How to set the timestamp for access log from environment variables?

Hi, I want to change the access log timestamp for the access log, following this, I use two methods separately to pass the static configuration: from the command-line arguement(--accesslog.fields.names.StartUTC=drop) and the environment variable(TRAEFIK_ACCESSLOG_FIELDS_NAMES_StartUTC), and both have the "TZ" env set to my local timezone(CST). The former(i.e, the command-line arguement) works as expect, the access log timestamps are all change to CST, but the later(i,e, from env) mix with CST and UTC.
My manifests are as follows:

  • rbac manifest, named "rbac.yaml":
---
apiVersion: v1
kind: Namespace
metadata:
  name: traefik

---
kind: ServiceAccount
apiVersion: v1
metadata:
  name: traefik
  namespace: traefik

---
kind: ClusterRole
apiVersion: rbac.authorization.k8s.io/v1
metadata:
  name: traefik
rules:
  - apiGroups:
      - ""
    resources:
      - services
      - endpoints
      - secrets
    verbs:
      - get
      - list
      - watch
  - apiGroups:
      - extensions
      - networking.k8s.io
    resources:
      - ingresses
      - ingressclasses
    verbs:
      - get
      - list
      - watch
  - apiGroups:
      - extensions
      - networking.k8s.io
    resources:
      - ingresses/status
    verbs:
      - update
  - apiGroups:
      - traefik.containo.us
    resources:
      - ingressroutes
      - ingressroutetcps
      - ingressrouteudps
      - middlewares
      - middlewaretcps
      - tlsoptions
      - tlsstores
      - traefikservices
      - serverstransports
    verbs:
      - get
      - list
      - watch

---
kind: ClusterRoleBinding
apiVersion: rbac.authorization.k8s.io/v1
metadata:
  name: traefik
roleRef:
  apiGroup: rbac.authorization.k8s.io
  kind: ClusterRole
  name: traefik
subjects:
  - kind: ServiceAccount
    name: traefik
    namespace: traefik
  • environment file from which the configmap create from, named "traefik-env"
    TZ=Asia/Shanghai
# --accesslog
TRAEFIK_ACCESSLOG=true

