Using ICAgent to Collect Container Logs¶
CCE works with AOM to collect workload logs. When creating a node, CCE installs the ICAgent for you (the DaemonSet named icagent in the kube-system namespace of the cluster). After the ICAgent collects workload logs and reports them to AOM, you can view workload logs on the CCE or AOM console.
Notes and Constraints¶
The ICAgent only collects *.log, *.trace, and *.out text log files.
Using ICAgent to Collect Logs¶
When creating a workload, set logging for the container.
Click
to add a log policy.The following uses Nginx as an example. Log policies vary depending on workloads.
Figure 1 Adding a log policy¶
Set Storage Type to Host Path or Container Path.
Table 1 Configuring log policies¶ Parameter
Description
Storage Type
Host Path (hostPath): A host path is mounted to the specified container path (mount path). In the node host path, you can view the container logs output into the mount path.
Container Path (emptyDir): A temporary path of the node is mounted to the specified path (mount path). Log data that exists in the temporary path but is not reported by the collector to AOM will disappear after the pod is deleted.
Host Path
Enter a host path, for example, /var/paas/sys/log/nginx.
Container Path
Container path (for example, /tmp) to which the storage resources will be mounted.
Important
NOTICE:
Do not mount storage to a system directory such as / or /var/run; this action may cause a container error to occur. You are advised to mount the container to an empty directory. If the directory is not empty, ensure that there are no files affecting container startup in the directory. Otherwise, such files will be replaced, resulting in failures to start the container and create the workload.
When the container is mounted to a high-risk directory, you are advised to use an account with minimum permissions to start the container; otherwise, high-risk files on the host machine may be damaged.
AOM collects only the first 20 log files that have been modified recently. It collects files from 2 levels of subdirectories by default.
AOM only collects .log, .trace, and .out text log files in the mount paths.
For details about how to set permissions for mount points in a container, see Configure a Security Context for a Pod or Container.
Extended Host Path
This parameter is mandatory only if Storage Type is set to Host Path.
Extended host paths contain pod IDs or container names to distinguish different containers into which the host path is mounted.
A level-3 directory is added to the original volume directory/subdirectory. You can easily obtain the files output by a single Pod.
None: No extended path is configured.
PodUID: ID of a pod.
PodName: name of a pod.
PodUID/ContainerName: ID of a pod or name of a container.
PodName/ContainerName: name of a pod or container.
Log Dump
Log dump refers to rotating log files on a local host.
Enabled: AOM scans log files every minute. When a log file exceeds 50 MB, it is dumped immediately. A new .zip file is generated in the directory where the log file locates. For a log file, AOM stores only the latest 20 .zip files. When the number of .zip files exceeds 20, earlier .zip files will be deleted. After the dump is complete, the log file in AOM will be cleared.
Disabled: AOM does not dump log files.
Note
AOM rotates log files using copytruncate. Before enabling log dumping, ensure that log files are written in the append mode. Otherwise, file holes may occur.
Currently, mainstream log components such as Log4j and Logback support log file rotation. If you have already set rotation for log files, skip the configuration. Otherwise, conflicts may occur.
You are advised to configure log file rotation for your own services to flexibly control the size and number of rolled files.
Click OK.
YAML Example¶
You can set the container log storage path by defining a YAML file.
As shown in the following figure, an emptyDir volume is mounted a temporary path to /var/log/nginx. In this way, the ICAgent collects logs in /var/log/nginx. The policy field is customized by CCE and allows the ICAgent to identify and collect logs.
apiVersion: apps/v1
kind: Deployment
metadata:
name: testlog
namespace: default
spec:
selector:
matchLabels:
app: testlog
template:
replicas: 1
metadata:
labels:
app: testlog
spec:
containers:
- image: 'nginx:alpine'
name: container-0
resources:
requests:
cpu: 250m
memory: 512Mi
limits:
cpu: 250m
memory: 512Mi
volumeMounts:
- name: vol-log
mountPath: /var/log/nginx
policy:
logs:
rotate: ''
volumes:
- emptyDir: {}
name: vol-log
imagePullSecrets:
- name: default-secret
The following shows how to use a hostPath volume. Compared with emptyDir, the type of volumes is changed to hostPath, and the path on the host needs to be configured for this hostPath volume. In the following example, /tmp/log on the host is mounted to /var/log/nginx. In this way, the ICAgent can collects logs in /var/log/nginx, without deleting the logs from /tmp/log.
apiVersion: apps/v1
kind: Deployment
metadata:
name: testlog
namespace: default
spec:
replicas: 1
selector:
matchLabels:
app: testlog
template:
metadata:
labels:
app: testlog
spec:
containers:
- image: 'nginx:alpine'
name: container-0
resources:
requests:
cpu: 250m
memory: 512Mi
limits:
cpu: 250m
memory: 512Mi
volumeMounts:
- name: vol-log
mountPath: /var/log/nginx
readOnly: false
extendPathMode: PodUID
policy:
logs:
rotate: Hourly
annotations:
format: ''
volumes:
- hostPath:
path: /tmp/log
name: vol-log
imagePullSecrets:
- name: default-secret
Parameter | Description | Description |
|---|---|---|
extendPathMode | Extended host path | Extended host paths contain pod IDs or container names to distinguish different containers into which the host path is mounted. A level-3 directory is added to the original volume directory/subdirectory. You can easily obtain the files output by a single Pod.
|
policy.logs.rotate | Log dump | Log dump refers to rotating log files on a local host.
Note
|
policy.logs.annotations.format | Multi-line log matching | Some program logs (for example, Java program logs) contain a log that occupies multiple lines. By default, the log collection system collects logs by line. If you want to display logs as a single log message in the log collection system, you can enable the multi-line log function and use the log time or regular pattern mode. When a line of log message matches the preset time format or regular expression, it is considered as the start of a log message and the next line starts with this line of log message is considered as the end identifier of the log message. The format is as follows: {
"multi": {
"mode": "time",
"value": "YYYY-MM-DD hh:mm:ss"
}
}
multi indicates the multi-line mode.
|
Viewing Logs¶
After a log collection path is configured and the workload is created, the ICAgent collects log files from the configured path. The collection takes about 1 minute.
After the log collection is complete, go to the workload details page and click Logs in the upper right corner to view logs.
You can also view logs on the AOM console.
You can also run the kubectl logs command to view the standard output of a container.
# View logs of a specified pod.
kubectl logs <pod_name>
kubectl logs -f <pod_name> # Similar to tail -f
# View logs of a specified container in a specified pod.
kubectl logs <pod_name> -c <container_name>
kubectl logs pod_name -c container_name -n namespace (one-off query)
kubectl logs -f <pod_name> -n namespace (real-time query in tail -f mode)