如何将 x-forwarded-for 字段添加到 nginx 入口控制器的访问日志中?

How do I add the x-forwarded-for field to my access logs for the nginx ingress controller?

我在 gke 上使用 nginx 入口控制器,默认情况下,这些是我的访问日志的样子:

"10.123.0.20 - [10.123.0.20] - - [22/Apr/2019:18:47:59 +0000] "GET /sdflksdf/sdfsdf HTTP/2.0" 404 0 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_2) AppleWebKit/538.12 (KHTML, like Gecko) Chrome/73.0.3683.100 Safari/537.36" 26 0.002 [default-blah-80] 10.44.0.26:80 0 0.001 404 skjf0s93jf0ws93jfsijf3s3fjs3i

我想在我的访问日志中添加 x-forwarded-for header。如果可能的话,我希望将该字段添加到当前日志行的末尾。或者我想在日志行的开头也可以。

我正在查看他们的文档,但我不清楚如何将 x-forwarded-for 添加到访问日志: https://kubernetes.github.io/ingress-nginx/user-guide/nginx-configuration/log-format/

您应该使用 ConfigMap 来 customize the NGINX configuration:

ConfigMaps allow you to decouple configuration artifacts from image content to keep containerized applications portable.

The ConfigMap API resource stores configuration data as key-value pairs. The data provides the configurations for system components for the nginx-controller.

配置自定义日志,需要使用log-format-upstream键。

例如:

创建以下配置图:

apiVersion: v1
data:
  log-format-upstream: '$remote_addr - $request_id - [$proxy_add_x_forwarded_for] - $remote_user [$time_local] "$request" $status $body_bytes_sent "$http_referer" "$http_user_agent" $request_length $request_time [$proxy_upstream_name] $upstream_addr $upstream_response_length $upstream_response_time $upstream_status'
kind: ConfigMap
metadata:
  name: nginx-ingress-config

并确保您使用 --configmap=$(POD_NAMESPACE)/nginx-ingress-config 作为 nginx-ingress-controller (example from offical repo here) 的命令 args

通过将 controller.service.externalTrafficPolicy 设置为本地,从 helm 官方仓库安装 nginx-ingress

helm install nginx-ingress stable/nginx-ingress --set rbac.create=true --set controller.service.externalTrafficPolicy=Local