# --accesslog.fields.defaultmode
TRAEFIK_ACCESSLOG_FIELDS_DEFAULTMODE=keep

# --accesslog.fields.headers.defaultmode
TRAEFIK_ACCESSLOG_FIELDS_HEADERS_DEFAULTMODE=drop

# --accesslog.fields.names.StartUTC
TRAEFIK_ACCESSLOG_FIELDS_NAMES_StartUTC=drop

# --entrypoints.metrics.address
TRAEFIK_ENTRYPOINTS_METRICS_ADDRESS=:9100/tcp

# --entrypoints.traefik.address
TRAEFIK_ENTRYPOINTS_TRAEFIK_ADDRESS=:9000/tcp

# --entrypoints.web.address
TRAEFIK_ENTRYPOINTS_WEB_ADDRESS=:8000/tcp

# --entrypoints.websecure.address
TRAEFIK_ENTRYPOINTS_WEBSECURE_ADDRESS=:8443/tcp

# --api.dashboard
TRAEFIK_API_DASHBOARD=true

# --api.debug
TRAEFIK_API_DEBUG=true

# --log.level
TRAEFIK_LOG_LEVEL=DEBUG

# --ping
TRAEFIK_PING=true

# --metrics.prometheus
TRAEFIK_METRICS_PROMETHEUS=true

# --metrics.prometheus.entrypoint
TRAEFIK_METRICS_PROMETHEUS_ENTRYPOINT=metrics

# --providers.kubernetescrd
TRAEFIK_PROVIDERS_KUBERNETESCRD=true

# --providers.kubernetesingress
TRAEFIK_PROVIDERS_KUBERNETESINGRESS=true
  • the daemonset refers to the configmap(traefik-configs-env), named "daemonset-env.yaml"
---
apiVersion: apps/v1
kind: DaemonSet
metadata:
  labels:
    app.kubernetes.io/instance: traefik
    app.kubernetes.io/name: traefik
  name: traefik
  namespace: traefik
spec:
  selector:
    matchLabels:
      app.kubernetes.io/instance: traefik
      app.kubernetes.io/name: traefik
  template:
    metadata:
      annotations:
        prometheus.io/path: /metrics
        prometheus.io/port: "9100"
        prometheus.io/scrape: "true"
      labels:
        app.kubernetes.io/instance: traefik
        app.kubernetes.io/name: traefik
    spec:
      containers:
      - name: traefik
        image: docker.io/library/traefik:v2.7.0
        imagePullPolicy: IfNotPresent
        envFrom:
        - configMapRef:
            name: traefik-configs-env
        livenessProbe:
          failureThreshold: 3
          httpGet:
            path: /ping
            port: 9000
            scheme: HTTP
          initialDelaySeconds: 10
          periodSeconds: 10
          successThreshold: 1
          timeoutSeconds: 2
        ports:
        - containerPort: 9100
          name: metrics
          protocol: TCP
        - containerPort: 9000
          name: traefik
          protocol: TCP
        - containerPort: 8000
          hostPort: 80
          name: web
          protocol: TCP
        - containerPort: 8443
          hostPort: 443
          name: websecure
          protocol: TCP
        readinessProbe:
          failureThreshold: 1
          httpGet:
            path: /ping
            port: 9000
            scheme: HTTP
          initialDelaySeconds: 10
          periodSeconds: 10
          successThreshold: 1
          timeoutSeconds: 2
        resources: {}
        securityContext:
          capabilities:
            drop:
            - ALL
          readOnlyRootFilesystem: true
          runAsGroup: 65532
          runAsNonRoot: true
          runAsUser: 65532
        volumeMounts:
        - mountPath: /data
          name: data
        - mountPath: /tmp
          name: tmp
      dnsPolicy: ClusterFirst
      restartPolicy: Always
      securityContext:
        fsGroup: 65532
      serviceAccount: traefik
      serviceAccountName: traefik
      terminationGracePeriodSeconds: 60
      volumes:
      - emptyDir: {}
        name: data
      - emptyDir: {}
        name: tmp
  • the daemonset pass static configuration with cli, named "daemonset-cli.yaml"
---
apiVersion: apps/v1
kind: DaemonSet
metadata:
  labels:
    app.kubernetes.io/instance: traefik
    app.kubernetes.io/name: traefik
  name: traefik
  namespace: traefik
spec:
  revisionHistoryLimit: 10
  selector:
    matchLabels:
      app.kubernetes.io/instance: traefik
      app.kubernetes.io/name: traefik
  template:
    metadata:
      annotations:
        prometheus.io/path: /metrics
        prometheus.io/port: "9100"
        prometheus.io/scrape: "true"
      creationTimestamp: null
      labels:
        app.kubernetes.io/instance: traefik
        app.kubernetes.io/name: traefik
    spec:
      containers:
      - args:
        - --entrypoints.metrics.address=:9100/tcp
        - --entrypoints.traefik.address=:9000/tcp
        - --entrypoints.web.address=:8000/tcp
        - --entrypoints.websecure.address=:8443/tcp
        - --api.dashboard=true
        - --ping=true
        - --metrics.prometheus=true
        - --metrics.prometheus.entrypoint=metrics
        - --providers.kubernetescrd
        - --providers.kubernetesingress
        - --log.level=DEBUG
        - --accesslog=true
        - --accesslog.fields.defaultmode=keep
        - --accesslog.fields.names.StartUTC=drop
        - --accesslog.fields.headers.defaultmode=drop
        env:
        - name: TZ
          value: Asia/Shanghai
        image: docker.io/library/traefik:v2.7.0
        imagePullPolicy: IfNotPresent
        livenessProbe:
          failureThreshold: 3
          httpGet:
            path: /ping
            port: 9000
            scheme: HTTP
          initialDelaySeconds: 10
          periodSeconds: 10
          successThreshold: 1
          timeoutSeconds: 2
        name: traefik
        ports:
        - containerPort: 9100
          name: metrics
          protocol: TCP
        - containerPort: 9000
          name: traefik
          protocol: TCP
        - containerPort: 8000
          hostPort: 80
          name: web
          protocol: TCP
        - containerPort: 8443
          hostPort: 443
          name: websecure
          protocol: TCP
        readinessProbe:
          failureThreshold: 1
          httpGet:
            path: /ping
            port: 9000
            scheme: HTTP
          initialDelaySeconds: 10
          periodSeconds: 10
          successThreshold: 1
          timeoutSeconds: 2
        resources: {}
        securityContext:
          capabilities:
            drop:
            - ALL
          readOnlyRootFilesystem: true
          runAsGroup: 65532
          runAsNonRoot: true
          runAsUser: 65532
        volumeMounts:
        - mountPath: /data
          name: data
        - mountPath: /tmp
          name: tmp
      dnsPolicy: ClusterFirst
      restartPolicy: Always
      securityContext:
        fsGroup: 65532
      serviceAccount: traefik
      serviceAccountName: traefik
      terminationGracePeriodSeconds: 60
      volumes:
      - emptyDir: {}
        name: data
      - emptyDir: {}
        name: tmp

My steps:

  • grant permissions

# kubectl apply -f rbac.yaml

  • create the configmap from the env file

# kubectl -n traefik create configmap traefik-configs-env --from-env-file=traefik-env

  • create the daemonset refers to the configmap with "envFrom"

# kubectl apply -f daemonset-env.yaml

  • After creating successfully, pick up one pod(e.g, traefik-mtj5g) and check the log, the timestamp mixed with CST and UTC.
    # kubectl -n traefik logs -f traefik-mtj5g
time="2022-06-03T09:54:40+08:00" level=debug msg="Authentication succeeded" middlewareName=traefik-traefik-ui-basic-auth@kubernetescrd middlewareType=BasicAuth
time="2022-06-03T09:54:40+08:00" level=debug msg="Removing authorization header" middlewareName=traefik-traefik-ui-basic-auth@kubernetescrd middlewareType=BasicAuth
22.99.22.118 - admin [03/Jun/2022:01:54:40 +0000] "GET /api/overview HTTP/2.0" 200 534 "-" "-" 439 "traefik-traefik-dashboard-2ea68866e9720d881f38@kubernetescrd" "-" 0ms
22.99.22.11 - - [03/Jun/2022:01:54:41 +0000] "GET /ping HTTP/1.1" 200 2 "-" "-" 440 "ping@internal" "-" 0ms
22.99.22.11 - - [03/Jun/2022:01:54:41 +0000] "GET /ping HTTP/1.1" 200 2 "-" "-" 441 "ping@internal" "-" 0ms

Is there something wrong with my settings, could anyone help? thanks.