Ingress nginx

svc๋ฅผ ingress๋กœ ์™ธ๋ถ€์— ์˜คํ”ˆ

regex

https://kubernetes.github.io/ingress-nginx/user-guide/ingress-path-matching/

  • priority

    In NGINX, regular expressions follow a first match policy, ๊ทธ๋Ÿฌ๋ฏ€๋กœ ingress nginx๊ฐ€ ์ •๊ทœ์‹์˜ ๊ธธ์ด๋ฅผ ๊ธฐ์ค€์œผ๋กœ ์—ญ์ˆœ์œผ๋กœ ์ •๋ ฌ์„ ํ•œํ›„ controller์— ์—…๋ฐ์ดํŠธํ•ฉ๋‹ˆ๋‹ค.

apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
  name: test-ingress-1
spec:
  rules:
    - host: test.com
      http:
        paths:
          - path: /foo/bar
            backend:
              serviceName: service1
              servicePort: 80
          - path: /foo/bar/
            backend:
              serviceName: service2
              servicePort: 80
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
  name: test-ingress-2
  annotations:
    nginx.ingress.kubernetes.io/rewrite-target: /$1
spec:
  rules:
    - host: test.com
      http:
        paths:
          - path: /foo/bar/(.+)
            backend:
              serviceName: service3
              servicePort: 80

์ด ๊ฐ™์€ ํŒŒ์ผ์ด ๋‘๊ฐœ๋ฉด ์•„๋ž˜์™€ ๊ฐ™์ด ์ •๋ ฌ

location ~* ^/foo/bar/.+ {
  ...
}

location ~* "^/foo/bar/" {
  ...
}

location ~* "^/foo/bar" {
  ...
}
  • test.com/foo/bar/1 matches ~* ^/foo/bar/.+ and will go to service 3.

  • test.com/foo/bar/ matches ~* ^/foo/bar/ and will go to service 2.

  • test.com/foo/bar matches ~* ^/foo/bar and will go to service 1.

ํ…Œ์ŠคํŠธ๋ฅผ ์œ„ํ•ด ๋‹ค์Œ๊ณผ๊ฐ™์€ yaml์„ ๋งŒ๋“ค์–ด์„œ ์ ์šฉํ•˜์—ฟ๋‹ค.

apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
  name: test-ingress-1
  namespace: default
  annotations:
    kubernetes.io/ingress.class: nginx
spec:
  rules:
    - host: c4.aaaa.com
      http:
        paths:
          - path: /
            pathType: Prefix
            backend:
              service:
                name: front
                port:
                  name: http
---
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
  name: test-ingress-2
  namespace: default
  annotations:
    kubernetes.io/ingress.class: nginx
    nginx.ingress.kubernetes.io/rewrite-target: /$1
spec:
  rules:
    - host: c4.aaaa.com
      http:
        paths:
          - path: /api(/|$)(.*)/i
            pathType: Prefix
            backend:
              service:
                name: api
                port:
                  name: http

๊ฒฐ๊ณผ ์ƒ์„ฑ๋œ ํŒŒ์ผ์ด๋‹ค. ๊ฒฐ๋ก ๋ถ€ํ„ฐ ์ด์•ผ๊ธฐํ•˜๋ฉด ingress์— rewrite๋ฅผ ์“ฐ๋ฉด ๊ทธ ์ธ๊ทธ๋ ˆ์Šค์—๋งŒ ์ ์šฉ์ด ๋œ๋‹ค. ์•„๋ž˜๋ณด๋ฉด /api๋ถ€๋ถ„์—๋งŒ rewrite $1 ๊ฐ€ ์ ์šฉ๋˜์–ด ์žˆ๋‹ค.

## start server c4.aaaa.com
server {
  server_name c4.aaaa.com ;

  listen 80  ;
  listen [::]:80  ;
  listen 443  ssl http2 ;
  listen [::]:443  ssl http2 ;

  set $proxy_upstream_name "-";

  ssl_certificate_by_lua_block {
    certificate.call()
  }

  location ~* "^/api(/|$)(.*)" {

    set $namespace      "default";
    set $ingress_name   "test-ingress-2";
    set $service_name   "api";
    set $service_port   "http";
    set $location_path  "/api(/|${literal_dollar})(.*)";
    set $global_rate_limit_exceeding n;

    rewrite_by_lua_block {
      lua_ingress.rewrite({
        force_ssl_redirect = false,
        ssl_redirect = true,
        force_no_ssl_redirect = false,
        preserve_trailing_slash = false,
        use_port_in_redirects = false,
        global_throttle = { namespace = "", limit = 0, window_size = 0, key = { }, ignored_cidrs = { } }
      })
      balancer.rewrite()
      plugins.run()
    }

