Cloud Native Logging

Introduction

log-agent is built based on Fluent Bit and OpenTelemetry. It collects logs and Kubernetes events. This add-on supports CRD-based log collection policies. It collects and forwards standard output logs, container file logs, node logs, and Kubernetes event logs in a cluster based on configured policies. It also reports Kubernetes events to AOM for configuring event alarms. By default, all abnormal events and some normal events are reported.

In 1.3.2 and later versions, Cloud Native Logging reports all warning events and some normal events to AOM by default. The reported events can be used to configure alarms. If the cluster version is 1.19.16, 1.21.11, 1.23.9, 1.25.4, or later, after Cloud Native Logging is installed, events are reported to AOM by this add-on instead of the control plane component. After Cloud Native Logging is uninstalled, events will not be reported to AOM.

Constraints

This add-on is available only in clusters v1.17 or later.

Add-on Performance

Item	Description	Remarks
Size of a log	Each individual log must not exceed 512 KB in size. In the case of multi-line logs, the length of each line will be calculated separately.	None
Maximum number of collected files	On a single node, the total number of files that can be listened by all log collection rules is limited to 4,095.	None
Logging rate	If the add-on version is earlier than 1.5.0, in each cluster, no more than 10,000 single-line logs can be collected per second, and no more than 2,000 multi-line logs can be collected per second. If the add-on version is 1.5.0 or later, on each node, no more than 20,000 logs or 10 MB of logs can be collected per second.	Service quality cannot be ensured if any of these limits is exceeded.
Configuration update	Configuration updates take effect in 1 to 3 minutes.	None

Permissions

The fluent-bit component of the log-agent add-on reads and collects the stdout logs on each node, file logs in pods, and node logs based on the collection configuration.

The following permissions are required for running the fluent-bit component:

CAP_DAC_OVERRIDE: ignores the discretionary access control (DAC) restrictions on files.
CAP_FOWNER: ignores the restrictions that the file owner ID must match the process user ID.
DAC_READ_SEARCH: ignores the DAC restrictions on file reading and catalog research.
SYS_PTRACE: allows all processes to be traced.

Installing the Add-on

Log in to the CCE console and click the cluster name to access the cluster console. Choose Add-ons in the navigation pane, locate Cloud Native Logging on the right, and click Install.

On the Install Add-on page, configure the specifications.

**Table 1** Cloud Native Logging Configuration
Parameter	Description
Add-on Specifications	The add-on specifications can be of the Low, High, or custom-resources type.
Pods	Number of pods that will be created to match the selected add-on specifications. If you select Custom, you can adjust the number of pods as required.
Containers	The log-agent add-on contains the following containers, whose specifications can be adjusted as required: fluent-bit: log collector, which is installed on each node as a DaemonSet. cop-logs: generates and updates configuration files on the collection side. log-operator: parses and updates log rules. otel-collector: forwards logs collected by fluent-bit to LTS.

Configure scheduling policies for the add-on.

Scheduling policies do not take effect on add-on instances of the DaemonSet type.

**Table 2** Configurations for add-on scheduling
Parameter	Description
Multi AZ	Preferred: Deployment pods of the add-on will be preferentially scheduled to nodes in different AZs. If all the nodes in the cluster are deployed in the same AZ, the pods will be scheduled to that AZ. Required: Deployment pods of the add-on will be forcibly scheduled to nodes in different AZs. If there are fewer AZs than pods, the extra pods will fail to run.

Click Install.

Components

**Table 3** Add-on components
Component	Description	Resource Type
fluent-bit	Lightweight log collector and forwarder deployed on each node to collect logs	DaemonSet
cop-logs	Used to generate soft links for collected files and run in the same pod as fluent-bit	DaemonSet
log-operator	Used to generate internal configuration files	Deployment
otel-collector	Used to collect logs from applications and services and report the logs to LTS	Deployment

Add-on Usage

This add-on can collect container standard output logs, container file logs, node logs, and Kubernetes events. You can use LTS or AOM to store the collected logs. These services support different types of logs. For details, see Table 4.

**Table 4** Log storage description
Log Storage Location	Supported Log Types	How to Use
LTS	Container standard output logs Container file logs Node logs Kubernetes events	Go to Logging to create a policy. For details, see Collecting Container Logs Using Cloud Native Logging.
AOM	Kubernetes events	If the cluster version is 1.19.16, 1.21.11, 1.23.9, 1.25.4, or later, all abnormal events and some normal events will be reported by default. For details, see Reporting Kubernetes Events to AOM.

Change History

**Table 5** Release history
Add-on Version	Supported Cluster Version	New Feature
1.4.5	v1.21 v1.23 v1.25 v1.27 v1.28	Fixed some issues.
1.4.2	v1.21 v1.23 v1.25 v1.27 v1.28	Clusters 1.28 are supported. Supported logging from on-premises clusters. Supported special processing of AOM-related fields in GPU event reporting.
1.3.2	v1.17 v1.19 v1.21 v1.23 v1.25	Supports reporting Kubernetes events to AOM.
1.3.0	v1.17 v1.19 v1.21 v1.23 v1.25	Supported clusters 1.25.
1.2.3	v1.17 v1.19 v1.21 v1.23	None
1.2.2	v1.17 v1.19 v1.21 v1.23	log-agent is a cloud native log collection add-on built on open source Fluent Bit and OpenTelemetry and supports CRD-based log collection policies. It collects and forwards standard container output logs, container file logs, node logs, and Kubernetes event logs in a cluster following your rules.