All Products
Search
Document Center

Collect logs by using the sidecar pattern

Last Updated: Jan 11, 2022

Alibaba Cloud Log Service allows you to use the sidecar pattern to collect the logs of containers in an elastic container instance. This topic describes how to deploy a sidecar container and create a Logtail configuration to collect the logs of containers.

Prerequisites

  • An ASK cluster is created. For more information, see Create an ASK cluster.

  • Log Service is activated for the ASK cluster.

    If Log Service is not activated, you can activate Log Service as prompted when you log on to the Log Service console.

Background information

Alibaba Cloud Log Service allows you to use the sidecar pattern to collect logs of containers in an elastic container instance. In the elastic container instance, a sidecar container as a log agent is attached to the application containers to collect the logs of the application containers.

Notice

To use the sidecar pattern to collect logs, you need to use the Logtail log collection agent that is provided by Log Service. Logtail shares a log directory with the application containers in the elastic container instance. The application containers write their logs to the shared directory. Logtail monitors the changes to log files in the shared directory and collects logs.

Log Service can collect the following types of logs:

  • Standard output logs

    The stdlog volume of the elastic container instance must be used to collect standard output logs. When you create a pod, you can mount the volume to the sidecar container. The base components of the elastic container instance collect standard output logs, and sidecar takes the standard output logs as files to access.

  • Text file logs

    A volume must be shared among containers in the pod to collect text file logs. The volume is mounted to multiple containers which include the sidecar container in the pod. The text file logs that are generated by application containers are exported to the shared volume. Then, the sidecar container can collect the text file logs.

Step 1: Deploy a sidecar container

  1. Create a Deployment that contains a sidecar container.

    The following example shows the YAML configuration file of the Deployment. Replace the placeholder variables with the actual values.

    apiVersion: apps/v1
    kind: Deployment
    metadata:
      labels:
        app: nginx-log-sidecar-demo
      name: nginx-log-sidecar-demo
    spec:
      replicas: 2
      selector:
        matchLabels:
          app: nginx-log-sidecar-demo
      template:
        metadata:
          labels:
            app: nginx-log-sidecar-demo
        spec:
          containers:
            - name: nginx-log-demo
              image: registry-vpc.${RegionId}.aliyuncs.com/log-service/docker-log-test:latest
              command:
                - /bin/mock_log
              args:
                - '--log-type=nginx'
                - '--stdout=false'
                - '--stderr=true'
                - '--path=/var/log/nginx/access.log'
                - '--total-count=100000000'
                - '--logs-per-sec=100'
              imagePullPolicy: Always
              volumeMounts:
                - mountPath: /var/log/nginx
                  name: nginx-log
            - name: logtail
              image: registry-vpc.${RegionId}.aliyuncs.com/log-service/logtail:latest
              env:
                - name: ALIYUN_LOGTAIL_USER_ID
                  value: "${Aliuid}"
                - name: ALIYUN_LOGTAIL_USER_DEFINED_ID
                  value: nginx-log-sidecar
                - name: ALIYUN_LOGTAIL_CONFIG
                  value: /etc/ilogtail/conf/${RegionId}/ilogtail_config.json
                - name: aliyun_logs_machinegroup
                  value: k8s-group-app-alpine
              imagePullPolicy: Always
              volumeMounts:
                - mountPath: /var/log/nginx
                  name: nginx-log
                - mountPath: /stdlog
                  name: stdlog
          volumes:
            - emptyDir: {}        # Text file logs are stored in the emptyDir volume.
              name: nginx-log
            - name: stdlog        # Standard output logs are stored in the stdlog volume.
              flexVolume:
                driver: alicloud/pod-stdlog
  2. Query the information about the pod.

    kubectl get pods -l app=nginx-log-sidecar-demo

    The following expected output is returned:

    NAME                                      READY   STATUS    RESTARTS   AGE
    nginx-log-sidecar-demo-84587d9796-krn5z   2/2     Running   0          32m
    nginx-log-sidecar-demo-84587d9796-vhnld   2/2     Running   0          32m
  3. View logs.

Step 2: Configure Logtail and collect logs

After you deploy the sidecar container, you need to create a Logtail configuration in the Log Service console to collect logs.

  1. Log on to the Log Service console.

  2. On the page that appears, click RegEx - Text Log in the Import Data section.

  3. In the Specify Logstore step, set the project and Logstore, and then click Next.

    You can select an existing project and Logstore, or click Create Now to create a project and Logstore.

    Note

    By default, the system generates a project named k8s-log-{The ID of the Kubernetes cluster} for each Kubernetes cluster.

  4. Creates a machine group.

    If a machine group is available, click Use Existing Machine Groups to skip this step.

    1. In the Create Machine Group step, follow the on-screen instructions to check whether a machine group is created. Then, click Complete Installation.

    2. Configure the machine group parameters and click Next.

      Select Custom ID for the Identifier parameter. Enter the value of ALIYUN_LOGTAIL_USER_DEFINED_ID that you set in Step 1 in the Custom ID field. Then, click Next. In this example, the value of ALIYUN_LOGTAIL_USER_DEFINED_ID is nginx-log-sidecar.

      Sidecar3
  5. Configure the machine group.

    Select and move the new machine group from Source Server Groups to Applied Server Groups. Then, click Next.

  6. Configure Logtail.

    Logtail can collect text file logs in a variety of modes such as Simple Mode, Full Regex Mode, Delimiter Mode, and JSON Mode. For more information, see Overview.

    Note

    Turn off the Docker File switch.

    • Example: Collect standard output logs

      If Logtail collects standard output logs, the log path is the mount path of the stdlog volume in the container. In this example, the log path is /stdlog.

      Sidecar4
    • Example: collect text file logs

      If Logtail collects text file logs, the log path is the mount path of the shared volume in the container. In this example, the log path is /var/log/nginx.

      Sidecar5
  7. Configure log query and analysis.

    Indexes are configured by default. You can re-configure the indexes based on your business requirements. For more information, see Configure indexes.

  8. View the collected logs of the elastic container instance.

    After you complete the preceding configurations, Log Service starts to collect logs of containers in the elastic container instance. The following figure shows an example of collecting standard output logs to the Logstore.

    Sidecar6
    Note

    The standard output logs in the stdlog volume of a pod are recorded by the base components of the elastic container instance. The format of the logs is the same as the format of native Kubernetes logs. Kubernetes adds a prefix such as a timestamp to each entry of standard output logs. You must configure the parser to remove the prefix from the logs. For more information, see Parse JSON-formatted logs.