You can use Logtail to collect application logs from Windows nodes. This topic describes how to use Logtail to collect application logs from Windows nodes.

Prerequisites

Limits

  • You can use Logtail to collect only application logs that are printed to stdout. If the application logs are printed to log files or by using Windows logging services, we recommend that you use LogMonitor to print application logs from Windows nodes to stdout. For more information, see LogMonitor and Introduction to LogMonitor.
  • Logtail supports only nodes that use DockerEE for the container runtime. Logtail does not support nodes that use containerd for the container runtime.

Install Logtail V1.1.x on Windows nodes

Notice Logtail V1.1.x is reliant on the privileged proxy processes on Windows nodes. Logtail V1.1.x can be deployed only on Windows nodes with the windows.alibabacloud.com/deployment-topology=2.0 label.

Use the following YAML template to deploy Logtail on Windows nodes and run Logtail as a DaemonSet:

apiVersion: apps/v1
kind: DaemonSet
metadata:
  labels:
    k8s-app: logtail-ds-windows
  name: logtail-ds-windows
  namespace: kube-system
spec:
  revisionHistoryLimit: 10
  selector:
    matchLabels:
      app: logtail-ds-windows
  template:
    metadata:
      annotations:
        scheduler.alpha.kubernetes.io/critical-pod: ""
      labels:
        app: logtail-ds-windows
    spec:
      hostNetwork: true
      affinity:
        nodeAffinity:
          requiredDuringSchedulingIgnoredDuringExecution:
            nodeSelectorTerms:
            - matchExpressions:
              - key: type
                operator: NotIn
                values:
                - virtual-kubelet
              - key: beta.kubernetes.io/os
                operator: In
                values:
                - windows
              - key: windows.alibabacloud.com/deployment-topology
                operator: In
                values:
                - "2.0"
            - matchExpressions:
              - key: type
                operator: NotIn
                values:
                - virtual-kubelet
              - key: kubernetes.io/os
                operator: In
                values:
                - windows
              - key: windows.alibabacloud.com/deployment-topology
                operator: In
                values:
                - "2.0"
      containers:
      - name: logtail
        # use the below volume configuration since v1.1+.
        command:
        - pwsh.exe
        - -NoLogo
        - -NonInteractive
        - -File
        - entrypoint.ps1
        env:
        - name: POD_NAMESPACE
          valueFrom:
            fieldRef:
              fieldPath: metadata.namespace
        - name: POD_NAME
          valueFrom:
            fieldRef:
              fieldPath: metadata.name
        - name: CONTAINER_NAME
          value: "logtail"
        # --- configure the logtail file configuration generation --- #
        ## "ALICLOUD_LOGTAIL_CONFIG_PATH" specifies the configuration path of logtail,
        ## if the path is blank, the configuration will generate
        ## via "ALICLOUD_LOGTAIL_CONFIG_ITEM__" prefix environment variables.
        ## "ALICLOUD_LOGTAIL_CONFIG_ITEM__" needs to be combined with a type indicator to
        ## display the type of the configuration item, the following indicators are optional.
        ## -       INT__ : 64-bit signed integer.
        ## -      UINT__ : 64-bit unsigned integer.
        ## -      DOUB__ : 64-bit floating-point number.
        ## -      BOOL__ : boolean.
        ## -       STR__ : string, default type.
        ## - {<TYPE>}S__ : array in <TYPE> with vertical bar separated format.
        ## P.S: don't treate "ALICLOUD_LOGTAIL_CONFIG_ITEM__" as a silver bullet,
        ## when the configuration is too complicated,
        ## please mount a detailed configuration file on "ALICLOUD_LOGTAIL_CONFIG_PATH".
        - name: ALICLOUD_LOGTAIL_CONFIG_PATH
          valueFrom:
            configMapKeyRef:
              key: log-config-path
              name: alibaba-log-configuration
        - name: ALICLOUD_LOGTAIL_CONFIG_ITEM__DOUB__CPU_USAGE_LIMIT
          valueFrom:
            configMapKeyRef:
              key: cpu-core-limit
              name: alibaba-log-configuration
        - name: ALICLOUD_LOGTAIL_CONFIG_ITEM__UINT__MEM_USAGE_LIMIT
          valueFrom:
