Support k8s objects variables in log format

Co-authored-by: Mike Stephen <[email protected]>
Co-authored-by: Dean Coakley <[email protected]>

docs-web/configuration/global-configuration/configmap-resource.md

@@ -205,7 +205,7 @@ See the doc about [VirtualServer and VirtualServerRoute resources](/nginx-ingres
    * - ``log-format``
      - Sets the custom `log format <https://nginx.org/en/docs/http/ngx_http_log_module.html#log_format>`_ for HTTP and HTTPS traffic. For convenience, it is possible to define the log format across multiple lines (each line separated by ``\n``). In that case, the Ingress Controller will replace every ``\n`` character with a space character. All ``'`` characters must be escaped.
      - See the `template file <https://github.com/nginxinc/kubernetes-ingress/blob/master/internal/configs/version1/nginx.tmpl>`_ for the access log.
-     - 
+     - `Custom Log Format <https://github.com/nginxinc/kubernetes-ingress/tree/update-log-format/examples/custom-log-format>`_.
    * - ``log-format-escaping``
      - Sets the characters escaping for the variables of the log format. Supported values: ``json`` (JSON escaping), ``default`` (the default escaping) ``none`` (disables escaping).
      - ``default``

examples/custom-log-format/README.md

@@ -0,0 +1,22 @@
+# Custom NGINX log format
+
+This example lets you set the log-format for NGINX using the configmap reosurce 
+
+```yaml 
+kind: ConfigMap
+apiVersion: v1
+metadata:
+  name: nginx-config
+data:
+  log-format: |
+      compression '$remote_addr - $remote_user [$time_local] '
+                       '"$request" $status $bytes_sent '
+                       '"$http_referer" "$http_user_agent" "$gzip_ratio"'
+```
+
+In addition to the built-in NGINX variables, you can also use the variables that the Ingress Controller configures:
+
+- $resource_type - The type of k8s resource. 
+- $resource_name - The name of the k8s resource
+- $resource_namespace - The namespace the resource exists in.
+- $service - The service that exposes the resource.

internal/configs/ingress.go

@@ -200,7 +200,7 @@ func generateNginxCfg(ingEx *IngressEx, pems map[string]string, apResources map[
 			ssl := isSSLEnabled(sslServices[path.Backend.ServiceName], cfgParams, staticParams)
 			proxySSLName := generateProxySSLName(path.Backend.ServiceName, ingEx.Ingress.Namespace)
 			loc := createLocation(pathOrDefault(path.Path), upstreams[upsName], &cfgParams, wsServices[path.Backend.ServiceName], rewrites[path.Backend.ServiceName],
-				ssl, grpcServices[path.Backend.ServiceName], proxySSLName, path.PathType)
+				ssl, grpcServices[path.Backend.ServiceName], proxySSLName, path.PathType, path.Backend.ServiceName)
 			if isMinion && ingEx.JWTKey.Name != "" {
 				loc.JWTAuth = &version1.JWTAuth{
 					Key:   jwtKeyFileName,
@@ -230,7 +230,7 @@ func generateNginxCfg(ingEx *IngressEx, pems map[string]string, apResources map[
 			pathtype := networking.PathTypePrefix
 
 			loc := createLocation(pathOrDefault("/"), upstreams[upsName], &cfgParams, wsServices[ingEx.Ingress.Spec.Backend.ServiceName], rewrites[ingEx.Ingress.Spec.Backend.ServiceName],
-				ssl, grpcServices[ingEx.Ingress.Spec.Backend.ServiceName], proxySSLName, &pathtype)
+				ssl, grpcServices[ingEx.Ingress.Spec.Backend.ServiceName], proxySSLName, &pathtype, ingEx.Ingress.Spec.Backend.ServiceName)
 			locations = append(locations, loc)
 
 			if cfgParams.HealthCheckEnabled {
@@ -280,7 +280,7 @@ func generateIngressPath(path string, pathType *networking.PathType) string {
 	return path
 }
 
