This topic describes how to use the eventer component to collect Kubernetes events to Log Service.
- Kube-eventer
For more information about the source code for Kubernetes event collection, visit GitHub.
- K8s Event Center (recommended)
You can also use the K8s Event Center feature provided in the Log Service console to collect Kubernetes event data and configure visualized charts and alerts.
Configure event collection
Note
- If you use Alibaba Cloud Container Service for Kubernetes, you only need to configure the endpoint, project, and logStore parameters.
- If you use user-created Kubernetes, you need to configure the endpoint, project, logStore, regionId, internal, accessKeyId, and accessKeySecret parameters.
An example event collection configuration is as follows:
apiVersion: extensions/v1beta1
kind: Deployment
metadata:
name: eventer-sls
namespace: kube-system
spec:
replicas: 1
template:
metadata:
labels:
task: monitoring
k8s-app: eventer-sls
annotations:
scheduler.alpha.kubernetes.io/critical-pod: ''
spec:
serviceAccount: admin
containers:
- name: eventer-sls
image: registry.cn-hangzhou.aliyuncs.com/ringtail/eventer:v1.6.1.3
imagePullPolicy: IfNotPresent
command:
- /eventer
- --source=kubernetes:https://kubernetes.default
- --sink=sls:https://${endpoint}? project=${project}&logStore=${logstore}
Parameter | Type | Required | Description |
---|---|---|---|
endpoint | String | Required | The endpoint of Log Service. For more information, see Service endpoint. |
project | String | Required | The name of a project created in Log Service. |
logStore | String | Required | The Logstore created in the project. |
internal | String | Required for a user-created Kubernetes cluster | Specifies whether Alibaba Cloud Kubernetes is used. Set this parameter to false. |
regionId | String | Required for a user-created Kubernetes cluster | The ID of the region where Log Service resides. For more information, see Service endpoint. |
accessKeyId | String | Required for a user-created Kubernetes cluster | The AccessKey ID of your account. We recommend that you use the AccessKey ID of a RAM user. |
accessKeySecret | String | Required for a user-created Kubernetes cluster | The AccessKey secret of your account. We recommend that you use the AccessKey secret of a RAM user. |
Sample logs
A sample collected log event is as follows:
hostname: cn-hangzhou.i-***********"
level: Normal
pod_id: 2a360760-1c82-11e9-9ddf-00163e0c7cbe
pod_name: logtail-ds-blkkr
event_id: {
"metadata":{
"name":"logtail-ds-blkkr.157b7cc90de7e192",
"namespace":"kube-system",
"selfLink":"/api/v1/namespaces/kube-system/events/logtail-ds-blkkr.157b7cc90de7e192",
"uid":"2aaf75ab-1c82-11e9-9ddf-00163e0c7cbe",
"resourceVersion":"6129169",
"creationTimestamp":"2019-01-20T07:08:19Z"
},
"involvedObject":{
"kind":"Pod",
"namespace":"kube-system",
"name":"logtail-ds-blkkr",
"uid":"2a360760-1c82-11e9-9ddf-00163e0c7cbe",
"apiVersion":"v1",
"resourceVersion":"6129161",
"fieldPath":"spec.containers{logtail}"
},
"reason":"Started",
"message":"Started container",
"source":{
"component":"kubelet",
"host":"cn-hangzhou.i-***********"
},
"firstTimestamp":"2019-01-20T07:08:19Z",
"lastTimestamp":"2019-01-20T07:08:19Z",
"count":1,
"type":"Normal",
"eventTime":null,
"reportingComponent":"",
"reportingInstance":""
}
Log field | Data type | Description |
---|---|---|
hostname | String | The hostname of the server where an event occurs. |
level | String | The level of a log event. Valid values: Normal and Warning. |
pod_id | String | The unique identifier of a pod. This field is available only when the event type is related to the pod. |
pod_name | String | The name of a pod. This field is available only when the event type is related to the pod. |
eventId | JSON | The details of an event. The parameter value is a JSON-formatted string. |