    ...

    port_in_redirect off;

    set $balancer_ewma_score -1;
    set $proxy_upstream_name "default-api-http";
    set $proxy_host          $proxy_upstream_name;
    set $pass_access_scheme  $scheme;

    set $pass_server_port    $server_port;

    set $best_http_host      $http_host;
    set $pass_port           $pass_server_port;

    set $proxy_alternative_upstream_name "";

    client_max_body_size                    1m;

    proxy_set_header Host                   $best_http_host;

    # Pass the extracted client certificate to the backend

    # Allow websocket connections
    proxy_set_header                        Upgrade           $http_upgrade;

    proxy_set_header                        Connection        $connection_upgrade;

    proxy_set_header X-Request-ID           $req_id;
    proxy_set_header X-Real-IP              $remote_addr;

    proxy_set_header X-Forwarded-For        $remote_addr;

    proxy_set_header X-Forwarded-Host       $best_http_host;
    proxy_set_header X-Forwarded-Port       $pass_port;
    proxy_set_header X-Forwarded-Proto      $pass_access_scheme;
    proxy_set_header X-Forwarded-Scheme     $pass_access_scheme;

    proxy_set_header X-Scheme               $pass_access_scheme;

    # Pass the original X-Forwarded-For
    proxy_set_header X-Original-Forwarded-For $http_x_forwarded_for;

    # mitigate HTTPoxy Vulnerability
    # https://www.nginx.com/blog/mitigating-the-httpoxy-vulnerability-with-nginx/
    proxy_set_header Proxy                  "";
    # Custom headers to proxied server

    proxy_connect_timeout                   5s;
    proxy_send_timeout                      60s;
    proxy_read_timeout                      60s;

    proxy_buffering                         off;
    proxy_buffer_size                       4k;
    proxy_buffers                           4 4k;

    proxy_max_temp_file_size                1024m;

    proxy_request_buffering                 on;
    proxy_http_version                      1.1;

    proxy_cookie_domain                     off;
    proxy_cookie_path                       off;

    # In case of errors try the next upstream server before returning an error
    proxy_next_upstream                     error timeout;
    proxy_next_upstream_timeout             0;
    proxy_next_upstream_tries               3;

    rewrite "(?i)/api(/|$)(.*)" /$1 break;  # <------------์—ฌ๊ธฐ
    proxy_pass http://upstream_balancer;

    proxy_redirect                          off;

  }

  location ~* "^/" {

    set $namespace      "default";
    set $ingress_name   "test-ingress-1";
    set $service_name   "front";
    set $service_port   "http";
    set $location_path  "/";
    set $global_rate_limit_exceeding n;

    rewrite_by_lua_block {
      lua_ingress.rewrite({
        force_ssl_redirect = false,
        ssl_redirect = true,
        force_no_ssl_redirect = false,
        preserve_trailing_slash = false,
        use_port_in_redirects = false,
        global_throttle = { namespace = "", limit = 0, window_size = 0, key = { }, ignored_cidrs = { } }
      })
      balancer.rewrite()
      plugins.run()
    }

    port_in_redirect off;

    set $balancer_ewma_score -1;
    set $proxy_upstream_name "default-front-http";
    set $proxy_host          $proxy_upstream_name;
    set $pass_access_scheme  $scheme;

    set $pass_server_port    $server_port;

    set $best_http_host      $http_host;
    set $pass_port           $pass_server_port;

    set $proxy_alternative_upstream_name "";

    client_max_body_size                    1m;

    proxy_set_header Host                   $best_http_host;

    # Pass the extracted client certificate to the backend

    # Allow websocket connections
    proxy_set_header                        Upgrade           $http_upgrade;

    proxy_set_header                        Connection        $connection_upgrade;

    proxy_set_header X-Request-ID           $req_id;
    proxy_set_header X-Real-IP              $remote_addr;

    proxy_set_header X-Forwarded-For        $remote_addr;

    proxy_set_header X-Forwarded-Host       $best_http_host;
    proxy_set_header X-Forwarded-Port       $pass_port;
    proxy_set_header X-Forwarded-Proto      $pass_access_scheme;
    proxy_set_header X-Forwarded-Scheme     $pass_access_scheme;

    proxy_set_header X-Scheme               $pass_access_scheme;

