Cloud Native Logging

Introduction

log-agent is built based on Fluent Bit and OpenTelemetry. It collects logs and Kubernetes events. log-agent supports CRD-based log collection policies. It collects and forwards standard container output logs, container file logs, node logs, and Kubernetes event logs in a cluster based on configured policies. It also reports Kubernetes events to AOM for configuring event alarms. By default, all abnormal events and some normal events are reported.

In 1.3.2 and later versions, Cloud Native Logging reports all warning events and some normal events to AOM by default. The reported events can be used to configure alarms. If the cluster version is 1.19.16, 1.21.11, 1.23.9, 1.25.4, or later, after Cloud Native Logging is installed, events are reported to AOM by this add-on instead of the control plane component. After Cloud Native Logging is uninstalled, events will not be reported to AOM.

Constraints

The constraints on using the log-agent add-on are as follows:

log-agent is available only in clusters of v1.17 or later.
A maximum of 50 log rules can be configured for each cluster.
log-agent cannot collect .gz, .tar, or .zip log files.
In each cluster, the collection rate of a single line of logs cannot exceed 10,000 records per second, and the collection rate of multiple lines of logs cannot exceed 2000 records per second.

Permissions

The fluent-bit component of the log-agent add-on reads and collects the stdout logs on each node, file logs in pods, and node logs based on the collection configuration.

The following permissions are required for running the fluent-bit component:

CAP_DAC_OVERRIDE: ignores the discretionary access control (DAC) restrictions on files.
CAP_FOWNER: ignores the restrictions that the file owner ID must match the process user ID.
DAC_READ_SEARCH: ignores the DAC restrictions on file reading and catalog research.
SYS_PTRACE: allows all processes to be traced.

Installing the Add-on

Log in to the CCE console and click the cluster name to access the cluster console. Choose Add-ons in the navigation pane, locate Cloud Native Logging on the right, and click Install.

On the Install Add-on page, configure the specifications.

**Table 1** Cloud Native Logging Configuration
Parameter	Description
Add-on Specifications	The add-on specifications can be of the Low, High, or custom-resources type.
Pods	Number of pods that will be created to match the selected add-on specifications. If you select Custom, you can adjust the number of pods as required.
Containers	The log-agent add-on contains the following containers, whose specifications can be adjusted as required: fluent-bit: log collector, which is installed on each node as a DaemonSet. cop-logs: generates and updates configuration files on the collection side. log-operator: parses and updates log rules. otel-collector: forwards logs collected by fluent-bit to LTS.

Configure scheduling policies for the add-on.

Scheduling policies do not take effect on add-on instances of the DaemonSet type.

**Table 2** Configurations for add-on scheduling
Parameter	Description
Multi AZ	Preferred: Deployment pods of the add-on will be preferentially scheduled to nodes in different AZs. If all the nodes in the cluster are deployed in the same AZ, the pods will be scheduled to that AZ. Required: Deployment pods of the add-on will be forcibly scheduled to nodes in different AZs. If there are fewer AZs than pods, the extra pods will fail to run.

Click Install.

Components

**Table 3** Add-on components
Component	Description	Resource Type
fluent-bit	Lightweight log collector and forwarder deployed on each node to collect logs	DaemonSet
cop-logs	Used to generate soft links for collected files and run in the same pod as fluent-bit	DaemonSet
log-operator	Used to generate internal configuration files	Deployment
otel-collector	Used to collect logs from applications and services and report the logs to LTS	Deployment