All Products
Search

This Product

    Container Service for Kubernetes:Collect control plane component logs and audit logs from a Fleet instance

    Document Center

    Container Service for Kubernetes:Collect control plane component logs and audit logs from a Fleet instance

    Last Updated:Dec 04, 2023

    Distributed Cloud Container Platform for Kubernetes (ACK One) can collect the control plane component logs and audit logs from a Fleet instance to a project of Simple Log Service that belongs to your Alibaba Cloud account. This topic describes how to enable log collection to collect control plane component logs and audit logs from a Fleet instance and how to view the logs.

    Prerequisites

    Your Alibaba Cloud account has a sufficient quota of Logstores in Simple Log Service.

    Note

    The default Logstore quota for each Alibaba Cloud account is 50. To increase the quota, submit a ticket to the Simple Log Service team.

    Background information

    Control plane component logs can help you securely and efficiently manage and maintain your clusters. To collect control plane component logs, turn on Enable Collection of Operation Logs and Auditing Logs when you create a Fleet instance. Then, log streams are delivered to the specified project of Simple Log Service that belongs to your Alibaba Cloud account. Pay-as-you-go fees are charged for the logs based on the billing rules of Simple Log Service. For more information, see Pay-by-feature.

    Enable collection of control plane component logs and audit logs

    Method 1: Enable the feature when you create a Fleet instance

    When you create a Fleet instance, turn on Enable Collection of Operation Logs and Auditing Logs. For more information about how to create a Fleet instance, see Enable Fleet management.

    Note

    • By default, Enable Collection of Operation Logs and Auditing Logs is turned on.

    • The control plane component logs and audit logs can be collected only to newly created projects of Simple Log Service.

    Method 2: Enable the feature for an existing Fleet instance

    1. Log on to the ACK One console. In the left-side navigation pane, choose Fleet > Fleet Information.

    2. On the Fleet Information page, click the Basic Information tab, find the Logs switch, and then turn on the switch.

      Note

      If you no longer want to collect control plane component logs and audit logs, turn off Logs.

    View control plane component logs and audit logs

    After the Fleet instance is created, you can use the following methods to view the control plane component logs and audit logs.

    Method 1: View the control plane component logs and audit logs in the Simple Log Service console

    1. Log on to the Simple Log Service console.

    2. In the Projects section, click the name of the project used by the Fleet instance.

    3. In the left-side Logstores list on the Log Storage page, select the Logstore that stores control plane component logs. You can query the logs of the kube-apiserver, application-controller, kube-controller-manager, and cluster operator control plane components. For more information, see What is Simple Log Service?

    Method 2: View the control plane component logs and audit logs in the ACK One console

    1. Log on to the ACK One console. In the left-side navigation pane, choose Fleet > Fleet Information.

    2. On the Fleet Information page click the Audit Logs and Logs of Control Plane Components tabs to view the logs.

      Note

      If multiple Fleet instances exist, select the Fleet instance that you want to manage on the Fleet Information page and then click one of the preceding tabs.

    Logstores for control plane components

    ACK allows you to collect the logs of the following control plane components. The log of each component is stored in a separate Logstore. For more information about the components, see Kubernetes components.

    Component

    Logstore

    Description

    kube-apiserver

    apiserver

    kube-apiserver is used to expose the Kubernetes API. For more information, see kube-apiserver.

    kube-controller-manager

    kcm

    The kube-controller-manager component is the internal management and control center of a Kubernetes cluster. The component embeds the core control loops shipped with Kubernetes. For more information, see kube-controller-manager.

    application-controller

    application-controller

    application-controller is used to distribute applications in ACK One. You can view the logs about application distribution events.

    cluster-operator

    cluster-operator

    cluster-operator is used to associate clusters with and disassociate clusters from Fleet instances. You can view the logs about cluster association events and cluster disassociation events.

    FAQ

    • After I click the Audit Logs tab or the Logs of Control Plane Components tab, an error message appears, which indicates that the endpoint is invalid. What do I do?

      The number of Simple Log Service projects that belong to your Alibaba Cloud account exceeds the quota. Delete the Simple Log Service projects that are not in use. You can also submit a ticket to the Simple Log Service team to request a quota increase.

    • After I delete the Simple Log Service project used to collect logs, control plane component logs and audit logs cannot be collected. What do I do?

      By default, the system does not automatically create a new Simple Log Service project or Logstores after you delete the Simple Log Service project used to collect logs. To resolve this problem, turn off Enable Collection of Operation Logs and Auditing Logs and then turn on the switch again.