    # Pass the original X-Forwarded-For
    proxy_set_header X-Original-Forwarded-For $http_x_forwarded_for;

    # mitigate HTTPoxy Vulnerability
    # https://www.nginx.com/blog/mitigating-the-httpoxy-vulnerability-with-nginx/
    proxy_set_header Proxy                  "";

    # Custom headers to proxied server

    proxy_connect_timeout                   5s;
    proxy_send_timeout                      60s;
    proxy_read_timeout                      60s;

    proxy_buffering                         off;
    proxy_buffer_size                       4k;
    proxy_buffers                           4 4k;

    proxy_max_temp_file_size                1024m;

    proxy_request_buffering                 on;
    proxy_http_version                      1.1;

    proxy_cookie_domain                     off;
    proxy_cookie_path                       off;

    # In case of errors try the next upstream server before returning an error
    proxy_next_upstream                     error timeout;
    proxy_next_upstream_timeout             0;
    proxy_next_upstream_tries               3;

    proxy_pass http://upstream_balancer;

    proxy_redirect                          off;

  }

}
## end server c4.aaaa.com

์ฃผ์˜์‚ฌํ•ญ

์•„๋ž˜์™€ ๊ฐ™์ด ๋งŒ๋“ค๋ฉด ๋ฌธ์ œ๊ฐ€ ์ž‡์„์ˆ˜ ์žˆ๋‹ค.

apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
  name: test-ingress-3
  annotations:
    nginx.ingress.kubernetes.io/use-regex: 'true'
spec:
  rules:
    - host: test.com
      http:
        paths:
          - path: /foo/bar/bar
            backend:
              serviceName: test-a
              servicePort: 80
          - path: /foo/bar/[A-Z0-9]{3}
            backend:
              serviceName: test-b
              servicePort: 80

์ƒ์„ฑ๋œ ๊ฒฐ๊ณผ๋Š” ๋‹ค์Œ๊ณผ ๊ฐ™๋‹ค.

location ~* "^/foo/bar/[A-Z0-9]{3}" {
  ...
}
location ~* "^/foo/bar/bar" {
  ...
}

test.com/foo/bar/bar ์ด๊ฑธ ์š”์ฒญํ•˜๋ฉด ^/foo/bar/[A-Z0-9]{3} ์—ฌ๊ธฐ์— ๊ฑธ๋ ค๋ฒ„๋ฆฐ๋‹ค. ์›ํ•˜๋Š”๋Œ€๋กœ ์•ˆ๋œ๋‹ค.

๋” ์•Œ๊ณ  ์‹ถ์œผ๋ฉด ๋‹ค์Œ ๋งํฌ๋ฅผ ์ฝ์–ด๋ณด๋ฉด๋œ๋‹ค.

https://www.digitalocean.com/community/tutorials/understanding-nginx-server-and-location-block-selection-algorithms

log - 2022-09-11

๋กœ๊ทธ๋ฅผ ์ปค์Šคํ„ฐ๋งˆ์ด์ฆˆ ํ•˜๊ณ  ์‹ถ์€ ๊ฒฝ์šฐ๊ฐ€ ์žˆ๋‹ค. ๊ด€๋ จ ๋„ํ๋จผํŠธ๋Š” ๋‹ค์Œ์—์„œ ์–ป์„์ˆ˜ ์žˆ๋‹ค.

log-format์€ ํฐ ๋„์›€์ด ์•ˆ๋˜์—ˆ๋‹ค. ๊ทธ๋ž˜์„œ 2๋ฒˆ์„ ์ฐธ๊ณ ํ•ด์„œ ์ง„ํ–‰ํ–‡๋‹ค.

configmap์„ ์ถ”๊ฐ€ํ•˜๋ฉด ๋˜๋Š”๊ฒƒ์ธ๋ฐ helm์„ ์‚ฌ์šฉํ•˜๋‹ค๋ณด๋‹ˆ ์–ด๋””์— ์ถ”๊ฐ€ํ•˜๋Š”์ง€ ์ƒ˜ํ”Œ์ด ์—†์–ด์„œ ๊ณ ์ƒํ–‡๋‹ค.

heml์ฐจํŠธ์— ๋ณด๋ฉด ๋‹ค์Œ ๋ถ€๋ถ„์ด ์žˆ๋‹ค.