-func createLocation(path string, upstream version1.Upstream, cfg *ConfigParams, websocket bool, rewrite string, ssl bool, grpc bool, proxySSLName string, pathType *networking.PathType) version1.Location {
+func createLocation(path string, upstream version1.Upstream, cfg *ConfigParams, websocket bool, rewrite string, ssl bool, grpc bool, proxySSLName string, pathType *networking.PathType, serviceName string) version1.Location {
 	loc := version1.Location{
 		Path:                 generateIngressPath(path, pathType),
 		Upstream:             upstream,
@@ -298,6 +298,7 @@ func createLocation(path string, upstream version1.Upstream, cfg *ConfigParams,
 		ProxyMaxTempFileSize: cfg.ProxyMaxTempFileSize,
 		ProxySSLName:         proxySSLName,
 		LocationSnippets:     cfg.LocationSnippets,
+		ServiceName:          serviceName,
 	}
 
 	return loc

internal/configs/ingress_test.go

@@ -206,6 +206,7 @@ func createExpectedConfigForCafeIngressEx() version1.IngressNginxConfig {
 				Locations: []version1.Location{
 					{
 						Path:                "/coffee",
+						ServiceName:         "coffee-svc",
 						Upstream:            coffeeUpstream,
 						ProxyConnectTimeout: "60s",
 						ProxyReadTimeout:    "60s",
@@ -216,6 +217,7 @@ func createExpectedConfigForCafeIngressEx() version1.IngressNginxConfig {
 					},
 					{
 						Path:                "/tea",
+						ServiceName:         "tea-svc",
 						Upstream:            teaUpstream,
 						ProxyConnectTimeout: "60s",
 						ProxyReadTimeout:    "60s",
@@ -610,6 +612,7 @@ func createExpectedConfigForMergeableCafeIngress() version1.IngressNginxConfig {
 				Locations: []version1.Location{
 					{
 						Path:                "/coffee",
+						ServiceName:         "coffee-svc",
 						Upstream:            coffeeUpstream,
 						ProxyConnectTimeout: "60s",
 						ProxyReadTimeout:    "60s",
@@ -628,6 +631,7 @@ func createExpectedConfigForMergeableCafeIngress() version1.IngressNginxConfig {
 					},
 					{
 						Path:                "/tea",
+						ServiceName:         "tea-svc",
 						Upstream:            teaUpstream,
 						ProxyConnectTimeout: "60s",
 						ProxyReadTimeout:    "60s",
@@ -710,6 +714,7 @@ func createExpectedConfigForCrossNamespaceMergeableCafeIngress() version1.Ingres
 				Locations: []version1.Location{
 					{
 						Path:                "/coffee",
+						ServiceName:         "coffee-svc",
 						Upstream:            coffeeUpstream,
 						ProxyConnectTimeout: "60s",
 						ProxyReadTimeout:    "60s",
@@ -728,6 +733,7 @@ func createExpectedConfigForCrossNamespaceMergeableCafeIngress() version1.Ingres
 					},
 					{
 						Path:                "/tea",
+						ServiceName:         "tea-svc",
 						Upstream:            teaUpstream,
 						ProxyConnectTimeout: "60s",
 						ProxyReadTimeout:    "60s",

internal/configs/transportserver.go

@@ -49,6 +49,8 @@ func generateTransportServerConfig(transportServerEx *TransportServerEx, listene
 			ProxyRequests:  proxyRequests,
 			ProxyResponses: proxyResponses,
 			ProxyPass:      upstreamNamer.GetNameForUpstream(transportServerEx.TransportServer.Spec.Action.Pass),
+			Name:           transportServerEx.TransportServer.Name,
+			Namespace:      transportServerEx.TransportServer.Namespace,
 		},
 		Upstreams: upstreams,
 	}

internal/configs/transportserver_test.go

@@ -110,6 +110,8 @@ func TestGenerateTransportServerConfigForTCP(t *testing.T) {
 			UDP:        false,
 			StatusZone: "tcp-listener",
 			ProxyPass:  "ts_default_tcp-server_tcp-app",
+			Name:       "tcp-server",
+			Namespace:  "default",
 		},
 	}
 
