Hi, I want to change the access log timestamp for the access log, following this, I use two methods separately to pass the static configuration: from the command-line arguement(--accesslog.fields.names.StartUTC=drop) and the environment variable(TRAEFIK_ACCESSLOG_FIELDS_NAMES_StartUTC), and both have the "TZ" env set to my local timezone(CST). The former(i.e, the command-line arguement) works as expect, the access log timestamps are all change to CST, but the later(i,e, from env) mix with CST and UTC.
My manifests are as follows:
- rbac manifest, named "rbac.yaml":
---
apiVersion: v1
kind: Namespace
metadata:
name: traefik
---
kind: ServiceAccount
apiVersion: v1
metadata:
name: traefik
namespace: traefik
---
kind: ClusterRole
apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: traefik
rules:
- apiGroups:
- ""
resources:
- services
- endpoints
- secrets
verbs:
- get
- list
- watch
- apiGroups:
- extensions
- networking.k8s.io
resources:
- ingresses
- ingressclasses
verbs:
- get
- list
- watch
- apiGroups:
- extensions
- networking.k8s.io
resources:
- ingresses/status
verbs:
- update
- apiGroups:
- traefik.containo.us
resources:
- ingressroutes
- ingressroutetcps
- ingressrouteudps
- middlewares
- middlewaretcps
- tlsoptions
- tlsstores
- traefikservices
- serverstransports
verbs:
- get
- list
- watch
---
kind: ClusterRoleBinding
apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: traefik
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: traefik
subjects:
- kind: ServiceAccount
name: traefik
namespace: traefik
- environment file from which the configmap create from, named "traefik-env"
TZ=Asia/Shanghai
# --accesslog
TRAEFIK_ACCESSLOG=true
# --accesslog.fields.defaultmode
TRAEFIK_ACCESSLOG_FIELDS_DEFAULTMODE=keep
# --accesslog.fields.headers.defaultmode
TRAEFIK_ACCESSLOG_FIELDS_HEADERS_DEFAULTMODE=drop
# --accesslog.fields.names.StartUTC
TRAEFIK_ACCESSLOG_FIELDS_NAMES_StartUTC=drop
# --entrypoints.metrics.address
TRAEFIK_ENTRYPOINTS_METRICS_ADDRESS=:9100/tcp
# --entrypoints.traefik.address
TRAEFIK_ENTRYPOINTS_TRAEFIK_ADDRESS=:9000/tcp
# --entrypoints.web.address
TRAEFIK_ENTRYPOINTS_WEB_ADDRESS=:8000/tcp
# --entrypoints.websecure.address
TRAEFIK_ENTRYPOINTS_WEBSECURE_ADDRESS=:8443/tcp
# --api.dashboard
TRAEFIK_API_DASHBOARD=true
# --api.debug
TRAEFIK_API_DEBUG=true
# --log.level
TRAEFIK_LOG_LEVEL=DEBUG
# --ping
TRAEFIK_PING=true
# --metrics.prometheus
TRAEFIK_METRICS_PROMETHEUS=true
# --metrics.prometheus.entrypoint
TRAEFIK_METRICS_PROMETHEUS_ENTRYPOINT=metrics
# --providers.kubernetescrd
TRAEFIK_PROVIDERS_KUBERNETESCRD=true
# --providers.kubernetesingress
TRAEFIK_PROVIDERS_KUBERNETESINGRESS=true
- the daemonset refers to the configmap(traefik-configs-env), named "daemonset-env.yaml"
---
apiVersion: apps/v1
kind: DaemonSet
metadata:
labels:
app.kubernetes.io/instance: traefik
app.kubernetes.io/name: traefik
name: traefik
namespace: traefik
spec:
selector:
matchLabels:
app.kubernetes.io/instance: traefik
app.kubernetes.io/name: traefik
template:
metadata:
annotations:
prometheus.io/path: /metrics
prometheus.io/port: "9100"
prometheus.io/scrape: "true"
labels:
app.kubernetes.io/instance: traefik
app.kubernetes.io/name: traefik
spec:
containers:
- name: traefik
image: docker.io/library/traefik:v2.7.0
imagePullPolicy: IfNotPresent
envFrom:
- configMapRef:
name: traefik-configs-env
livenessProbe:
failureThreshold: 3
httpGet:
path: /ping
port: 9000
scheme: HTTP
initialDelaySeconds: 10
periodSeconds: 10
successThreshold: 1
timeoutSeconds: 2
ports:
- containerPort: 9100
name: metrics
protocol: TCP
- containerPort: 9000
name: traefik
protocol: TCP
- containerPort: 8000
hostPort: 80
name: web
protocol: TCP
- containerPort: 8443
hostPort: 443
name: websecure
protocol: TCP
readinessProbe:
failureThreshold: 1
httpGet:
path: /ping
port: 9000
scheme: HTTP
initialDelaySeconds: 10
periodSeconds: 10
successThreshold: 1
