Enhancement Proposal: API to Forward Logs to CloudWatch #570
Conversation
|
@alanconway: GitHub didn't allow me to assign the following users: jcantril. Note that only openshift members, repo collaborators and people who have commented on this issue/PR can be assigned. Additionally, issues/PRs can only have 10 assignees at the same time. In response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. |
|
/assign @jcantrill |
There was a problem hiding this comment.
This seems a bit complicated for a first pass with the ability to set groups and streams arbitrarily.
Is there a way to just support 3 groups (app, infra, audit) and/or 2 groups (infra & audit) and apps grouped by namespace? Seems like those would be easier to get right in the very, very short amount of time we have to implement this.
alanconway
force-pushed
the
forward-cloudwatch
branch
3 times, most recently
from
cbc1641
to
93d1887
Compare
|
@jewzaam @portante @jcantrill update taking account of all your comments (thanks for that) but may still be some questions outstanding. |
|
/hold |
openshift-ci-robot
added
the
do-not-merge/hold
alanconway
force-pushed
the
forward-cloudwatch
branch
from
93d1887
to
4098cd5
Compare
|
@jcantrill @portante I think the latest draft may be a winner, please comment if you agree so we can LGTM and unhold. |
There was a problem hiding this comment.
Great feedback, I think we're close. @portante @jcantrill please scan again. I've clarified the role of log stream names, otherwise its small changes.
alanconway
force-pushed
the
forward-cloudwatch
branch
from
4098cd5
to
cebc1d2
Compare
alanconway
force-pushed
the
forward-cloudwatch
branch
2 times, most recently
from
5376054
to
dd3954f
Compare
|
@jcantrill @portante @sichvoge all comments taken on board, properly updated this time (I managed to check this out twice so brief confusion) Please comment. |
|
/approve |
|
[APPROVALNOTIFIER] This PR is APPROVED This pull-request has been approved by: jcantrill The full list of commands accepted by this bot can be found here. The pull request process is described here
Needs approval from an approver in each of these files:
Approvers can indicate their approval by writing |
openshift-ci-robot
added
the
approved
|
|
||
| - `region`: (string) AWS region name, required to connect. | ||
| - `groupBy`: (string, default "category") Take group name from logging meta-data. Values: | ||
| - `category`: category of log entry - one of "application", "infrastructure", or "audit" |
There was a problem hiding this comment.
Should we call this source to be consistent with the rest of logforwarding
alanconway
force-pushed
the
forward-cloudwatch
branch
from
dd3954f
to
e6bfbec
Compare
|
|
||
| For the first implementation, the log stream name will be: | ||
| - *container logs*: use the fluentd tag, via the `use_tag_as_stream true` plugin setting. Unique because it includes container-id. | ||
| - *node logs* (audit, infrastructure): use fluentd tag + node-id. Unique per node and per audit/infrastructure log file. |
There was a problem hiding this comment.
I don't know what or how to get node-id but the node name is same as host name. Landing on this which would give you journal and all audit logs grouped by node hostname:
<label {{.LabelName}}>
<filter kubernetes.**>
@type record_transformer
<record>
cw_group_name {{.LogGroupName }}
cw_stream_name ${record["kubernetes"]["container_image_id"]}
</record>
</filter>
<filter journal.** *audit.log>
@type record_transformer
<record>
cw_group_name ${record["hostname"]}
cw_stream_name ${tag}
</record>
</filter>
I can remove the container streams to use tag instead of the hash which would include NS/Podname/containerhash some thing like var.log.containers.NS.podname.hash or the like
alanconway
force-pushed
the
forward-cloudwatch
branch
from
e6bfbec
to
da133da
Compare
openshift-ci-robot
added
lgtm
See:
/cc @jcantrill
/cc @jeremyeder
/cc @sichvoge