Skip to main content

日志轮转

ingress-nginx 默认会将日志打印到容器标准输出,日志由容器运行时自动管理,在高并发场景可能会导致 CPU 占用较高。

解决方案是将 ingress-nginx 日志输出到日志文件中,然后用 sidecar 对日志文件做自动轮转避免日志打满磁盘空间。

values.yaml 配置方法:

controller:
  config:
    # nginx 日志落盘到日志文件,避免高并发下占用过多 CPU
    access-log-path: /var/log/nginx/nginx_access.log
    error-log-path: /var/log/nginx/nginx_error.log
    # 自定义 accesslog 格式
    log-format-upstream: 
      $remote_addr - $remote_user [$time_iso8601] $msec "$request"
      $status $body_bytes_sent "$http_referer" "$http_user_agent" $request_length $request_time
      [$proxy_upstream_name] [$proxy_alternative_upstream_name] [$upstream_addr] [$upstream_response_length]
      [$upstream_response_time] [$upstream_status] $req_id $namespace $ingress_name
      $service_name $service_port $http_x_forwarded_for $host
  extraVolumes:
    - name: log # controller 挂载日志目录
      emptyDir: {}
  extraVolumeMounts:
    - name: log # logratote 与 controller 共享日志目录
      mountPath: /var/log/nginx
  extraContainers: # logrotate sidecar 容器,用于轮转日志
    - name: logrotate
      image: imroc/logrotate:latest # https://github.com/imroc/docker-logrotate
      imagePullPolicy: IfNotPresent
      env:
        - name: LOGROTATE_FILE_PATTERN # 轮转的日志文件 pattern,与 nginx 配置的日志文件路径相匹配
          value: "/var/log/nginx/nginx_*.log"
        - name: LOGROTATE_FILESIZE # 日志文件超过多大后轮转
          value: "100M"
        - name: LOGROTATE_FILENUM # 每个日志文件轮转的数量
          value: "3"
        - name: CRON_EXPR # logrotate 周期性运行的 crontab 表达式,这里每分钟一次
          value: "*/1 * * * *"
        - name: CROND_LOGLEVEL # crond 日志级别,0~8,越小越详细
          value: "8"
      volumeMounts:
        - name: log
          mountPath: /var/log/nginx
      resources:
        requests:
          cpu: 0.1
          memory: 100Mi
        limits:
          cpu: 0.1
          memory: 100Mi

参考文档