This topic describes how to configure Logtail in the console to collect Kubernetes logs in the DaemonSet mode.

Prerequisites

The Helm package alibaba-log-controller is installed. For more information, see Install Logtail.

Features

Logtail can collect container text logs and upload these logs together with container metadata to Log Service. Compared with basic log file collection, Kubernetes log collection has the following features:
  • Allows you to configure the log path of a container without considering how to map the path to a path on the host.
  • Supports using labels to specify containers for log collection.
  • Supports using labels to exclude containers for log collection.
  • Supports using environment variables to specify containers for log collection.
  • Supports using environment variables to exclude containers for log collection.
  • Supports multi-line logs such as Java Stack logs.
  • Supports automatic labeling for Docker container log data.
  • Supports automatic labeling for Kubernetes container log data.
Note
  • The preceding labels are the labels retrieved by using the docker inspect command. They are not the labels configured in a Kubernetes cluster.
  • The preceding environment variables are the environment variables configured for launching containers.

Limits

  • Collection stop policy: When a container is stopped and Logtail detects the die event on the container, Logtail stops collecting logs from the container. In this case, if a collection latency occurs, some logs generated before the stop action may be lost.
  • Docker storage driver: Only overlay and overlay2 are supported. For other storage drivers, you must mount the log directory on the local host.

Configure log collection

  1. Log on to the Log Service console.
  2. On the page that appears, click Kubernetes - Object in the Import Data section.
  3. Select an existing project and Logstore.
    You can also click Create Now to create a project and then a Logstore. For more information, see Get started.
  4. Create a server group. After the server group is created, click Complete Installation.

    Create a server group as prompted. If a server group is available, click Using Existing Server Groups.

  5. Configure the server group.
    Select a server group and move the group from Source Server Groups to Applied Server Groups.
  6. Configure data sources. Click Next.
    Configuration item Required Description
    Docker File Yes This item is used to check whether the collected target file is a Docker file.
    Label Whitelist No To configure a label whitelist item, you must specify the LabelKey parameter. If the LabelValue parameter is not empty, logs of containers whose label key-value pairs match the specified key-value pairs are collected. If the LabelValue parameter is empty, logs of containers whose label keys match the specified keys are collected.
    Note Key-value pairs are associated by the OR operator. If a label key-value pair of a container matches one of the specified key-value pairs, logs of the container are collected.
    Label Blacklist No To configure a label blacklist item, you must specify the LabelKey parameter. If the LabelValue parameter is not empty, logs of containers whose label key-value pairs match the specified key-value pairs are not collected. If the LabelValue parameter is empty, logs of containers whose label keys match the specified keys are not collected.
    Note Key-value pairs are associated by the OR operator. If a label key-value pair of a container matches one of the specified key-value pairs, logs of the container are not collected.
    Environment Variable Whitelist No To configure an environment variable whitelist item, you must specify the EnvKey parameter. If the EnvValue parameter is not empty, logs of containers whose environment variable key-value pairs match the specified key-value pairs are collected. If the EnvValue parameter is empty, logs of containers whose environment variable keys match the specified keys are collected.
    Note Key-value pairs are associated by the OR operator. If an environment variable key-value pair of a container matches one of the specified key-value pairs, logs of the container are collected.
    Environment Variable Blacklist No To configure an environment variable blacklist item, you must specify the EnvKey parameter. If the EnvValue parameter is not empty, logs of containers whose environment variable key-value pairs match the specified key-value pairs are not collected. If the EnvValue parameter is empty, logs of containers whose environment variable keys match the specified keys are not collected.
    Note Key-value pairs are associated by the OR operator. If an environment variable key-value pair of a container matches one of the specified key-value pairs, logs of the container are not collected.
    Other configuration items N/A For more information about other configuration items, see Configure text log collection.
    Note
    • A namespace and a container name in a Kubernetes cluster can be mapped to Docker labels. The LabelKey parameter corresponding to a namespace is io.kubernetes.pod.namespace. The LabelKey parameter corresponding to a container name is io.kubernetes.container.name. For example, the namespace of a pod that you created is backend-prod and the container name is worker-server. In this case, you can configure the whitelist label io.kubernetes.pod.namespace : backend-prod to collect logs of containers in the pod, including the worker-server container. You can also configure the whitelist label io.kubernetes.container.name : worker-server to collect the logs of the worker-server container.
    • In a Kubernetes cluster, we recommend that you specify only the io.kubernetes.pod.namespace and io.kubernetes.container.name labels. If the two labels cannot satisfy your business needs, you can configure environment variable whitelist or blacklist items.
  7. Configure search and analytics statements. Click Next.
    Indexes are created by default. You can modify the indexes based on your needs.

Configuration examples

  • Configuration of environment variables

    Collect logs of containers that match the following conditions: Environment variables include NGINX_PORT_80_TCP_PORT=80 but exclude POD_NAMESPACE=kube-system, the log file path is /var/log/nginx/access.log, and logs are parsed in the simple mode.

    Environment variable configuration example
    The following figure shows how to configure data collection based on these conditions. For more information about other collection configuration items, see Configure text log collection.Data source configuration example
  • Label configuration
    Collect logs of containers that match the following conditions: A label is io.kubernetes.container.name=nginx, the log file path is /var/log/nginx/access.log, and logs are parsed in the simple mode. Label configuration example
    The following figure shows how to configure data sources based on the conditions specified in this example. For more information about other collection configuration items, see Configure text log collection.Data source configuration

Default fields

The following table lists the fields that are uploaded by default for each log entry.
Field name Description
_image_name_ The name of an image.
_container_name_ The name of a container.
_pod_name_ The name of a pod.
_namespace_ The namespace where a pod is located.
_pod_uid_ The unique identifier of a pod.
_container_ip_ The IP address assigned to a pod.