-
Notifications
You must be signed in to change notification settings - Fork 4.9k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
feat(accesslogs): allow filter accesslogs by service names whitelist #10488
base: master
Are you sure you want to change the base?
feat(accesslogs): allow filter accesslogs by service names whitelist #10488
Conversation
Hello @ttys3, Thanks for this contribution! As this would be an enhancement, the changes should target the master branch for the next v3 minor version. Could you please rebase it? Should the filtering of access logs be configurable statically, at least only, since services are dynamic resources? |
ef1a40d
to
29b7dba
Compare
rebased and change target to master Yes, I agree that static array filters would be a little not extenable. I'd glad to change it from so people could use regex to match service names, but compared to static array filters, this will need a little more cpu. do you think it is better to change it to regex ? |
Hello @ttys3, I was implying that the current option is static, meaning the configuration won't change at runtime and that this could be a limitation because one could not often dress the list of service names before they exist. Also, with some providers, the service name is determined automatically, so it would be difficult to list them beforehand (even with regular expression support). |
do you mean use access-logs as dynamic middleware ? like this: ## Dynamic configuration
http:
serversTransports:
mytransport-google:
insecureSkipVerify: true
serverName: "www.google.com"
mytransport-bing:
insecureSkipVerify: true
serverName: "www.bing.com"
middlewares:
compress:
compress: {}
access-log-foo:
accessLog:
filePath: "/tmp/access-foo.log"
format: json
access-log-common:
accessLog:
filePath: "/tmp/access.log"
format: json
services:
service1:
loadBalancer:
passHostHeader: false
serversTransport: mytransport-google
servers:
- url: "https://www.google.com"
service2:
loadBalancer:
passHostHeader: false
serversTransport: mytransport-bing
servers:
- url: "https://www.bing.com"
service3:
loadBalancer:
servers:
- url: "https://example.com"
routers:
router1:
entryPoints:
- web
service: service1
rule: "Host(`bing.example.com`)"
middlewares:
- compress
- access-log-foo
router2:
entryPoints:
- web
service: service2
rule: "Host(`google.example.com`)"
middlewares:
- compress
- access-log-foo
- access-log-common
router3:
entryPoints:
- web
service: service3
rule: "Host(`hello.example.com`)"
middlewares:
- compress service1 and service2 has access log enabled. service3 does not. |
Hello @ttys3, No, it shouldn't be an access-log middleware, my suggestion is to be able to opt-out inside the service configuration, with something like: services:
service1:
accesslogs: false I apologize for the misunderstanding, I should have been more specific in my proposal. |
the problem is but in dynamic provider, like consul, according to the doc https://doc.traefik.io/traefik/v3.0/routing/providers/consul-catalog/#services for example, we must config a tag(label) like this:
for example
the problem is, is this OK to write the |
What does this PR do?
Enhancements
allow filter accesslogs by service names whitelist
like this:
Motivation
we have traefik which proxy api requests to all kinds of service, its a very heavy server, we do not want traefik write all the logs, only a few kind of important service we want access logs.
currently there's no way to filter like this in traefik.
More
Additional Notes