Note |
---|
Note!You need to have a proper GKE cluster setup in order to proceed with these steps. Refer to Set Up Kubernetes Cluster - GCP (4.3) to to create the GKE cluster first. |
...
To get a production ready log configuration you can use tools from the Kubernetes ecosystem and GCP Cloud Logging. In this guide we show you how to set up:
...
Beforesetting up log collection, make sure your Usage Engine Private Edition was installed with JSON formatted logging enabled.
Code Block |
---|
log:
# Format can be "json" or "raw". Default is "raw"
format: json |
Stream container logs to GCP Cloud Logging
Before using GCP Cloud Logging, you need to ensure Cloud Logging API is enabled on your Google Cloud project. Refer to the guide https://cloud.google.com/kubernetes-engine/docs/troubleshooting/logging to verify if logging is enabled.
Fluent-bit is a log processor that used to send containers logs to GCP Cloud Logging. By default, a managed Fluent-bit will be installed by GKE during cluster creation.
After Cloud Logging API is enabled, all containers logs should automatically send to the Cloud Logging. To verify logging, go to GCP console page Logging > Logs Explorer and check if container logs are populated.
...
Add Fluent helm repository and update repository to retrieve the latest version.
Code Block helm repo add fluent https://fluent.github.io/helm-charts helm repo update
Retrieve the Elastic Search access credentials by using commands below. Save the output, you will need them in the next step.
Code Block kubectl get secrets --namespace=logging elasticsearch-master-credentials -ojsonpath='{.data.username}' | base64 -d kubectl get secrets --namespace=logging elasticsearch-master-credentials -ojsonpath='{.data.password}' | base64 -d
Create a custom values yaml, for example fluent-bit-values.yaml and set the content below. After that, replace values of HTTP_User and HTTP_Passwd to the output from previous step.
Code Block config: inputs: | [INPUT] Name tail Alias kube_containers Tag kube_<namespace_name>_<pod_name>_<container_name> Exclude_Path /var/log/containers/*_kube-system_*.log,/var/log/containers/*_istio-system_*.log,/var/log/containers/*_knative-serving_*.log,/var/log/containers/*_gke-system_*.log,/var/log/containers/*_config-management-system_*.log,/var/log/containers/*_gmp-system_*.log,/var/log/containers/*_gke-managed-cim_*.log Path /var/log/containers/*.log multiline.parser docker, cri Mem_Buf_Limit 50MB Skip_Long_Lines On Refresh_Interval 1 Read_from_Head True filters: | [FILTER] Name kubernetes Match kube.* Kube_URL https://kubernetes.default.svc:443 Kube_Tag_Prefix application.var.log.containers. Merge_Log On K8S-Logging.Parser On K8S-Logging.Exclude Off Labels Off Annotations Off Use_Kubelet On Kubelet_Port 10250 Buffer_Size 0 outputs: | [OUTPUT] Name es Match * Host elasticsearch-master tls on tls.verify off HTTP_User elastic HTTP_Passwd zUqEBtrE4H9bfO8K Suppress_Type_Name On Index fluentbit Trace_Error on
Install Fluent-bit with the custom values yaml.
Code Block helm install fluent-bit fluent/fluent-bit -n logging -f fluent-bit-values.yaml
Verify Fluent-bit pod's log. Should not see any error or exception if connection to Elastic Search is established successfully.
Code Block kubectl logs <fluent-bit pod name> -n logging
...