Distributed Cloud Container Platform for Kubernetes (ACK One) can collect the control plane component logs and audit logs from a Fleet instance to a project of Simple Log Service that belongs to your Alibaba Cloud account. This topic describes how to enable log collection to collect control plane component logs and audit logs from a Fleet instance and how to view the logs.
Prerequisites
Your Alibaba Cloud account has a sufficient quota of Logstores in Simple Log Service.
The default Logstore quota for each Alibaba Cloud account is 50. To increase the quota, submit a ticket to the Simple Log Service team.
Background information
Control plane component logs can help you securely and efficiently manage and maintain your clusters. To collect control plane component logs, turn on Enable Collection of Operation Logs and Auditing Logs when you create a Fleet instance. Then, log streams are delivered to the specified project of Simple Log Service that belongs to your Alibaba Cloud account. Pay-as-you-go fees are charged for the logs based on the billing rules of Simple Log Service. For more information, see Pay-by-feature.
Enable collection of control plane component logs and audit logs
Method 1: Enable the feature when you create a Fleet instance
When you create a Fleet instance, turn on Enable Collection of Operation Logs and Auditing Logs. For more information about how to create a Fleet instance, see Enable Fleet management.
By default, Enable Collection of Operation Logs and Auditing Logs is turned on.
The control plane component logs and audit logs can be collected only to newly created projects of Simple Log Service.
Method 2: Enable the feature for an existing Fleet instance
Log on to the ACK One console. In the left-side navigation pane, choose .
On the Fleet Information page, click the Basic Information tab, find the Logs switch, and then turn on the switch.
NoteIf you no longer want to collect control plane component logs and audit logs, turn off Logs.
View control plane component logs and audit logs
After the Fleet instance is created, you can use the following methods to view the control plane component logs and audit logs.
Method 1: View the control plane component logs and audit logs in the Simple Log Service console
Log on to the Simple Log Service console.
In the Projects section, click the name of the project used by the Fleet instance.
In the left-side Logstores list on the Log Storage page, select the Logstore that stores control plane component logs. You can query the logs of the kube-apiserver, application-controller, kube-controller-manager, and cluster operator control plane components. For more information, see What is Simple Log Service?
Method 2: View the control plane component logs and audit logs in the ACK One console
Log on to the ACK One console. In the left-side navigation pane, choose .
On the Fleet Information page click the Audit Logs and Logs of Control Plane Components tabs to view the logs.
NoteIf multiple Fleet instances exist, select the Fleet instance that you want to manage on the Fleet Information page and then click one of the preceding tabs.
Logstores for control plane components
ACK allows you to collect the logs of the following control plane components. The log of each component is stored in a separate Logstore. For more information about the components, see Kubernetes components.
Component | Logstore | Description |
kube-apiserver | apiserver | kube-apiserver is used to expose the Kubernetes API. For more information, see kube-apiserver. |
kube-controller-manager | kcm | The kube-controller-manager component is the internal management and control center of a Kubernetes cluster. The component embeds the core control loops shipped with Kubernetes. For more information, see kube-controller-manager. |
application-controller | application-controller | application-controller is used to distribute applications in ACK One. You can view the logs about application distribution events. |
cluster-operator | cluster-operator | cluster-operator is used to associate clusters with and disassociate clusters from Fleet instances. You can view the logs about cluster association events and cluster disassociation events. |
FAQ
After I click the Audit Logs tab or the Logs of Control Plane Components tab, an error message appears, which indicates that the endpoint is invalid. What do I do?
The number of Simple Log Service projects that belong to your Alibaba Cloud account exceeds the quota. Delete the Simple Log Service projects that are not in use. You can also submit a ticket to the Simple Log Service team to request a quota increase.
After I delete the Simple Log Service project used to collect logs, control plane component logs and audit logs cannot be collected. What do I do?
By default, the system does not automatically create a new Simple Log Service project or Logstores after you delete the Simple Log Service project used to collect logs. To resolve this problem, turn off Enable Collection of Operation Logs and Auditing Logs and then turn on the switch again.