            configMapKeyRef:
              key: mem-limit
              name: alibaba-log-configuration
        - name: ALICLOUD_LOGTAIL_CONFIG_ITEM__UINT__MAX_BYTES_PER_SEC
          valueFrom:
            configMapKeyRef:
              key: max-bytes-per-sec
              name: alibaba-log-configuration
        - name: ALICLOUD_LOGTAIL_CONFIG_ITEM__UINT__SEND_REQUESTS_CONCURRENCY
          valueFrom:
            configMapKeyRef:
              key: send-requests-concurrency
              name: alibaba-log-configuration
        # --- configure the logtail configuration --- #
        ## "ALICLOUD_LOG_REGION" specifies the region of the Alibaba Cloud,
        ## it will discover the region automatically if blank.
        ## "ALICLOUD_LOG_USER_ID" is the same as "ALIYUN_LOGTAIL_USER_ID",
        ## which is to specify the uid of Alibaba Cloud SLS service.
        ## "ALICLOUD_LOG_PROJECT" is the same as "ALICLOUD_LOG_DEFAULT_PROJECT",
        ## which is to specify the project of Alibaba Cloud SLS service.
        ## "ALICLOUD_LOG_MACHINE_GROUP" is the same as "ALIYUN_LOGTAIL_USER_DEFINED_ID"
        ## and "ALICLOUD_LOG_DEFAULT_MACHINE_GROUP",
        ## which is to specify the machine group of Alibaba Cloud SLS service.
        ## "ALICLOUD_LOG_ENDPOINT" specifies the endpoint of the Alibaba Cloud SLS service.
        ## "ALICLOUD_LOG_ECS_FLAG" specifies whether to log the ECS flags.
        ## "ALICLOUD_LOG_DOCKER_ENV_CONFIG"
        ## "ALICLOUD_LOG_ENV_TAGS" is the same as "ALIYUN_LOG_ENV_TAGS",
        ## which is to specify the environment variables to be recorded,
        ## it is in form of vertical bar separated list.
        - name: ALICLOUD_LOG_REGION
          value: ""
        - name: ALICLOUD_LOG_USER_ID
          valueFrom:
            configMapKeyRef:
              key: log-ali-uid
              name: alibaba-log-configuration
        - name: ALICLOUD_LOG_PROJECT
          valueFrom:
            configMapKeyRef:
              key: log-project
              name: alibaba-log-configuration
        - name: ALICLOUD_LOG_MACHINE_GROUP
          valueFrom:
            configMapKeyRef:
              key: log-machine-group
              name: alibaba-log-configuration
        - name: ALICLOUD_LOG_ENDPOINT
          valueFrom:
            configMapKeyRef:
              key: log-endpoint
              name: alibaba-log-configuration
        - name: ALICLOUD_LOG_ECS_FLAG
          value: "true"
        - name: ALICLOUD_LOG_DOCKER_ENV_CONFIG
          value: "true"
        - name: ALICLOUD_LOG_ENV_TAGS
          value: _node_name_|_node_ip_|working_ip
        - name: _node_name_
          valueFrom:
            fieldRef:
              apiVersion: v1
              fieldPath: spec.nodeName
        - name: _node_ip_
          valueFrom:
            fieldRef:
              apiVersion: v1
              fieldPath: status.hostIP
        - name: working_ip
          valueFrom:
            fieldRef:
              apiVersion: v1
              fieldPath: status.hostIP
        # Replace cn-hangzhou in the following image address with the region where your cluster is deployed. 
        image: registry-vpc.cn-hangzhou.aliyuncs.com/acs/logtail-windows:v1.1.30-aliyun.1
        imagePullPolicy: IfNotPresent
        resources:
          limits:
            cpu: 1
            memory: 1Gi
          requests:
            cpu: 100m
            memory: 256Mi
        securityContext:
          privileged: false
        terminationMessagePath: /dev/termination-log
        terminationMessagePolicy: File
        volumeMounts:
        - name: addon-token
          mountPath: 'c:/var/addon'
        - name: host-binary
          mountPath: 'c:/host/opt/ilogtail/bin'
        - name: project-wins-pipe
          mountPath: \\.\pipe\rancher_wins
      terminationGracePeriodSeconds: 30
      priorityClassName: system-node-critical
      restartPolicy: Always
      tolerations:
      - operator: Exists
      volumes:
      - name: addon-token
        secret:
          secretName: addon.log.token
          items:
            - key: addon.token.config
              path: token-config
      - name: host-binary
        hostPath:
          path: 'c:/opt/ilogtail/bin'
          type: DirectoryOrCreate
      - name: project-wins-pipe
        hostPath:
          path: \\.\pipe\rancher_wins
  updateStrategy:
    type: RollingUpdate