# Will add custom configuration options to Nginx https://kubernetes.github.io/ingress-nginx/user-guide/nginx-configuration/configmap/
# config: {} #์ด๋ถ€๋ถ„
config:
  enable-underscores-in-headers: on
  log-format-upstream: '$ingress_name "$request" $status $body_bytes_sent "$http_referer" "$http_user_agent" $request_length $request_time [$proxy_upstream_name] [$proxy_alternative_upstream_name] $upstream_addr $upstream_response_length $upstream_response_time $upstream_status $req_id'

์ฃผ์„์ฒ˜๋ฆฌํ›„ ์•„๋ž˜์ฒ˜๋Ÿผ ์ถ”๊ฐ€ configmap๊ด€๋ จ ๋‚ด์šฉ์„ ์ถ”๊ฐ€ํ–‡๋‹ค.

์—ฌ๊ธฐ์„œ ์ฃผ์˜ํ• ๊ฑด log-format-upstream์„ ์ˆ˜์ •ํ•ด์•ผ๋œ๋‹ค.

์•„๋ž˜ ๋ณด์ด๋Š” log-format-stream์„ ๊ฐ€์ง€๊ณ  ์•„๋ฌด๋ฆฌ ํ•ด๋„ ์ ์šฉ๋˜์ง€๊ฐ€ ์•Š์•—๋‹ค. log-format-upstream์„ ์‚ฌ์šฉํ•˜๋Š”๊ฑธ ๋ณด๊ณ  ์ ์šฉํ•ด๋ณด๋‹ˆ ์ž˜ ๋˜์—ˆ๋‹ค.

๊ธฐ๋ณธ๊ฐ’์€ ๋‹ค์Œ๊ณผ ๊ฐ™๋‹ค.

$remote_addr - $remote_user [$time_local] "$request" $status $body_bytes_sent "$http_referer" "$http_user_agent" $request_length $request_time [$proxy_upstream_name] [$proxy_alternative_upstream_name] $upstream_addr $upstream_response_length $upstream_response_time $upstream_status $req_id

๋‚˜์˜ ๊ฒฝ์šฐ๋Š” ๋กœ๊ทธ์— ingress name์„ ์ถ”๊ฐ€๋กœ ๋„ฃ๊ณ  ์‹ถ์—‡๋‹ค. ํ™•์ธํ•ด๋ณด๋‹ˆ 1๋ฒˆ ๋ฌธ์„œ์—์„œ ์ถ”๊ฐ€๋กœ ์‚ฌ์šฉํ• ์ˆ˜ ์žˆ๋‹ค๊ณ  ํ•œ๋‹ค.

๊ทธ๋ž˜์„œ ๋‹ค์Œ๊ณผ ๊ฐ™์ด ์ถ”๊ฐ€ํ–‡๋‹ค.

# Will add custom configuration options to Nginx https://kubernetes.github.io/ingress-nginx/user-guide/nginx-configuration/configmap/
config:
  enable-underscores-in-headers: on
  log-format-upstream: '$ingress_name "$request" $status $body_bytes_sent "$http_referer" "$http_user_agent" $request_length $request_time [$proxy_upstream_name] [$proxy_alternative_upstream_name] $upstream_addr $upstream_response_length $upstream_response_time $upstream_status $req_id'

๋‚˜์˜ ๊ฒฝ์šฐ๋Š” ๊ณ ๊ฐ ์•„์ดํ”ผ๋Š” ์ค‘์š”ํ•œ ์ƒํ™ฉ์ด ์•„๋‹ˆ๊ณ  ๋กœ์ปฌ ์‹œ๊ฐ„๋„ ์ค‘์š”์น˜ ์•Š์•„์„œ ์ œ๊ฑฐํ•˜๊ณ  ์ธ๊ทธ๋ ˆ์Šค ์ด๋ฆ„์„ ๋งจ ์ฒ˜์Œ์— ๋„ฃ์–ด์ฃผ๊ณ  ๋‚˜๋จธ์ง€๋Š” ๊ธฐ๋ณธ๊ฐ’์„ ์‚ฌ์šฉํ–‡๋‹ค.

