You can enable Log Service for the registered clusters. This way, you can manage registered clusters that are deployed across regions in a centralized manner. This topic describes how to enable Log Service for a registered cluster.
Table of contents
Prerequisites
An external cluster is registered with ACK. For more information, see Create a registered cluster in the ACK console and Use onectl to create a registered cluster.
A kubectl client is connected to the registered cluster. For more information, see Obtain the kubeconfig file of a cluster and use kubectl to connect to the cluster.
Step 1: Grant RAM permissions to logtail-ds
Use onectl
Install onectl on your on-premises machine. For more information, see Use onectl to manage registered clusters.
Run the following command to grant Resource Access Management (RAM) permissions to logtail-ds:
onectl ram-user grant --addon logtail-ds
Expected output:
Ram policy ack-one-registered-cluster-policy-logtail-ds granted to ram user ack-one-user-ce313528c3 successfully.
Use the console
Before you install a component in a registered cluster, you must set the AccessKey pair to grant the registered cluster the permissions to access Alibaba Cloud resources. Before you set the AccessKey pair, create a RAM user and grant the RAM user the permissions to access Alibaba Cloud resources.
Create a RAM user. For more information, see Create a RAM user.
Create a custom policy with the following code block. For more information, see Create a custom policy.
Attach the policy to the RAM user. For more information, see Create a RAM user and grant permissions to the RAM user.
Create an AccessKey pair for the RAM user. For more information, see Obtain an AccessKey pair.
Use the AccessKey pair to create a Secret named
alibaba-addon-secret
in the registered cluster.Run the following command to create the Secret. The Logtail component uses the Secret.
kubectl -n kube-system create secret generic alibaba-addon-secret --from-literal='access-key-id=<your AccessKey ID>' --from-literal='access-key-secret=<your AccessKey Secret>'
NoteReplace
<your AccessKey ID>
and<your AccessKey Secret>
with the AccessKey pair that you obtained in the preceding step.
Step 2: Install logtail-ds
Use onectl
Run the following command to install logtail-ds:
onectl addon install logtail-ds
Expected output:
Addon logtail-ds, version **** installed.
Use the console
Log on to the ACK console. In the left-side navigation pane, click Clusters.
On the Clusters page, click the name of the cluster that you want to manage and choose in the left-side navigation pane.
On the Add-ons page, click the Logs and Monitoring tab, find the logtail-ds component, and then click Install.
In the Note dialog box, click OK.
(Optional) Step 3: Configure stdout collection for all pods
To configure stdout collection for all pods in a registered cluster, use kubectl to connect to the cluster and deploy an AliyunLogConfig with the following code block. After the AliyunLogConfig is deployed, a Logstore named stdout-logstore
is automatically created.
apiVersion: log.alibabacloud.com/v1alpha1
kind: AliyunLogConfig
metadata:
# your config name, must be unique in you k8s cluster.
name: stdout-collector
spec:
# logstore name to upload log.
logstore: stdout-logstore
# logtail config detail
logtailConfig:
# docker stdout's input type is 'plugin'.
inputType: plugin
# logtail config name, should be same with [metadata.name].
configName: stdout-collector
inputDetail:
plugin:
inputs:
-
type: service_docker_stdout
detail:
# collect stdout and stderr
Stdout: true
Stderr: true
# collect all container's stdout except containers with "COLLECT_STDOUT_FLAG:false" in docker env config.
Step 4: Configure Log Service
For more information about how to configure Log Service when you create an application, see Step 2: Configure Log Service when you create an application.