feat: enable Traefik access logs via HelmChartConfig
All checks were successful
Build and Deploy LTY / build-and-deploy (push) Successful in 56m21s
All checks were successful
Build and Deploy LTY / build-and-deploy (push) Successful in 56m21s
Adds k8s/traefik-config.yaml to enable JSON-format access logs on the K3s built-in Traefik for diagnosing whether subv webhooks from volcengine are dropped between ingress and Django, or simply not sent. Drops Authorization/Cookie headers to avoid leaking secrets. Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
This commit is contained in:
parent
c70bee7295
commit
c85f6f2f9e
@ -141,6 +141,7 @@ jobs:
|
|||||||
kubectl apply -f k8s/backend-deployment-prod.yaml
|
kubectl apply -f k8s/backend-deployment-prod.yaml
|
||||||
kubectl apply -f k8s/admin-deployment-prod.yaml
|
kubectl apply -f k8s/admin-deployment-prod.yaml
|
||||||
kubectl apply -f k8s/ingress.yaml
|
kubectl apply -f k8s/ingress.yaml
|
||||||
|
kubectl apply -f k8s/traefik-config.yaml
|
||||||
|
|
||||||
# Preserve real client IP
|
# Preserve real client IP
|
||||||
kubectl patch svc traefik -n kube-system -p '{"spec":{"externalTrafficPolicy":"Local"}}' 2>/dev/null || true
|
kubectl patch svc traefik -n kube-system -p '{"spec":{"externalTrafficPolicy":"Local"}}' 2>/dev/null || true
|
||||||
|
|||||||
17
k8s/traefik-config.yaml
Normal file
17
k8s/traefik-config.yaml
Normal file
@ -0,0 +1,17 @@
|
|||||||
|
apiVersion: helm.cattle.io/v1
|
||||||
|
kind: HelmChartConfig
|
||||||
|
metadata:
|
||||||
|
name: traefik
|
||||||
|
namespace: kube-system
|
||||||
|
spec:
|
||||||
|
valuesContent: |-
|
||||||
|
logs:
|
||||||
|
access:
|
||||||
|
enabled: true
|
||||||
|
format: json
|
||||||
|
fields:
|
||||||
|
headers:
|
||||||
|
defaultmode: keep
|
||||||
|
names:
|
||||||
|
Authorization: drop
|
||||||
|
Cookie: drop
|
||||||
Loading…
x
Reference in New Issue
Block a user