๊ทธ๋ฆฌ๊ณ  ๋กœ๊ทธ๋ฅผ ํ™•์ธํ•ด๋ณด๋‹ˆ ๋‹ค์Œ๊ณผ ๊ฐ™์ด ์ž˜ ๋‚˜์˜ค๋Š”๊ฒƒ์„ ํ™•์ธํ–‡๋‹ค.

loki์—์„œ ํ™•์ธํ•ด๋ณด๊ธฐ

์ด์ œ ๋กœ๊ทธ๋ฅผ ๋กœํ‚ค์—์„œ ํ™•์ธํ•ด๋ณด์ž.

# ๊ธฐ์กด
{namespace=~"nginx"} | pattern `<remote_addr> - - <time_local> "<method> <_> <_>" <status> <_> <_> "<_>" <_>`  | status="400"

# ์ˆ˜์ •ํ›„
{namespace=~"nginx"} | pattern `<ingress> "<method> <_> <_>" <status> <_> <_> "<_>" <_>` | status=~"[4-5].*" | ingress="IngeressName"

์ด๋ ‡๊ฒŒ ํ•˜๋ฉด ingress name๋ณ„๋กœ ํ•„ํ„ฐ๊ฐ€ ๊ฐ€๋Šฅํ•ด์ง„๋‹ค.

grafana dash board

์•„๋ž˜์ฒ˜๋Ÿผ dashboard๋ฅผ ๋งŒ๋“ค์–ด ๋ณด์•—๋‹ค.

์œ„์— ๋‘ ๊ทธ๋ž˜ํ”„๋Š” ํ”„๋กœ๋ฉ”ํ…Œ์šฐ์Šค์—์„œ ๋ฉ”ํŠธ๋ฆญ์„ ๊ฐ€์ ธ์™€์„œ ํ‘œํ˜„ํ•˜๊ณ  ๋งˆ์ง€๋ง‰ ํ…Œ์ด๋ธ”์€ ๋กœํ‚ค์—์„œ ๋กœ๊ทธ๋ฅผ ๊ฐ€์ ธ์™€์„œ ๋ฟŒ๋ ค์ค€๋‹ค.

์—๋Ÿฌ๊ฐ€ ๋ฐœ์ƒํ• ๋•Œ ์ด์ œ ๋กœ๊ทธ๋„ ํ•จ๊ป˜ ๋ณผ์ˆ˜๊ฐ€ ์žˆ์–ด์„œ ์ข‹๋‹ค.

๋ฐ์‹œ๋ณด๋“œ ์ฝ”๋“œ๋Š” ๋‹ค์Œ๊ณผ ๊ฐ™๋‹ค.