@@ -178,6 +180,8 @@ func TestGenerateTransportServerConfigForUDP(t *testing.T) {
 			ProxyRequests:  &udpRequests,
 			ProxyResponses: &udpResponses,
 			ProxyPass:      "ts_default_udp-server_udp-app",
+			Name:           "udp-server",
+			Namespace:      "default",
 		},
 	}
 

internal/configs/version1/config.go

@@ -136,6 +136,7 @@ type Location struct {
 	ProxyMaxTempFileSize string
 	ProxySSLName         string
 	JWTAuth              *JWTAuth
+	ServiceName          string
 
 	MinionIngress *Ingress
 }

internal/configs/version1/nginx-plus.ingress.tmpl

@@ -60,6 +60,10 @@ server {
 
 	status_zone {{$server.StatusZone}};
 
+	set $resource_type "ingress";
+	set $resource_name "{{$.Ingress.Name}}";
+	set $resource_namespace "{{$.Ingress.Namespace}}";
+
 	{{- if $server.AppProtectEnable}}
 	app_protect_enable {{$server.AppProtectEnable}};
 	{{if $server.AppProtectPolicy}}app_protect_policy_file {{$server.AppProtectPolicy}};{{end}}
@@ -143,8 +147,11 @@ server {
 
 	{{range $location := $server.Locations}}
 	location {{$location.Path}} {
+		set $service "{{$location.ServiceName}}";
 		{{with $location.MinionIngress}}
 		# location for minion {{$location.MinionIngress.Namespace}}/{{$location.MinionIngress.Name}}
+		set $resource_name "{{$location.MinionIngress.Name}}";
+		set $resource_namespace "{{$location.MinionIngress.Namespace}}";
 		{{end}}
 		{{if $location.GRPC}}
 		{{if not $server.GRPCOnly}}

internal/configs/version1/nginx-plus.tmpl

@@ -44,7 +44,11 @@ http {
     {{- else -}}
     log_format  main  '$remote_addr - $remote_user [$time_local] "$request" '
                       '$status $body_bytes_sent "$http_referer" '
-                      '"$http_user_agent" "$http_x_forwarded_for"';
+                      '"$http_user_agent" "$http_x_forwarded_for" '
+                      'resource_type="$resource_type" '
+                      'resource_name="$resource_name" '
+                      'resource_namespace="$resource_namespace" '
+                      'service="$service"';
     {{- end}}
 
     {{if .AccessLogOff}}
@@ -106,6 +110,10 @@ http {
     server {
         # required to support the Websocket protocol in VirtualServer/VirtualServerRoutes
         set $default_connection_header "";
+        set $resource_type "";
+        set $resource_name "";
+        set $resource_namespace "";
+        set $service "";
 
         listen 80 default_server{{if .ProxyProtocol}} proxy_protocol{{end}};
 

internal/configs/version1/nginx.ingress.tmpl

@@ -1,5 +1,4 @@
 # configuration for {{.Ingress.Namespace}}/{{.Ingress.Name}}
-
 {{range $upstream := .Upstreams}}
 upstream {{$upstream.Name}} {
 	{{if ne $upstream.UpstreamZoneSize "0"}}zone {{$upstream.Name}} {{$upstream.UpstreamZoneSize}};{{end}}
@@ -43,6 +42,10 @@ server {
 
 	server_name {{$server.Name}};
 
+	set $resource_type "ingress";
+	set $resource_name "{{$.Ingress.Name}}";
+	set $resource_namespace "{{$.Ingress.Namespace}}";
+
 	{{range $proxyHideHeader := $server.ProxyHideHeaders}}
 	proxy_hide_header {{$proxyHideHeader}};{{end}}
 	{{range $proxyPassHeader := $server.ProxyPassHeaders}}
@@ -85,8 +88,11 @@ server {
 
 	{{range $location := $server.Locations}}
 	location {{$location.Path}} {
+		set $service "{{$location.ServiceName}}"; 
 		{{with $location.MinionIngress}}
 		# location for minion {{$location.MinionIngress.Namespace}}/{{$location.MinionIngress.Name}}
+		set $resource_name "{{$location.MinionIngress.Name}}";
+		set $resource_namespace "{{$location.MinionIngress.Namespace}}";
 		{{end}}
 		{{if $location.GRPC}}
 		{{if not $server.GRPCOnly}}

internal/configs/version1/nginx.tmpl

@@ -92,6 +92,7 @@ http {
     server {
         # required to support the Websocket protocol in VirtualServer/VirtualServerRoutes
         set $default_connection_header "";
+        set $resource_type "";
 
         listen 80 default_server{{if .ProxyProtocol}} proxy_protocol{{end}};
 

internal/configs/version2/http.go

@@ -70,6 +70,7 @@ type Server struct {
 	IngressMTLS               *IngressMTLS
 	EgressMTLS                *EgressMTLS
 	PoliciesErrorReturn       *Return
+	Namespace                 string
 }
 