timeoutSeconds: 2
resources: {}
securityContext:
capabilities:
drop:
- ALL
readOnlyRootFilesystem: true
runAsGroup: 65532
runAsNonRoot: true
runAsUser: 65532
volumeMounts:
- mountPath: /data
name: data
- mountPath: /tmp
name: tmp
dnsPolicy: ClusterFirst
restartPolicy: Always
securityContext:
fsGroup: 65532
serviceAccount: traefik
serviceAccountName: traefik
terminationGracePeriodSeconds: 60
volumes:
- emptyDir: {}
name: data
- emptyDir: {}
name: tmp
- the daemonset pass static configuration with cli, named "daemonset-cli.yaml"
---
apiVersion: apps/v1
kind: DaemonSet
metadata:
labels:
app.kubernetes.io/instance: traefik
app.kubernetes.io/name: traefik
name: traefik
namespace: traefik
spec:
revisionHistoryLimit: 10
selector:
matchLabels:
app.kubernetes.io/instance: traefik
app.kubernetes.io/name: traefik
template:
metadata:
annotations:
prometheus.io/path: /metrics
prometheus.io/port: "9100"
prometheus.io/scrape: "true"
creationTimestamp: null
labels:
app.kubernetes.io/instance: traefik
app.kubernetes.io/name: traefik
spec:
containers:
- args:
- --entrypoints.metrics.address=:9100/tcp
- --entrypoints.traefik.address=:9000/tcp
- --entrypoints.web.address=:8000/tcp
- --entrypoints.websecure.address=:8443/tcp
- --api.dashboard=true
- --ping=true
- --metrics.prometheus=true
- --metrics.prometheus.entrypoint=metrics
- --providers.kubernetescrd
- --providers.kubernetesingress
- --log.level=DEBUG
- --accesslog=true
- --accesslog.fields.defaultmode=keep
- --accesslog.fields.names.StartUTC=drop
- --accesslog.fields.headers.defaultmode=drop
env:
- name: TZ
value: Asia/Shanghai
image: docker.io/library/traefik:v2.7.0
imagePullPolicy: IfNotPresent
livenessProbe:
failureThreshold: 3
httpGet:
path: /ping
port: 9000
scheme: HTTP
initialDelaySeconds: 10
periodSeconds: 10
successThreshold: 1
timeoutSeconds: 2
name: traefik
ports:
- containerPort: 9100
name: metrics
protocol: TCP
- containerPort: 9000
name: traefik
protocol: TCP
- containerPort: 8000
hostPort: 80
name: web
protocol: TCP
- containerPort: 8443
hostPort: 443
name: websecure
protocol: TCP
readinessProbe:
failureThreshold: 1
httpGet:
path: /ping
port: 9000
scheme: HTTP
initialDelaySeconds: 10
periodSeconds: 10
successThreshold: 1
timeoutSeconds: 2
resources: {}
securityContext:
capabilities:
drop:
- ALL
readOnlyRootFilesystem: true
runAsGroup: 65532
runAsNonRoot: true
runAsUser: 65532
volumeMounts:
- mountPath: /data
name: data
- mountPath: /tmp
name: tmp
dnsPolicy: ClusterFirst
restartPolicy: Always
securityContext:
fsGroup: 65532
serviceAccount: traefik
serviceAccountName: traefik
terminationGracePeriodSeconds: 60
volumes:
- emptyDir: {}
name: data
- emptyDir: {}
name: tmp
My steps:
- grant permissions
# kubectl apply -f rbac.yaml
- create the configmap from the env file
# kubectl -n traefik create configmap traefik-configs-env --from-env-file=traefik-env
- create the daemonset refers to the configmap with "envFrom"
# kubectl apply -f daemonset-env.yaml
- After creating successfully, pick up one pod(e.g, traefik-mtj5g) and check the log, the timestamp mixed with CST and UTC.
# kubectl -n traefik logs -f traefik-mtj5g
time="2022-06-03T09:54:40+08:00" level=debug msg="Authentication succeeded" middlewareName=traefik-traefik-ui-basic-auth@kubernetescrd middlewareType=BasicAuth
time="2022-06-03T09:54:40+08:00" level=debug msg="Removing authorization header" middlewareName=traefik-traefik-ui-basic-auth@kubernetescrd middlewareType=BasicAuth
22.99.22.118 - admin [03/Jun/2022:01:54:40 +0000] "GET /api/overview HTTP/2.0" 200 534 "-" "-" 439 "traefik-traefik-dashboard-2ea68866e9720d881f38@kubernetescrd" "-" 0ms
22.99.22.11 - - [03/Jun/2022:01:54:41 +0000] "GET /ping HTTP/1.1" 200 2 "-" "-" 440 "ping@internal" "-" 0ms
22.99.22.11 - - [03/Jun/2022:01:54:41 +0000] "GET /ping HTTP/1.1" 200 2 "-" "-" 441 "ping@internal" "-" 0ms
Is there something wrong with my settings, could anyone help? thanks.