{
  "annotations": {
    "list": [
      {
        "builtIn": 1,
        "datasource": "-- Grafana --",
        "enable": true,
        "hide": true,
        "iconColor": "rgba(0, 211, 255, 1)",
        "name": "Annotations & Alerts",
        "target": {
          "limit": 100,
          "matchAny": false,
          "tags": [],
          "type": "dashboard"
        },
        "type": "dashboard"
      }
    ]
  },
  "editable": true,
  "fiscalYearStartMonth": 0,
  "graphTooltip": 0,
  "id": 35,
  "iteration": 1662994187189,
  "links": [],
  "liveNow": false,
  "panels": [
    {
      "aliasColors": {},
      "bars": false,
      "dashLength": 10,
      "dashes": false,
      "datasource": {
        "type": "prometheus",
        "uid": "P1809F7CD0C75ACF3"
      },
      "fill": 1,
      "fillGradient": 0,
      "gridPos": {
        "h": 8,
        "w": 24,
        "x": 0,
        "y": 0
      },
      "hiddenSeries": false,
      "id": 6,
      "legend": {
        "avg": false,
        "current": false,
        "max": false,
        "min": false,
        "show": false,
        "total": false,
        "values": false
      },
      "lines": true,
      "linewidth": 2,
      "nullPointMode": "connected",
      "options": {
        "alertThreshold": true
      },
      "percentage": false,
      "pluginVersion": "8.3.3",
      "pointradius": 2,
      "points": false,
      "renderer": "flot",
      "seriesOverrides": [],
      "spaceLength": 10,
      "stack": false,
      "steppedLine": false,
      "targets": [
        {
          "datasource": {
            "type": "prometheus",
            "uid": "P1809F7CD0C75ACF3"
          },
          "exemplar": true,
          "expr": "round(sum(irate(nginx_ingress_controller_requests{ingress=~\"$ingress\"}[2m])) by (ingress), 0.001)",
          "interval": "",
          "legendFormat": "",
          "refId": "A"
        }
      ],
      "thresholds": [],
      "timeRegions": [],
      "title": "Ingress Request Volume",
      "tooltip": {
        "shared": true,
        "sort": 2,
        "value_type": "individual"
      },
      "type": "graph",
      "xaxis": {
        "mode": "time",
        "show": true,
        "values": []
      },
      "yaxes": [
        {
          "$$hashKey": "object:57",
          "format": "reqps",
          "logBase": 1,
          "show": true
        },
        {
          "$$hashKey": "object:58",
          "format": "short",
          "logBase": 1,
          "show": false
        }
      ],
      "yaxis": {
        "align": false
      }
    },
    {
      "aliasColors": {},
      "bars": false,
      "dashLength": 10,
      "dashes": false,
      "datasource": {
        "type": "prometheus",
        "uid": "P1809F7CD0C75ACF3"
      },
      "fill": 1,
      "fillGradient": 0,
      "gridPos": {
        "h": 7,
        "w": 24,
        "x": 0,
        "y": 8
      },
      "hiddenSeries": false,
      "id": 4,
      "legend": {
        "avg": false,
        "current": false,
        "max": false,
        "min": false,
        "show": false,
        "total": false,
        "values": false
      },
      "lines": true,
      "linewidth": 2,
      "nullPointMode": "null",
      "options": {
        "alertThreshold": true
      },
      "percentage": false,
      "pluginVersion": "8.3.3",
      "pointradius": 2,
      "points": false,
      "renderer": "flot",
      "seriesOverrides": [],
      "spaceLength": 10,
      "stack": false,
      "steppedLine": false,
      "targets": [
        {
          "datasource": {
            "type": "prometheus",
            "uid": "P1809F7CD0C75ACF3"
          },
          "exemplar": true,
          "expr": "sum(rate(nginx_ingress_controller_requests{ingress=~\"$ingress\",status!~\"[4-5].*\"}[2m])) by (ingress) / sum(rate(nginx_ingress_controller_requests{ingress=~\"$ingress\"}[2m])) by (ingress)",
          "interval": "10",
          "legendFormat": "{{ingress}}",
          "refId": "A"
        }
      ],
      "thresholds": [],
      "timeRegions": [],
      "title": "Ingress Success Rate (non-4|5xx responses)",
      "tooltip": {
        "shared": true,
        "sort": 0,
        "value_type": "individual"
      },
      "type": "graph",
      "xaxis": {
        "mode": "time",
        "show": true,
        "values": []
      },
      "yaxes": [
        {
          "$$hashKey": "object:222",
          "format": "percentunit",
          "logBase": 1,
          "show": true
        },
        {
          "$$hashKey": "object:223",
          "format": "short",
          "logBase": 1,
          "show": false
        }
      ],
      "yaxis": {
        "align": false
      }
    },
    {
      "datasource": {
        "type": "loki",
        "uid": "P982945308D3682D1"
      },
      "gridPos": {
        "h": 14,
        "w": 24,
        "x": 0,
        "y": 15
      },
      "id": 2,
      "options": {
        "dedupStrategy": "none",
        "enableLogDetails": true,
        "prettifyLogMessage": false,
        "showCommonLabels": false,
        "showLabels": false,
        "showTime": false,
        "sortOrder": "Descending",
        "wrapLogMessage": false
      },
      "pluginVersion": "8.3.3",
      "targets": [
        {
          "datasource": {
            "type": "loki",
            "uid": "P982945308D3682D1"
          },
          "expr": "{namespace=~\"ingress-nginx|ingress-nginx-internal\"} | pattern `<ingress> \"<method> <_> <_>\" <status> <_> <_> \"<_>\" <_>`| status=~\"[4-5].*\" | ingress=\"$ingress\"",
          "instant": false,
          "range": true,
          "refId": "log"
        }
      ],
      "title": "Http 4-5xx",
      "type": "logs"
    }
  ],
  "schemaVersion": 34,
  "style": "dark",
  "tags": [],
  "templating": {
    "list": [
      {
        "current": {
          "selected": false,
          "text": "shop-ingress",
          "value": "shop-ingress"
        },
        "datasource": {
          "type": "prometheus",
          "uid": "P1809F7CD0C75ACF3"
        },
        "definition": "label_values(ingress) ",
        "hide": 0,
        "includeAll": true,
        "label": "ingress",
        "multi": false,
        "name": "ingress",
        "options": [],
        "query": {
          "query": "label_values(ingress) ",
          "refId": "StandardVariableQuery"
        },
        "refresh": 1,
        "regex": "",
        "skipUrlSync": false,
        "sort": 2,
        "type": "query"
      }
    ]
  },
  "time": {
    "from": "now-12h",
    "to": "now"
  },
  "timepicker": {},
  "timezone": "",
  "title": "Loggging",
  "uid": "A-3q5wMVz",
  "version": 9,
  "weekStart": ""
}