 // SSL defines SSL configuration for a server.
@@ -138,6 +139,10 @@ type Location struct {
 	JWTAuth                  *JWTAuth
 	EgressMTLS               *EgressMTLS
 	PoliciesErrorReturn      *Return
+	ServiceName              string
+	IsVSR                    bool
+	VSRName                  string
+	VSRNamespace             string
 }
 
 // ReturnLocation defines a location for returning a fixed response.

internal/configs/version2/nginx-plus.transportserver.tmpl

@@ -12,6 +12,10 @@ upstream {{ $u.Name }} {
 
 {{ $s := .Server }}
 server {
+    set $resource_type "transportserver";
+    set $resource_name "{{$s.Name}}";
+    set $resource_namespace "{{$s.Namespace}}";
+
     {{ if $s.TLSPassthrough }}
     listen {{ $s.UnixSocket }} proxy_protocol;
     set_real_ip_from unix:;

internal/configs/version2/nginx-plus.virtualserver.tmpl

@@ -61,6 +61,10 @@ server {
     server_name {{ $s.ServerName }};
     status_zone {{ $s.StatusZone }};
 
+    set $resource_type "virtualserver";
+    set $resource_name "{{$s.ServerName}}";
+    set $resource_namespace "{{$s.Namespace}}";
+
     {{ with $ssl := $s.SSL }}
         {{ if $s.TLSPassthrough }}
     listen unix:/var/lib/nginx/passthrough-https.sock{{ if $ssl.HTTP2 }} http2{{ end }} proxy_protocol;
@@ -207,6 +211,13 @@ server {
 
     {{ range $l := $s.Locations }}
     location {{ $l.Path }} {
+        set $service "{{ $l.ServiceName }}";
+        {{ if $l.IsVSR }}
+        set $resource_type "virtualserverroute";
+        set $resource_name "{{ $l.VSRName }}";
+        set $resource_namespace "{{ $l.VSRNamespace }}";
+        {{ end }}
+
         {{ if $l.Internal }}
         internal;
         {{ end }}

internal/configs/version2/nginx.transportserver.tmpl

@@ -12,6 +12,9 @@ upstream {{ $u.Name }} {
 
 {{ $s := .Server }}
 server {
+    set $resource_type "transportserver";
+    set $resource_name "{{$s.Name}}";
+    set $resource_namespace "{{$s.Namespace}}";
     {{ if $s.TLSPassthrough }}
     listen {{ $s.UnixSocket }} proxy_protocol;
     set_real_ip_from unix:;

internal/configs/version2/nginx.virtualserver.tmpl

@@ -44,6 +44,11 @@ server {
 
     server_name {{ $s.ServerName }};
 
+    set $resource_type "virtualserver";
+    set $resource_name "{{$s.ServerName}}";
+    set $resource_namespace "{{$s.Namespace}}";
+
+
     {{ with $ssl := $s.SSL }}
         {{ if $s.TLSPassthrough }}
     listen unix:/var/lib/nginx/passthrough-https.sock{{ if $ssl.HTTP2 }} http2{{ end }} proxy_protocol;
@@ -171,6 +176,7 @@ server {
 
     {{ range $l := $s.Locations }}
     location {{ $l.Path }} {
+        set $service "{{$l.ServiceName}}";
         {{ if $l.Internal }}
         internal;
         {{ end }}

internal/configs/version2/stream.go

@@ -27,6 +27,8 @@ type StreamServer struct {
 	ProxyRequests  *int
 	ProxyResponses *int
 	ProxyPass      string
+	Name           string
+	Namespace      string
 }
 
 // TLSPassthroughHostsConfig defines a mapping between TLS Passthrough hosts and the corresponding unix sockets.