Install Logtail V1.0.x on Windows nodes

Notice This version is applicable only to ACK clusters of Kubernetes 1.18.x and earlier.
Use the following YAML template to deploy Logtail on Windows nodes and run Logtail as a DaemonSet:
apiVersion: apps/v1
kind: DaemonSet
metadata:
  labels:
    k8s-app: logtail-ds-windows
  name: logtail-ds-windows
  namespace: kube-system
spec:
  revisionHistoryLimit: 10
  selector:
    matchLabels:
      app: logtail-ds-windows
  template:
    metadata:
      annotations:
        scheduler.alpha.kubernetes.io/critical-pod: ""
      labels:
        app: logtail-ds-windows
    spec:
      affinity:
        nodeAffinity:
          requiredDuringSchedulingIgnoredDuringExecution:
            nodeSelectorTerms:
            - matchExpressions:
              - key: type
                operator: NotIn
                values:
                - virtual-kubelet
              - key: beta.kubernetes.io/os
                operator: In
                values:
                - windows
              - key: windows.alibabacloud.com/deployment-topology
                operator: DoesNotExist
            - matchExpressions:
              - key: type
                operator: NotIn
                values:
                - virtual-kubelet
              - key: kubernetes.io/os
                operator: In
                values:
                - windows
              - key: windows.alibabacloud.com/deployment-topology
                operator: DoesNotExist
      containers:
      - name: logtail
        command:
        - powershell.exe
        - -NoLogo
        - -NonInteractive
        - -File
        - entrypoint.ps1
        env:
        # --- configure the logtail file configuration generation --- #
        ## "ALICLOUD_LOGTAIL_CONFIG_PATH" specifies the configuration path of logtail,
        ## if the path is blank, the configuration will generate
        ## via "ALICLOUD_LOGTAIL_CONFIG_ITEM__" prefix environment variables.
        ## "ALICLOUD_LOGTAIL_CONFIG_ITEM__" needs to be combined with a type indicator to
        ## display the type of the configuration item, the following indicators are optional.
        ## -       INT__ : 64-bit signed integer.
        ## -      UINT__ : 64-bit unsigned integer.
        ## -      DOUB__ : 64-bit floating-point number.
        ## -      BOOL__ : boolean.
        ## -       STR__ : string, default type.
        ## - {<TYPE>}S__ : array in <TYPE> with vertical bar separated format.
        ## P.S: don't treate "ALICLOUD_LOGTAIL_CONFIG_ITEM__" as a silver bullet,
        ## when the configuration is too complicated,
        ## please mount a detailed configuration file on "ALICLOUD_LOGTAIL_CONFIG_PATH".
        - name: ALICLOUD_LOGTAIL_CONFIG_PATH
          valueFrom:
            configMapKeyRef:
              key: log-config-path
              name: alibaba-log-configuration
        - name: ALICLOUD_LOGTAIL_CONFIG_ITEM__DOUB__CPU_USAGE_LIMIT
          valueFrom:
            configMapKeyRef:
              key: cpu-core-limit
              name: alibaba-log-configuration
        - name: ALICLOUD_LOGTAIL_CONFIG_ITEM__UINT__MEM_USAGE_LIMIT
          valueFrom:
            configMapKeyRef:
              key: mem-limit
              name: alibaba-log-configuration
        - name: ALICLOUD_LOGTAIL_CONFIG_ITEM__UINT__MAX_BYTES_PER_SEC
          valueFrom:
            configMapKeyRef:
              key: max-bytes-per-sec
              name: alibaba-log-configuration
        - name: ALICLOUD_LOGTAIL_CONFIG_ITEM__UINT__SEND_REQUESTS_CONCURRENCY
          valueFrom:
            configMapKeyRef:
              key: send-requests-concurrency
              name: alibaba-log-configuration
        # --- configure the logtail configuration --- #
        ## "ALICLOUD_LOG_REGION" specifies the region of the Alibaba Cloud,
        ## it will discover the region automatically if blank.
        ## "ALICLOUD_LOG_USER_ID" is the same as "ALIYUN_LOGTAIL_USER_ID",
        ## which is to specify the uid of Alibaba Cloud SLS service.
        ## "ALICLOUD_LOG_PROJECT" is the same as "ALICLOUD_LOG_DEFAULT_PROJECT",
        ## which is to specify the project of Alibaba Cloud SLS service.
        ## "ALICLOUD_LOG_MACHINE_GROUP" is the same as "ALIYUN_LOGTAIL_USER_DEFINED_ID"
        ## and "ALICLOUD_LOG_DEFAULT_MACHINE_GROUP",
