By default default Image Added deployed in Kubernetes outputs logging to disk and console output. If persistent disk storage is enabled, the logs end up on the mounted shared disk. But persistent disk is not always the desired log target, especially in a cloud environment where persistent data is typically accessed through services and APIs rather than as files. The console logs can be accessed through the "kubectl logs" command or from a Kubernetes dashboard. The buffer for storing the Kubernetes console logs is stored in memory only though and thus will be lost when a Pod terminates. To get a production ready log configuration you can use tools from the Kubernetes ecosystem. In this guide we show you how to set up: - Fluent for log collection
- Elasticsearch for log storage
- Kibana for log visualization
These tools give you powerful and flexible log collection, storage, and visualization. The Elasticsearch database storage also provides powerful tools to perform analytics on the log data. It is outside the scope of this guide to describe those capabilities. Note |
---|
| This guide includes the steps for installing the tools in the Kubernetes cluster. If you deploy deploy Image Added in a cloud environment, these tools may already be configured. In that case, it is enough to perform the configuration and skip the installation steps. |
Before setting up log collection, make sure that JSON formatted logging is enabled in using Image Added using the setting: Code Block |
---|
log:
# Format can be "json" or "raw". Default is "raw"
format: json |
in values.yaml. To isolate the logging functionality from the rest of the system and make it possible to reuse it from multiple multiple Image Added instances, a separate namespace is created to host the installed tools. Code Block |
---|
kubectl create namespace logging |
Code Block |
---|
helm repo add elastic https://helm.elastic.co
helm repo add fluent https://fluent.github.io/helm-charts |
Code Block |
---|
helm fetch elastic/elasticsearch --untar |
Code Block |
---|
helm upgrade --install elasticsearch elasticsearch -n logging --set=persistence.enabled=false |
Code Block |
---|
helm fetch elastic/kibana --untar |
Code Block |
---|
helm upgrade --install kibana kibana -n logging --set=service.type=LoadBalancer --set=service.port=80 |
Code Block |
---|
| helm fetch fluent/fluentd --untar |
Edit values.yaml to enable System Log collection over syslog. Add the following source to section 01_sources.conf (leaving existing sources unaltered): Code Block |
---|
| 01_sources.conf: |-
<source>
@type syslog
port 5140
bind 0.0.0.0
tag system
</source> |
Edit values.yaml to specify the JSON based log format: Code Block |
---|
02_filters.conf: |-
<label @KUBERNETES>
<match kubernetes.var.log.containers.fluentd**>
@type relabel
@label @FLUENT_LOG
</match>
<filter kubernetes.**>
@type kubernetes_metadata
@id filter_kube_metadata
skip_labels false
skip_container_metadata false
skip_namespace_metadata true
skip_master_url true
</filter>
<filter kubernetes.var.log.containers.**>
@type parser
<parse>
@type json
json_parser json
</parse>
replace_invalid_sequence true
emit_invalid_record_to_error false
key_name log
reserve_data true
remove_key_name_field true
</filter>
<match **>
@type relabel
@label @DISPATCH
</match>
</label> |
Code Block |
---|
helm upgrade --install fluentd fluentd -n logging |
Configure according to: Log Forwarding(3.0) The parameters are set in Helm values.yaml file as described in Installation Instructions(3.0).
Code Block |
---|
$ kubectl get pod -n logging
NAME READY STATUS RESTARTS AGE
elasticsearch-master-0 1/1 Running 0 43m
elasticsearch-master-1 1/1 Running 0 44m
elasticsearch-master-2 1/1 Running 0 44m
fluentd-8g95p 1/1 Running 0 19h
fluentd-sqv7j 1/1 Running 0 19h
fluentd-zgx6t 1/1 Running 0 19h
kibana-kibana-56c9f469d-l7dtv 1/1 Running 0 105m |
If all looks good, you can get the URL for the Kibana dashboard with the below command: Code Block |
---|
kubectl get service -n logging kibana-kibana -o jsonpath={.status.loadBalancer.ingress[0].hostname} |
Open the Kibana dashboard and create a new Index Pattern matching the "fluentd" index. Go to Discover view to search collected log data. For instance, to search the platform log file, enter the search query "kubernetes.pod_name:platform" in the KQL field. Log records that are properly JSON formatted will be parsed into fields, like: Code Block |
---|
"thread": "main",
"level": "WARN",
"loggerName": "com.digitalroute.picostart.PlatformClassLoader",
"marker": {
"name": "PS",
"parents": [
{
"name": "LIFECYCLE"
}
]
},
"message": "Starting Web Server",
"endOfBatch": false,
"loggerFqcn": "org.apache.logging.log4j.spi.AbstractLogger",
"instant": {
"epochSecond": 1614690212,
"nanoOfSecond": 819721000
},
"threadId": 1,
"threadPriority": 5,
"timestamp": "2021-03-02T13:03:32.819+0000" |
While records that are not JSON formatted will be displayed per row in the "log" field, like: Code Block |
---|
"log": "2021-03-02 13:03:35.788:INFO:oejs.Server:pool-10-thread-1: Started @33338ms\n", |
|