symlink to `/dev/stdout` __Note:__ the file `/var/log/nginx/access.log` is a symlink to `/dev/stdout`
## enable-access-log-for-default-backend
Enables logging access to default backend. _**default:**_ is disabled.
## error-log-path ## error-log-path
Error log path. Goes to `/var/log/nginx/error.log` by default. Error log path. Goes to `/var/log/nginx/error.log` by default.

147
internal/ingress/controller/config/config.go
View file

@ -99,6 +99,10 @@ type Configuration struct {
// By default it's empty // By default it's empty
AccessLogParams string `json:"access-log-params,omitempty"` AccessLogParams string `json:"access-log-params,omitempty"`
// EnableAccessLogForDefaultBackend enable access_log for default backend
// By default this is disabled
EnableAccessLogForDefaultBackend bool `json:"enable-access-log-for-default-backend"`
// AccessLogPath sets the path of the access logs if enabled // AccessLogPath sets the path of the access logs if enabled
// http://nginx.org/en/docs/http/ngx_http_log_module.html#access_log // http://nginx.org/en/docs/http/ngx_http_log_module.html#access_log
// By default access logs go to /var/log/nginx/access.log // By default access logs go to /var/log/nginx/access.log
@ -595,77 +599,78 @@ func NewDefault() Configuration {
defProxyDeadlineDuration := time.Duration(5) * time.Second defProxyDeadlineDuration := time.Duration(5) * time.Second
cfg := Configuration{ cfg := Configuration{
AllowBackendServerHeader: false, AllowBackendServerHeader: false,
AccessLogPath: "/var/log/nginx/access.log", AccessLogPath: "/var/log/nginx/access.log",
AccessLogParams: "", AccessLogParams: "",
WorkerCPUAffinity: "", EnableAccessLogForDefaultBackend: false,
ErrorLogPath: "/var/log/nginx/error.log", WorkerCPUAffinity: "",
BlockCIDRs: defBlockEntity, ErrorLogPath: "/var/log/nginx/error.log",
BlockUserAgents: defBlockEntity, BlockCIDRs: defBlockEntity,
BlockReferers: defBlockEntity, BlockUserAgents: defBlockEntity,
BrotliLevel: 4, BlockReferers: defBlockEntity,
BrotliTypes: brotliTypes, BrotliLevel: 4,
ClientHeaderBufferSize: "1k", BrotliTypes: brotliTypes,
ClientHeaderTimeout: 60, ClientHeaderBufferSize: "1k",
ClientBodyBufferSize: "8k", ClientHeaderTimeout: 60,
ClientBodyTimeout: 60, ClientBodyBufferSize: "8k",
EnableDynamicTLSRecords: true, ClientBodyTimeout: 60,
EnableUnderscoresInHeaders: false, EnableDynamicTLSRecords: true,
ErrorLogLevel: errorLevel, EnableUnderscoresInHeaders: false,
UseForwardedHeaders: false, ErrorLogLevel: errorLevel,
ForwardedForHeader: "X-Forwarded-For", UseForwardedHeaders: false,
ComputeFullForwardedFor: false, ForwardedForHeader: "X-Forwarded-For",
ProxyAddOriginalURIHeader: true, ComputeFullForwardedFor: false,
GenerateRequestID: true, ProxyAddOriginalURIHeader: true,
HTTP2MaxFieldSize: "4k", GenerateRequestID: true,
HTTP2MaxHeaderSize: "16k", HTTP2MaxFieldSize: "4k",
HTTP2MaxRequests: 1000, HTTP2MaxHeaderSize: "16k",
HTTPRedirectCode: 308, HTTP2MaxRequests: 1000,
HSTS: true, HTTPRedirectCode: 308,
HSTSIncludeSubdomains: true, HSTS: true,
HSTSMaxAge: hstsMaxAge, HSTSIncludeSubdomains: true,
HSTSPreload: false, HSTSMaxAge: hstsMaxAge,
IgnoreInvalidHeaders: true, HSTSPreload: false,
GzipLevel: 5, IgnoreInvalidHeaders: true,
GzipTypes: gzipTypes, GzipLevel: 5,
KeepAlive: 75, GzipTypes: gzipTypes,
KeepAliveRequests: 100, KeepAlive: 75,
LargeClientHeaderBuffers: "4 8k", KeepAliveRequests: 100,
LogFormatEscapeJSON: false, LargeClientHeaderBuffers: "4 8k",
LogFormatStream: logFormatStream, LogFormatEscapeJSON: false,
LogFormatUpstream: logFormatUpstream, LogFormatStream: logFormatStream,
EnableMultiAccept: true, LogFormatUpstream: logFormatUpstream,
MaxWorkerConnections: 16384, EnableMultiAccept: true,
MaxWorkerOpenFiles: 0, MaxWorkerConnections: 16384,
MapHashBucketSize: 64, MaxWorkerOpenFiles: 0,
NginxStatusIpv4Whitelist: defNginxStatusIpv4Whitelist, MapHashBucketSize: 64,
NginxStatusIpv6Whitelist: defNginxStatusIpv6Whitelist, NginxStatusIpv4Whitelist: defNginxStatusIpv4Whitelist,
ProxyRealIPCIDR: defIPCIDR, NginxStatusIpv6Whitelist: defNginxStatusIpv6Whitelist,
ProxyProtocolHeaderTimeout: defProxyDeadlineDuration, ProxyRealIPCIDR: defIPCIDR,
ServerNameHashMaxSize: 1024, ProxyProtocolHeaderTimeout: defProxyDeadlineDuration,
ProxyHeadersHashMaxSize: 512, ServerNameHashMaxSize: 1024,
ProxyHeadersHashBucketSize: 64, ProxyHeadersHashMaxSize: 512,
ProxyStreamResponses: 1, ProxyHeadersHashBucketSize: 64,
ReusePort: true, ProxyStreamResponses: 1,
ShowServerTokens: true, ReusePort: true,
SSLBufferSize: sslBufferSize, ShowServerTokens: true,
SSLCiphers: sslCiphers, SSLBufferSize: sslBufferSize,
SSLECDHCurve: "auto", SSLCiphers: sslCiphers,
SSLProtocols: sslProtocols, SSLECDHCurve: "auto",
SSLSessionCache: true, SSLProtocols: sslProtocols,
SSLSessionCacheSize: sslSessionCacheSize, SSLSessionCache: true,
SSLSessionTickets: true, SSLSessionCacheSize: sslSessionCacheSize,
SSLSessionTimeout: sslSessionTimeout, SSLSessionTickets: true,
EnableBrotli: false, SSLSessionTimeout: sslSessionTimeout,
UseGzip: true, EnableBrotli: false,
UseGeoIP: true, UseGzip: true,
UseGeoIP2: false, UseGeoIP: true,
WorkerProcesses: strconv.Itoa(runtime.NumCPU()), UseGeoIP2: false,
WorkerShutdownTimeout: "10s", WorkerProcesses: strconv.Itoa(runtime.NumCPU()),
VariablesHashBucketSize: 128, WorkerShutdownTimeout: "10s",
VariablesHashMaxSize: 2048, VariablesHashBucketSize: 128,
UseHTTP2: true, VariablesHashMaxSize: 2048,
ProxyStreamTimeout: "600s", UseHTTP2: true,
ProxyStreamTimeout: "600s",
Backend: defaults.Backend{ Backend: defaults.Backend{
ProxyBodySize: bodySize, ProxyBodySize: bodySize,
ProxyConnectTimeout: 5, ProxyConnectTimeout: 5,