        ## which is to specify the machine group of Alibaba Cloud SLS service.
        ## "ALICLOUD_LOG_ENDPOINT" specifies the endpoint of the Alibaba Cloud SLS service.
        ## "ALICLOUD_LOG_ECS_FLAG" specifies whether to log the ECS flags.
        ## "ALICLOUD_LOG_DOCKER_ENV_CONFIG"
        ## "ALICLOUD_LOG_ENV_TAGS" is the same as "ALIYUN_LOG_ENV_TAGS",
        ## which is to specify the environment variables to be recorded,
        ## it is in form of vertical bar separated list.
        - name: ALICLOUD_LOG_REGION
          value: ""
        - name: ALICLOUD_LOG_USER_ID
          valueFrom:
            configMapKeyRef:
              key: log-ali-uid
              name: alibaba-log-configuration
        - name: ALICLOUD_LOG_PROJECT
          valueFrom:
            configMapKeyRef:
              key: log-project
              name: alibaba-log-configuration
        - name: ALICLOUD_LOG_MACHINE_GROUP
          valueFrom:
            configMapKeyRef:
              key: log-machine-group
              name: alibaba-log-configuration
        - name: ALICLOUD_LOG_ENDPOINT
          valueFrom:
            configMapKeyRef:
              key: log-endpoint
              name: alibaba-log-configuration
        - name: ALICLOUD_LOG_ECS_FLAG
          value: "true"
        - name: ALICLOUD_LOG_DOCKER_ENV_CONFIG
          value: "true"
        - name: ALICLOUD_LOG_ENV_TAGS
          value: _node_name_|_node_ip_|working_ip
        - name: _node_name_
          valueFrom:
            fieldRef:
              apiVersion: v1
              fieldPath: spec.nodeName
        - name: working_ip
          valueFrom:
            fieldRef:
              apiVersion: v1
              fieldPath: status.hostIP
        - name: _node_ip_
          valueFrom:
            fieldRef:
              apiVersion: v1
              fieldPath: status.hostIP
        # Replace cn-hangzhou in the following image address with the region where your cluster is deployed. 
        image: registry-vpc.cn-hangzhou.aliyuncs.com/acs/logtail-windows:v1.0.20
        imagePullPolicy: IfNotPresent
        resources:
          limits:
            cpu: 1
            memory: 1Gi
          requests:
            cpu: 100m
            memory: 256Mi
        securityContext:
          privileged: false
        terminationMessagePath: /dev/termination-log
        terminationMessagePolicy: File
        volumeMounts:
        - name: docker-pipe
          mountPath: \\.\pipe\docker_engine
        - name: docker-data
          mountPath: c:/ProgramData/docker
          readOnly: true
        - mountPath: c:/logtail_host
          name: root
          readOnly: true
      terminationGracePeriodSeconds: 30
      priorityClassName: system-node-critical
      restartPolicy: Always
      terminationGracePeriodSeconds: 30
      tolerations:
      - operator: Exists
      volumes:
      - name: docker-pipe
        hostPath:
          path: \\.\pipe\docker_engine
      - name: docker-data
        hostPath:
          path: c:/ProgramData/docker
          type: Directory
      - name: root
        hostPath:
          path: c:/
          type: Directory
  updateStrategy:
    rollingUpdate:
      maxUnavailable: 10%
    type: RollingUpdate

Deploy an application to test Logtail

After Logtail is deployed on Windows nodes, use the following template to deploy an application and use the application to test Logtail:
apiVersion: apps/v1
kind: Deployment
metadata:
  labels:
    app: logtail-test
  name: logtail-test
spec:
  replicas: 1
  template:
    metadata:
      labels:
        app: logtail-test
      name: logtail-test
    spec:
      containers:
      - name: nanoserver
        image: mcr.microsoft.com/windows/servercore:1809
        command: ["powershell.exe"]
        args: ["ping -t 127.0.0.1 -w 10000"]
        env:
      ######### Specify environment variables ###########
        - name: aliyun_logs_logtail-stdout
          value: stdout
        - name: aliyun_logs_logttail-tags
          value: tag1=v1
      #################################
      nodeSelector:
        beta.kubernetes.io/os: windows
      tolerations:
      - effect: NoSchedule
        key: os
        operator: Equal
        value: windows

After the application is deployed, you can view the log data. For more information, see Query and analyze logs.