Container Service for Kubernetes (ACK) integrates with Log Service. To use ACK to collect access logs of an ingress gateway on the data plane, you must enable Log Service for the Kubernetes cluster in which the ingress gateway resides when you create the cluster. This topic describes how to enable and configure log collection and view the collected logs.

Prerequisites

Step 1: Install Logtail for the Kubernetes cluster

To create a Kubernetes cluster, perform the following steps:

  1. Log on to the ACK console.
  2. In the left-side navigation pane of the ACK console, click Clusters.
  3. On the Clusters page, click Create Kubernetes Cluster in the upper-right corner. For more information, see Create a managed Kubernetes cluster.
  4. In the Component Configurations step, select Enable Log Service to install Logtail for the Kubernetes cluster to be created.
    • Click Select Project and select an existing project to manage collected logs. Enable Log Service 1
    • Click Create Project. By default, the system names the project in the format of k8s-log-{ClusterID}. ClusterID indicates the unique ID of the cluster to be created. Enable Log Service 2
  5. Set other parameters as required and click Create Cluster to create a cluster.

To install Logtail in a Kubernetes cluster, perform the following steps:

  1. Log on to the ACK console.
  2. In the left-side navigation pane of the ACK console, click Clusters.
  3. On the Clusters page, find the cluster that you want to manage and click the name of the cluster or click Details in the Actions column. The details page of the cluster appears.
  4. In the left-side navigation pane, choose Operations > Add-ons.
  5. Find logtail-ds in the Optional Add-ons list and click Install.
  6. In the Note dialog box, click OK.

To upgrade Logtail whose version is earlier than V0.16.24.0-1fa7551-aliyun for a Kubernetes cluster, perform the following steps:

  1. Log on to the ACK console.
  2. In the left-side navigation pane of the ACK console, click Clusters.
  3. On the Clusters page, find the cluster that you want to manage and click the name of the cluster or click Details in the Actions column. The details page of the cluster appears.
  4. In the left-side navigation pane, choose Operations > Add-ons.
  5. Find logtail-ds in the Optional Add-ons list and click Upgrade.
  6. In the Note dialog box, click OK.

Step 2: Configure log collection

To use Logtail to collect access logs of an ingress gateway, you must configure the log collection feature in the configuration file of the ACK cluster in which the ingress gateway resides.

If the Istio version of your ASM instance is V1.7.5.26-gd318a562-aliyun or later, perform the following steps:

  1. Log on to the ASM console.
  2. In the left-side navigation pane, choose Service Mesh > Mesh Management.
  3. On the Mesh Management page, find the ASM instance that you want to configure. Click the name of the ASM instance or click Manage in the Actions column.
  4. On the details page of the ASM instance, choose ASM Instance > Basic Information in the left-side navigation pane. On the Basic Information page, click Settings.
  5. In the Settings Update panel, select Enable Access Log Collection and click OK.

If the Istio version of your ASM instance is earlier than V1.7.5.26-gd318a562-aliyun, perform the following steps:

  1. Create a YAML file by using the following template:
    Note You must prepare a configuration file for each Kubernetes cluster on the data plane.
    apiVersion: log.alibabacloud.com/v1alpha1
    kind: AliyunLogConfig
    metadata:
      # your config name, must be unique in you k8s cluster
      name: mesh-ingress-log-config
      namespace: kube-system
    spec:
      project: k8s-log-${K8SClusterId}
      # logstore name to upload log
      logstore: mesh-ingress-log
      # product code, you should not change it
      productCode: k8s-istio-ingress
      # logtail config detail
      logtailConfig:
        inputType: plugin
        configName: mesh-ingress-log-config
        inputDetail:
          plugin:
            inputs:
            - detail:
                IncludeLabel:
                  io.kubernetes.pod.name: ^istio-ingressgateway-.*$
                Stderr: false
                Stdout: true
              type: service_docker_stdout
            processors:
            - detail:
                Anchors:
                - FieldName: log
                  FieldType: json
                KeepSource: true
                NoKeyError: true
                NoMatchError: true
                SourceKey: content
              type: processor_anchor
            - type: processor_rename
              detail:
                DestKeys:
                - host
                - request_length
                - body_bytes_sent
                - request_time
                - method
                - url
                - version
                - req_id
                - status
                - proxy_upstream_name
                - upstream_addr
                - upstream_response_time
                - http_user_agent
                - x_forward_for
                SourceKeys:
                - log_authority
                - log_bytes_received
                - log_bytes_sent
                - log_duration
                - log_method
                - log_path
                - log_protocol
                - log_request_id
                - log_response_code
                - log_upstream_cluster
                - log_upstream_host
                - log_upstream_service_time
                - log_user_agent
                - log_x_forwarded_for
  2. Replace ${K8SClusterID in the YAML template with the ID of your Kubernetes cluster.
  3. Optional: To collect logs of an ingress gateway that is not created by using the ASM console, change the value of io.kubernetes.pod.name in the YAML template to the following format:
    ^(^istio-ingressgateway-.*$)|(^[Name-of-your-customized-ingressgateway]-.*$)$
    For example, if the name of the ingress gateway to deploy is my-ingressgateway, change the value of io.kubernetes.pod.name in the following format:
    ^(^istio-ingressgateway-.*$)|(^my-ingressgateway-.*$)$
  4. Connect to the Kubernetes cluster. For more information, see Connect to ACK clusters by using kubectl or Connect to the master nodes of a dedicated Kubernetes cluster by using SSH.
  5. After you edit the YAML file, deploy the file for the Kubernetes cluster.
    kubectl apply -f [The path of the YAML file]

Step 3: View logs

After you configure the log collection feature, Logtail uses the specified project to collect logs of the ingress gateway, and stores the logs in the specified Logstore. To view the logs, perform the following steps:

  1. Log on to the ASM console.
  2. In the left-side navigation pane, choose Service Mesh > Mesh Management.
  3. On the Mesh Management page, find the ASM instance that you want to configure. Click the name of the ASM instance or click Manage in the Actions column.
  4. On the details page of the ASM instance, choose Cluster & Workload Management > Kubernetes Clusters in the left-side navigation pane.
  5. On the Kubernetes Clusters page, find the cluster of the ingress gateway for which you want to view logs. Click View Reports and then Ingress Gateway Overview, Access from Ingress Gateway, or Ingress Gateway Monitoring in the Observability column.
    • Click Ingress Gateway Overview. The Ingress Gateway Overview page shows statistics of the ingress gateway, including the geographical locations of visitors, page views (PVs), unique visitors (UVs), and success rate and latency of access requests. Ingress Gateway Overview
    • Click Access from Ingress Gateway. The Access from Ingress Gateway page shows detailed information about PVs, UVs, geographical locations of visitors, and devices of visitors. You can analyze the user distribution and behavior based on the information on this page. Access from Ingress Gateway
    • Click Ingress Gateway Monitoring. The Ingress Gateway Monitoring page shows the success rate, status codes, and latency of access requests. You can analyze your service status based on the information on this page. Ingress Gateway Monitoring