-
Notifications
You must be signed in to change notification settings - Fork 8.2k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
fix: disable auth access logs #9049
fix: disable auth access logs #9049
Conversation
@johanneswuerbach: This issue is currently awaiting triage. If Ingress contributors determines this is a relevant issue, they will accept it by applying the The Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. |
Welcome @johanneswuerbach! |
Hi @johanneswuerbach. Thanks for your PR. I'm waiting for a kubernetes member to verify that this patch is reasonable to test. If it is, they should reply with Once the patch is verified, the new status will be reflected by the I understand the commands that are listed here. Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. |
/assign @rikatz |
/ok-to-test |
/lgtm |
[APPROVALNOTIFIER] This PR is APPROVED This pull-request has been approved by: johanneswuerbach, rikatz The full list of commands accepted by this bot can be found here. The pull request process is described here
Needs approval from an approver in each of these files:
Approvers can indicate their approval by writing |
Hi johanneswuerbach, In case we do want to log this access logs - how can we do it?(is there a configuration that we can use?) Thanks. |
Could you elaborate which details you want to log in your case? |
If I understand you correctly - this PR will eliminate the extra auth calls access logs. I want to understand if:
The use case is tracking the auth flow - performance and status. |
This is currently not configurable, but it might be possible to includes those details in your logs using a snippet:
Afterwards you should be able to include |
@gevaeshcoli-microsoft, @rikatz : PTAL #10335 |
What this PR does / why we need it:
Currently nginx logs requests twice when external authentication is enabled, which is fairly confusing as the
$request
and$upstream_addr
etc. are the same, but only$bytes_sent
and$request_length
are0
and the$status_code
might be different.While this logging could be made conditional, I wonder in which use-case both logs would be expected looking at the fact that the logged information is kind of broken.
The main benefit seems to be that the
$status_code
of the auth response is visible in the first log line and not in the second, but I wonder whether this justifies the cost of logging every request with all details twice (troubleshooting request details seems more like a job for tracing).Related #3040
At the moment we use:
To disable logs for external auth requests.
Types of changes
Which issue/s this PR fixes
How Has This Been Tested?
Manually.
Checklist:
Does my pull request need a release note?
Any user-visible or operator-visible change qualifies for a release note. This could be a:
No release notes are required for changes to the following:
For more tips on writing good release notes, check out the Release Notes Handbook