Cloud Native Log Collection
Introduction
The Cloud Native Log Collection add-on (formerly log-agent) is developed based on Fluent Bit and OpenTelemetry for collecting logs and Kubernetes events. This add-on supports CRD-based log collection policies. It collects and forwards standard output logs, container file logs, node logs, and Kubernetes events in a cluster based on configured policies. It also reports Kubernetes events to AOM for configuring event alarms. By default, all abnormal events and some normal events are reported.
In 1.3.2 and later versions, Cloud Native Log Collection reports all warning events and some normal events to AOM by default. The reported events can be used to configure alarms. If the cluster version is v1.19.16, v1.21.11, v1.23.9, v1.25.4, or later, after Cloud Native Log Collection is installed, events are reported to AOM by this add-on instead of the control plane component. After this add-on is uninstalled, events will not be reported to AOM.
Log Collection Reliability
The log system's main purpose is to record all stages of data for service components, including startup, initialization, exit, runtime details, and exceptions. It is primarily employed in O&M scenarios for tasks like checking component status and analyzing fault causes.
Standard streams (stdout and stderr) and local log files use non-persistent storage. However, data integrity may be compromised due to the following risks:
- Log rotation and compression potentially deleting old files
- Temporary storage volumes being cleared when Kubernetes pods end
- Automatic OS cleanup triggered by limited node storage space
While the Cloud Native Log Collection add-on employs techniques like multi-level buffering, priority queues, and resumable uploads to enhance log collection reliability, logs could still be lost in the following situations:
- The service log throughput surpasses the collector's processing capacity.
- The service pod is terminated and immediately reclaimed by the container runtime.
- The log collector pod experiences exceptions.
The following lists some recommended best practices for cloud native log management. You can review and implement them thoughtfully.
- Use dedicated, high-reliable streams to record critical service data (for example, financial transactions) and store the data in persistent storage.
- Avoid storing sensitive information like customer details, payment credentials, and session tokens in logs.
Notes and Constraints
This add-on is available only in clusters v1.17 or later.
Add-on Performance
| Item | Description | Remarks |
|---|---|---|
| Size of a log | Each individual log must not exceed 512,000 bytes. For multi-line logs, each line is counted separately toward this limit. | None |
| Maximum number of collected files | On a single node, the total number of files that can be monitored by all log collection rules is limited to 4,095. | None |
| Log collection rate |
| Service quality cannot be ensured if any of these limits is exceeded. |
| Configuration update | Configuration updates take effect in 1 to 3 minutes. | None |
Permissions
The fluent-bit component of the add-on reads and collects the stdout logs on each node, file logs in pods, and node logs based on the collection configuration.
The following permissions are required for running the fluent-bit component:
- CAP_DAC_OVERRIDE: ignores the discretionary access control (DAC) restrictions on files.
- CAP_FOWNER: ignores the restrictions that the file owner ID must match the process user ID.
- DAC_READ_SEARCH: ignores the DAC restrictions on file reading and catalog search.
- SYS_PTRACE: allows all processes to be traced.
The Cloud Native Log Collection add-on enhances the log reading capability based on these permissions. However, if log files are stored in an external file system (such as SFS), these permissions may not take effect. To ensure that logs can be collected properly, ensure that the paas user (UID 10000) has the read and execute permissions on the directory where the logs are stored and the read permissions on the files in the directory.
Installing the Add-on
- Log in to the CCE console and click the cluster name to access the cluster console.
- In the navigation pane, choose Add-ons. Locate Cloud Native Log Collection and click Install.
- On the Install Add-on page, configure the specifications as needed.
- If you select Preset, choose Small or Large based on your cluster scale. CCE automatically configures the number of add-on pods and resource quotas according to the selected specification. You can view these configurations on the console.
You can select the Small option for clusters where the logs of a single node are less than 5000/s or 5 MB/s, and select the Large option for clusters where the logs on a single node are less than 10000/s or 10 MB/s.
- If you selected Custom, you can adjust the number of pods and resource quotas as needed. High availability is not possible with a single pod. If an error occurs on the node where the add-on pod runs, the add-on will fail.
