Adding x-forwarded-for to access logs #2420
Open
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Linkerd access logs are missing the origin IP address. Solved by adding in the field x_forwarded_for to access logs which has the origin ip address. Validated by compiling and deploying the modified proxy image alongside a nginx container, checking access log content for existing fields + the new field Part fixes issue #9842 Signed-off-by: Dan Ambrose <[email protected]>
neoreddog
force-pushed
the
x-forwarded-for
branch
from
ed2dcae
to
fdebacd
Compare
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Problem:
Access logs don't show the origin IP of requests which impacts observability of network events.
As partly described in Issue #9842.
Solution:
Added in the field
This field uses the
get_headermethod with aHeaderName::from_staticValidation:
Building and deploying the customised linkerd proxy with access logs enabled alongside a nginx container.
Sending network requests and validating that all pre-existing fields persist and the new one functions as intended.
Fixes:
Part fixes #9842
I agree to the DCO for all the commits in this PR.