log-format vs log-format-upstream

์•„์ง ์ž˜ ๋ชจ๋ฅด๋Š”๋ฐ ์ด ๋‹ค์ด์–ด๊ทธ๋žจ์ด ์ข€ ๋„์›€์ด ๋˜๋Š”๋“ฏ.

์ด๊ฑธ ํ•œ๋ฒˆ ์ž˜ ์ฝ์–ด๋ด์•ผ๊ฒŸ๋‹ค. https://www.nginx.com/blog/logging-upstream-nginx-traffic-cdn77/ ๊ทธ๋‚˜์ €๋‚˜ ingress-nginx๋Š” ์™œ upstream๋กœ๊ทธ๋ฅผ ๊ธฐ๋ณธ์œผ๋กœ ์‚ฌ์šฉํ• ๊ฐ€? ํ”„๋ก์‹œ๋‹ˆ๊นŒ ๋งž๋Š”๊ฒƒ๋„ ๊ฐ™๊ณ ...

helmchart ์‚ฌ์šฉ์ค‘ configmap์„ค์ •

helmchart๋ฅผ ์‚ฌ์šฉ์ค‘์— configmap์„ ์„ค์ •ํ•ด์•ผํ•˜๋Š” ๊ฒฝ์šฐ๊ฐ€ ์žˆ๋‹ค. ๋งค๋‰ด์–ผ๋“ฑ์ด ์ „๋ถ€ configmap๋งŒ ๋‚˜์˜ค๋ฉด ๋‹ค์Œ์ฒ˜๋Ÿผ ํ•˜์ž.

helm chart ์— config์— ์„ค์ •์„ ๋„ฃ์œผ๋ฉด ๋œ๋‹ค.

# Will add custom configuration options to Nginx https://kubernetes.github.io/ingress-nginx/user-guide/nginx-configuration/configmap/
config:
  enable-underscores-in-headers: on

์—ฌ๊ธฐ์— ์‚ฌ์šฉํ• ์ˆ˜ ์žˆ๋Š” ํ•ญ๋ชฉ๋“ค์€ ๋‹ค์Œ ํŽ˜์ด์ง€์—์„œ ํ™•์ธํ•œ๋‹ค.

https://kubernetes.github.io/ingress-nginx/user-guide/nginx-configuration/configmap/#configuration-options

๊ฝค ๋งŽ์€ ์˜ต์…˜๋“ค์ด ์—ฌ๊ธฐ์—์„œ ์ฒ˜๋ฆฌํ• ์ˆ˜ ์žˆ๋‹ค.

values ํŒŒ์ผ์„ ๋ณ€๊ฒฝํ›„ argocd์—์„œ ๋กœ๋”ฉ์„ ํ•˜๊ฑฐ๋‚˜ ์ ์šฉ์„ ํ•˜๋ฉด pod์— ์ž๋™์œผ๋กœ config๊ฐ€ reload๊ฐ€ ๋œ๋‹ค. ์ค‘์š”ํ•œ๊ฒƒ์€ pod๊ฐ€ ์žฌ์‹œ์ž‘ ๋˜์ง€ ์•Š๋Š”๋‹ค. ์„ค์ •๋งŒ ์ž๋™์œผ๋กœ ๋ฆฌ๋กœ๋“œ ๋œ๋‹ค.

๋งŒ์•ฝ ์„ค์ •์ด ์ž˜๋ชป๋˜๋ฉด test fail ๋‚˜๋ฉด์„œ ๋ฆฌ๋กœ๋”ฉ ํ•˜์ง€ ์•Š๋Š”๋‹ค.

todo

  • log-format-upstream ๊ณผ log-format์˜ ์ฐจ์ด์  ํŒŒ์•…ํ•˜๊ธฐ

  • dashboard๋ฅผ kube-prometheus์—์„œ ๋„ฃ์–ด์ค˜์•ผํ•œ๋‹ค.

Last updated

Was this helpful?