- If you select Preset, choose Small or Large based on your cluster scale. CCE automatically configures the number of add-on pods and resource quotas according to the selected specification. You can view these configurations on the console.
- Configure Agency Settings. This configuration is supported by the add-on of 1.7.9 or later. Add-ons require runtime access to other cloud services. You need to configure an add-on agency to authorize these operations. For details, see Custom Agencies for Add-ons.
- Create automatically: CCE automatically creates a default agency and uses this agency for the add-on. If there is a default agency, CCE will not create one again.
- Use existing: Select one from the drop-down list. Ensure that the created agency has been assigned the required permissions. Otherwise, the add-on functions may be unavailable.
- Configure add-on parameters, which are supported by the add-on of v1.6.1 or later. For details, see Tail.
Parameter
Description
Default Value
Large Specification
Other Specification
Initial Buffer Size (Buffer_Chunk_Size)
The size of the initial buffer used to read files.
256k
128k
Maximum Buffer Size (Buffer_Max_Size)
Limit on the buffer size for each monitored file. When a buffer is added, the number of memory buffers that can be added is restricted by this value. If the limit is exceeded, the file will be removed from the monitored file list.
1024k
512k
Memory Buffer Limit (Mem_Buf_Limit)
Memory limit when data is appended to the engine. When the limit is reached, the add-on will temporarily stop reading log file data. The reading will resume after the data is refreshed.
300mb
40mb
The unit can be case-insensitive k, kb, m, mb, g or gb. If no unit is specified, the default unit of byte will be used.
- Configure deployment policies for the add-on pods.
Scheduling policies do not take effect on the DaemonSet pods of the add-on.
Table 1 Configurations for add-on scheduling Parameter
Description
Multi-AZ Deployment
- Preferred: Deployment pods of the add-on will be preferentially scheduled to nodes in different AZs. If all the nodes in the cluster are deployed in the same AZ, the pods will be scheduled to different nodes in that AZ.
- Forcible: Add-on pods are strictly distributed across AZs, with at most one pod per AZ. If the cluster's nodes do not span multiple AZs, some add-on pods will remain unscheduled and fail to run. If a node is faulty, the add-on pods on it may fail to be migrated.
- Click Install.
Components
| Component | Description | Resource Type |
|---|---|---|
| fluent-bit | Lightweight log collector and forwarder deployed on each node to collect logs. In 1.5.0 and later versions, logs are directly reported to LTS. In versions earlier than 1.5.0, logs are reported to otel-collector. | DaemonSet |
| cop-logs | Used to generate soft links for collected files. It runs in the same pod as fluent-bit. | DaemonSet |
| log-operator | Used to generate internal configuration files | Deployment |
| otel-collector | Used to collect Kubernetes events and report them to LTS and AOM, and receive and report logs to LTS. The extent of log data reporting varies with the add-on version. In versions earlier than 1.5.1, this component reports logs of different applications and services. In 1.5.1 and later versions, this component reports only logs of workloads that are scaled to CCI. In v1.7.5 and later versions, this component is used only to report logs of workloads that are scaled to CCI. If this component is not needed, set the number of its pods to 0. | Deployment |
| otel-collector-event | Added in v1.7.5 and later versions. It collects Kubernetes events and reports them to LTS and AOM. | Deployment |
How to Use the Add-on
This add-on can collect container standard output logs, container file logs, node logs, and Kubernetes events. You can use LTS or AOM to store the collected logs. These services support different types of logs. For details, see Table 3.
| Log Storage Location | Supported Log Types | How to Use |
|---|---|---|
| LTS |
| Go to Logging to create a policy. For details, see Collecting Container Logs Using the Cloud Native Log Collection Add-on. |
| Kubernetes events | ||
| Control plane component logs | ||
| Kubernetes audit logs | ||
| NGINX Ingress Controller add-on logs | ||
| AOM | Kubernetes events | If the cluster version is v1.19.16, v1.21.11, v1.23.9, v1.25.4, or later, all abnormal events and some normal events will be reported by default. For details, see Reporting Kubernetes Events to AOM. |
Helpful Links
- After installing the Cloud Native Log Collection add-on, you can use the Logging to collect Kubernetes logs. For details, see Overview.