5
internal/ingress/controller/controller.go
View file

@ -18,6 +18,7 @@ package controller
import ( import (
"fmt" "fmt"
"k8s.io/ingress-nginx/internal/ingress/annotations/log"
"sort" "sort"
"strconv" "strconv"
"strings" "strings"
@ -928,6 +929,10 @@ func (n *NGINXController) createServers(data []*ingress.Ingress,
Backend: du.Name, Backend: du.Name,
Proxy: ngxProxy, Proxy: ngxProxy,
Service: du.Service, Service: du.Service,
Logs: log.Config{
Access: n.store.GetBackendConfiguration().EnableAccessLogForDefaultBackend,
Rewrite: false,
},
}, },
}} }}

2
rootfs/etc/nginx/template/nginx.tmpl
View file

@ -615,6 +615,8 @@ http {
{{ if $IsIPV6Enabled }}listen [::]:{{ $all.ListenPorts.Default }} default_server {{ if $all.Cfg.ReusePort }}reuseport{{ end }} backlog={{ $all.BacklogSize }};{{ end }} {{ if $IsIPV6Enabled }}listen [::]:{{ $all.ListenPorts.Default }} default_server {{ if $all.Cfg.ReusePort }}reuseport{{ end }} backlog={{ $all.BacklogSize }};{{ end }}
set $proxy_upstream_name "internal"; set $proxy_upstream_name "internal";
access_log off;
location / { location / {
return 404; return 404;
} }

31
test/e2e/defaultbackend/default_backend.go
View file

@ -98,4 +98,35 @@ var _ = framework.IngressNginxDescribe("Default backend", func() {
Expect(resp.StatusCode).Should(Equal(test.Status)) Expect(resp.StatusCode).Should(Equal(test.Status))
} }
}) })
It("enables access logging for default backend", func() {
f.UpdateNginxConfigMapData("enable-access-log-for-default-backend", "true")
host := "foo"
resp, _, errs := gorequest.New().
Get(f.GetURL(framework.HTTP)+"/somethingOne").
Set("Host", host).
End()
Expect(len(errs)).Should(Equal(0))
Expect(resp.StatusCode).Should(Equal(http.StatusNotFound))
logs, err := f.NginxLogs()
Expect(err).ToNot(HaveOccurred())
Expect(logs).To(ContainSubstring("/somethingOne"))
})
It("disables access logging for default backend", func() {
f.UpdateNginxConfigMapData("enable-access-log-for-default-backend", "false")
host := "bar"
resp, _, errs := gorequest.New().
Get(f.GetURL(framework.HTTP)+"/somethingTwo").
Set("Host", host).
End()
Expect(len(errs)).Should(Equal(0))
Expect(resp.StatusCode).Should(Equal(http.StatusNotFound))
logs, err := f.NginxLogs()
Expect(err).ToNot(HaveOccurred())
Expect(logs).ToNot(ContainSubstring("/somethingTwo"))
})
}) })