- be logged in and has RBAC to edit
- Installation using default
- Optional
- Installed kubectl-neat to view configuration clean
See that has no
loggingsection
$ oc get ingresscontroller default -oyaml -n openshift-ingress-operator | kubectl-neat
apiVersion: operator.openshift.io/v1
kind: IngressController
metadata:
name: default
namespace: openshift-ingress-operator
spec:
clientTLS:
clientCA:
name: ""
clientCertificatePolicy: ""
httpEmptyRequestsPolicy: Respond
httpErrorCodePages:
name: ""
nodePlacement:
nodeSelector:
matchLabels:
node-role.kubernetes.io/infra: ""
tolerations:
- effect: NoSchedule
key: node-role.kubernetes.io/infra
operator: Exists
replicas: 1
unsupportedConfigOverrides: nullcheck that has NO sidecars:
1/1
$ oc get pod -n openshift-ingress
NAME READY STATUS RESTARTS AGE
router-default-c74c8dc88-wbzct 1/1 Running 0 96sthe label used to select the pod was know using the --show-labels
$ oc -n openshift-ingress logs -f $(oc get pod -n openshift-ingress -l ingresscontroller.operator.openshift.io/deployment-ingresscontroller=default -oname)
I1006 14:03:07.626483 1 template.go:437] router "msg"="starting router" "version"="majorFromGit: \nminorFromGit: \ncommitFromGit: 11109e4028b69749d6f842a4da682916e0d91d2f\nversionFromGit: 4.0.0-370-
... full log ommited
% formatssee here: http://cbonte.github.io/haproxy-dconv/2.2/configuration.html#8.2.3Adding logging section
$ oc edit ingresscontroller default -n openshift-ingress-operator
logging:
access:
destination:
type: Container
httpLogFormat: '{"type":"router-log","log_format":"http","nodename":"%H","timestamp":"%[date,ltime(%Y/%m/%d %T)]","http_method":"%HM","url":"http://%[capture.req.hdr(0)]%HU","user-agent":"%[capture.req.hdr(1)]","x-forwarded-for":"%ci","x-forwarded-proto":"%[capture.req.hdr(3)]","response_time":%Tr,"TR":%TR,"Tw":%Tw,"Ta":%Ta,"status_code":%ST,"client_ip":"%ci","client_port":%cp,"bytes_uploaded":%U,"server_ip":"%si","server_port":"%sp","backend_name":"%b","backend_server":"%s","retries":%rc,"bytes_read":%B,"upstream_connect_time":%Tc,"session_duration":%Tt,"termination_state":"%ts"}'the new pod has sidecars:
2/2
# wait terminating the old pod
$ oc get pod -n openshift-ingress
NAME READY STATUS RESTARTS AGE
router-default-65b6cf677c-zl7rz 2/2 Running 0 18s
router-default-c74c8dc88-wbzct 1/1 Terminating 0 11m
$ oc get pod -n openshift-ingress
NAME READY STATUS RESTARTS AGE
router-default-65b6cf677c-zl7rz 2/2 Running 0 109s
# now you HAVE TO SELECT the container! using `-c logs`
$ oc -n openshift-ingress logs -f $(oc get pod -n openshift-ingress -l ingresscontroller.operator.openshift.io/deployment-ingresscontroller=default -oname)
error: a container name must be specified for pod router-default-65b6cf677c-zl7rz, choose one of: [router logs]
$ oc -n openshift-ingress logs -f $(oc get pod -n openshift-ingress -l ingresscontroller.operator.openshift.io/deployment-ingresscontroller=default -oname) -c logs
rsyslogd 8.1911.0-7.el8_4.3: running as pid 1, enabling container-specific defaults, press ctl-c to terminate rsyslog
2022-10-06T14:14:11.561994+00:00 example-vd27b-infra-f2sjx example-vd27b-infra-f2sjx haproxy[24]: Proxy public started.
... full log ommited
# you can grep..
$ oc -n openshift-ingress logs -f $(oc get pod -n openshift-ingress -l ingresscontroller.operator.openshift.io/deployment-ingresscontroller=default -oname) -c logs | grep '{"type"'
2022-10-06T14:14:11.580194+00:00 example-vd27b-infra-f2sjx example-vd27b-infra-f2sjx haproxy[26]: {"type":"router-log","log_format":"http","nodename":"example-vd27b-infra-f2sjx","timestamp":"2022/10/06 14:14:11","http_method":"HEAD","url":"http://-/","user-agent":"-","x-forwarded-for":"127.0.0.1","x-forwarded-proto":"-","response_time":-1,"TR":0,"Tw":-1,"Ta":0,"status_code":503,"client_ip":"127.0.0.1","client_port":57838,"bytes_uploaded":73,"server_ip":"-","server_port":"-","backend_name":"openshift_default","backend_server":"<NOSRV>","retries":0,"bytes_read":157,"upstream_connect_time":-1,"session_duration":0,"termination_state":"SC"}
2022-10-06T14:14:24.293018+00:00 example-vd27b-infra-f2sjx example-vd27b-infra-f2sjx haproxy[26]: {"type":"router-log","log_format":"http","nodename":"example-vd27b-infra-f2sjx","timestamp":"2022/10/06 14:14:24","http_method":"GET","url":"http://-/api/alertmanager/api/v2/silences","user-agent":"-","x-forwarded-for":"10.203.7.196","x-forwarded-proto":"-","response_time":5,"TR":0,"Tw":0,"Ta":12,"status_code":200,"client_ip":"10.203.7.196","client_port":59028,"bytes_uploaded":1317,"server_ip":"10.148.1.29","server_port":"8443","backend_name":"be_secure:openshift-console:console-custom","backend_server":"pod:console-c89798c79-ndnks:console:https:10.148.1.29:8443","retries":0,"bytes_read":404,"upstream_connect_time":7,"session_duration":75,"termination_state":"--"}$ oc version
Client Version: 4.10.32
Server Version: 4.10.22
Kubernetes Version: v1.23.5+3afdacb$ oc exec $(oc get pod -n openshift-ingress -l ingresscontroller.operator.openshift.io/deployment-ingresscontroller=default -oname) -- haproxy -v
Defaulted container "router" out of: router, logs
HA-Proxy version 2.2.19-7ea3822 2021/11/29 - https://haproxy.org/
Status: long-term supported branch - will stop receiving fixes around Q2 2025.
Known bugs: http://www.haproxy.org/bugs/bugs-2.2.19.html
Running on: Linux 4.18.0-305.49.1.el8_4.x86_64 #1 SMP Wed May 11 09:47:48 EDT 2022 x86_64- https://stackoverflow.com/questions/48519103/how-to-get-access-logs-from-openshift-router-haproxy
- https://stackoverflow.com/questions/72003367/haproxy-logging-at-time-of-request-time-of-response
- https://alexandre-vazquez.com/how-to-enable-access-logs-on-openshift-default-routes/
- https://access.redhat.com/solutions/6216911
- https://docs.openshift.com/container-platform/4.10/networking/ingress-operator.html#nw-configure-ingress-access-logging_configuring-ingress