- During log collection, there may be issues like interrupted collection or data loss. To ensure log integrity and availability, you are advised to set log collection status monitoring and alarms. For details, see Configuring Metrics and Alarms for Log Collection Status.
Release History
| Add-on Version | Supported Cluster Version | New Feature |
|---|---|---|
| 1.7.13 | v1.21 v1.23 v1.25 v1.27 v1.28 v1.29 v1.30 v1.31 v1.32 v1.33 v1.34 v1.35 v1.36 | Supported CCE clusters v1.36. |
| 1.7.10 | v1.21 v1.23 v1.25 v1.27 v1.28 v1.29 v1.30 v1.31 v1.32 v1.33 v1.34 v1.35 | Supported CCE clusters v1.35. |
| 1.7.9 | v1.21 v1.23 v1.25 v1.27 v1.28 v1.29 v1.30 v1.31 v1.32 v1.33 v1.34 | Fixed some issues. |
| 1.7.8 | v1.21 v1.23 v1.25 v1.27 v1.28 v1.29 v1.30 v1.31 v1.32 v1.33 v1.34 | Supported CCE clusters v1.34. |
| 1.7.6 | v1.21 v1.23 v1.25 v1.27 v1.28 v1.29 v1.30 v1.31 v1.32 v1.33 |
|
| 1.7.4 | v1.21 v1.23 v1.25 v1.27 v1.28 v1.29 v1.30 v1.31 v1.32 | Blocklists can be applied to standard output log collection policies across all namespaces based on pod labels. |
| 1.7.3 | v1.21 v1.23 v1.25 v1.27 v1.28 v1.29 v1.30 v1.31 v1.32 | Supported CCE clusters v1.32. |
| 1.7.2 | v1.21 v1.23 v1.25 v1.27 v1.28 v1.29 v1.30 v1.31 | Logs can be compressed in gzip format and sent to LTS. |
| 1.7.1 | v1.21 v1.23 v1.25 v1.27 v1.28 v1.29 v1.30 v1.31 | Fixed some issues. |
| 1.7.0 | v1.21 v1.23 v1.25 v1.27 v1.28 v1.29 v1.30 v1.31 | Supported clusters v1.31. |
| 1.6.1 | v1.21 v1.23 v1.25 v1.27 v1.28 v1.29 v1.30 |
|
| 1.6.0 | v1.21 v1.23 v1.25 v1.27 v1.28 v1.29 v1.30 |
|
| 1.5.2 | v1.21 v1.23 v1.25 v1.27 v1.28 v1.29 | The index function is added when the default log stream of container logs is created. |
| 1.4.5 | v1.21 v1.23 v1.25 v1.27 v1.28 | Fixed some issues. |
| 1.4.2 | v1.21 v1.23 v1.25 v1.27 v1.28 |
|
| 1.3.10 | v1.17 v1.19 v1.21 v1.23 v1.25 v1.27 v1.28 | Fixed the Fluent Bit memory corruption vulnerability. |
| 1.3.2 | v1.17 v1.19 v1.21 v1.23 v1.25 | Supported reporting Kubernetes events to AOM. |
| 1.3.0 | v1.17 v1.19 v1.21 v1.23 v1.25 | Supported clusters v1.25. |
| 1.2.3 | v1.17 v1.19 v1.21 v1.23 | None |
| 1.2.2 | v1.17 v1.19 v1.21 v1.23 | log-agent is a cloud native log collection add-on built on open-source Fluent Bit and OpenTelemetry and supports CRD-based log collection policies. It collects and forwards standard container output logs, container file logs, node logs, and Kubernetes event logs in a cluster following your rules. |
Feedback
Was this page helpful?
Provide feedbackThank you very much for your feedback. We will continue working to improve the documentation.See the reply and handling status in My Cloud VOC.
For any further questions, feel free to contact us through the chatbot.
Chatbot