This topic describes how to use the eventer component to collect Kubernetes events to Log Service.

  • Kube-eventer

    For more information about the source code for Kubernetes event collection, visit GitHub.

  • K8s Event Center (recommended)

    You can also use the K8s Event Center feature provided in the Log Service console to collect Kubernetes event data and configure visualized charts and alerts.

Configure event collection

Note
  • If you use Alibaba Cloud Container Service for Kubernetes, you only need to configure the endpoint, project, and logStore parameters.
  • If you use user-created Kubernetes, you need to configure the endpoint, project, logStore, regionId, internal, accessKeyId, and accessKeySecret parameters.
An example event collection configuration is as follows:
apiVersion: extensions/v1beta1
kind: Deployment
metadata:
  name: eventer-sls
  namespace: kube-system
spec:
  replicas: 1
  template:
    metadata:
      labels:
        task: monitoring
        k8s-app: eventer-sls
      annotations:
        scheduler.alpha.kubernetes.io/critical-pod: ''
    spec:
      serviceAccount: admin
      containers:
      - name: eventer-sls
        image: registry.cn-hangzhou.aliyuncs.com/ringtail/eventer:v1.6.1.3
        imagePullPolicy: IfNotPresent
        command:
        - /eventer
        - --source=kubernetes:https://kubernetes.default
        - --sink=sls:https://${endpoint}? project=${project}&logStore=${logstore}
Parameter Type Required Description
endpoint String Required The endpoint of Log Service. For more information, see Service endpoint.
project String Required The name of a project created in Log Service.
logStore String Required The Logstore created in the project.
internal String Required for a user-created Kubernetes cluster Specifies whether Alibaba Cloud Kubernetes is used. Set this parameter to false.
regionId String Required for a user-created Kubernetes cluster The ID of the region where Log Service resides. For more information, see Service endpoint.
accessKeyId String Required for a user-created Kubernetes cluster The AccessKey ID of your account. We recommend that you use the AccessKey ID of a RAM user.
accessKeySecret String Required for a user-created Kubernetes cluster The AccessKey secret of your account. We recommend that you use the AccessKey secret of a RAM user.

Sample logs

A sample collected log event is as follows:
hostname:  cn-hangzhou.i-***********"
level:  Normal
pod_id:  2a360760-1c82-11e9-9ddf-00163e0c7cbe
pod_name:  logtail-ds-blkkr
event_id:  {  
   "metadata":{  
      "name":"logtail-ds-blkkr.157b7cc90de7e192",
      "namespace":"kube-system",
      "selfLink":"/api/v1/namespaces/kube-system/events/logtail-ds-blkkr.157b7cc90de7e192",
      "uid":"2aaf75ab-1c82-11e9-9ddf-00163e0c7cbe",
      "resourceVersion":"6129169",
      "creationTimestamp":"2019-01-20T07:08:19Z"
   },
   "involvedObject":{  
      "kind":"Pod",
      "namespace":"kube-system",
      "name":"logtail-ds-blkkr",
      "uid":"2a360760-1c82-11e9-9ddf-00163e0c7cbe",
      "apiVersion":"v1",
      "resourceVersion":"6129161",
      "fieldPath":"spec.containers{logtail}"
   },
   "reason":"Started",
   "message":"Started container",
   "source":{  
      "component":"kubelet",
      "host":"cn-hangzhou.i-***********"
   },
   "firstTimestamp":"2019-01-20T07:08:19Z",
   "lastTimestamp":"2019-01-20T07:08:19Z",
   "count":1,
   "type":"Normal",
   "eventTime":null,
   "reportingComponent":"",
   "reportingInstance":""
}
Log field Data type Description
hostname String The hostname of the server where an event occurs.
level String The level of a log event. Valid values: Normal and Warning.
pod_id String The unique identifier of a pod. This field is available only when the event type is related to the pod.
pod_name String The name of a pod. This field is available only when the event type is related to the pod.
eventId JSON The details of an event. The parameter value is a JSON-formatted string.