From fb46dab71b237a42704f5d3ca0d1e0181688fabe Mon Sep 17 00:00:00 2001 From: Michael Burke Date: Tue, 8 Sep 2020 14:57:10 -0400 Subject: [PATCH] edits per christian and jeffrey --- _topic_map.yml | 3 + logging/cluster-logging-eventrouter.adoc | 22 +++++ logging/cluster-logging.adoc | 2 + .../cluster-logging-about-eventrouter.adoc | 20 ----- .../cluster-logging-eventrouter-about.adoc | 11 +++ .../cluster-logging-eventrouter-deploy.adoc | 83 ++++++++++--------- 6 files changed, 83 insertions(+), 58 deletions(-) create mode 100644 logging/cluster-logging-eventrouter.adoc delete mode 100644 modules/cluster-logging-about-eventrouter.adoc create mode 100644 modules/cluster-logging-eventrouter-about.adoc diff --git a/_topic_map.yml b/_topic_map.yml index a9e02a26c9..c790f41a74 100644 --- a/_topic_map.yml +++ b/_topic_map.yml @@ -1269,6 +1269,9 @@ Topics: - Name: Forwarding logs to third party systems File: cluster-logging-external Distros: openshift-enterprise,openshift-webscale,openshift-origin +- Name: Collecting and storing Kubernetes events + File: cluster-logging-eventrouter + Distros: openshift-enterprise,openshift-webscale,openshift-origin - Name: Updating cluster logging File: cluster-logging-upgrading - Name: Uninstalling cluster logging diff --git a/logging/cluster-logging-eventrouter.adoc b/logging/cluster-logging-eventrouter.adoc new file mode 100644 index 0000000000..a694781ca5 --- /dev/null +++ b/logging/cluster-logging-eventrouter.adoc @@ -0,0 +1,22 @@ +:context: cluster-logging-curator +[id="cluster-logging-eventrouter"] += Collecting and storing Kubernetes events +include::modules/common-attributes.adoc[] + +toc::[] + +The {product-title} Event Router is a Pod that watches Kubernetes events and logs them for collection by cluster logging. You must manually deploy the Event Router. + +The Event Router collects events from all projects and writes them to `STDOUT`. Fluentd collects those events and forwards them into the {product-title} Elasticsearch instance. Elasticsearch indexes the events to the `infra` index. + +[IMPORTANT] +==== +The Event Router adds additional load to Fluentd and can impact the number of other log messages that can be processed. +==== + +// The following include statements pull in the module files that comprise +// the assembly. Include any combination of concept, procedure, or reference +// modules required to cover the user story. You can also include other +// assemblies. + +include::modules/cluster-logging-eventrouter-deploy.adoc[leveloffset=+1] diff --git a/logging/cluster-logging.adoc b/logging/cluster-logging.adoc index 2a54c7cd36..1d588226e0 100644 --- a/logging/cluster-logging.adoc +++ b/logging/cluster-logging.adoc @@ -42,4 +42,6 @@ include::modules/cluster-logging-about-logstore.adoc[leveloffset=+2] include::modules/cluster-logging-about-visualizer.adoc[leveloffset=+2] +include::modules/cluster-logging-eventrouter-about.adoc[leveloffset=+2] + diff --git a/modules/cluster-logging-about-eventrouter.adoc b/modules/cluster-logging-about-eventrouter.adoc deleted file mode 100644 index 5bd2b1f723..0000000000 --- a/modules/cluster-logging-about-eventrouter.adoc +++ /dev/null @@ -1,20 +0,0 @@ -// Module included in the following assemblies: -// -// * logging/cluster-logging.adoc - -[id="cluster-logging-about-eventrouter_{context}"] -= About event routing - -The Event Router is a pod that forwards {product-title} events to cluster logging. -You must manually deploy Event Router. - -The Event Router collects events and converts them into JSON format, which takes -those events and pushes them to `STDOUT`. Fluentd indexes the events to the -`.operations` index. - -//// -[NOTE] -==== -The Event Router is not supported for the Rsyslog log collector. -==== -//// diff --git a/modules/cluster-logging-eventrouter-about.adoc b/modules/cluster-logging-eventrouter-about.adoc new file mode 100644 index 0000000000..6e0bdcd50a --- /dev/null +++ b/modules/cluster-logging-eventrouter-about.adoc @@ -0,0 +1,11 @@ +// Module included in the following assemblies: +// +// * logging/cluster-logging.adoc + +[id="cluster-logging-eventrouter-about_{context}"] += About event routing + +The Event Router is a Pod that watches {product-title} events so they can be collected by cluster logging. +The Event Router collects events from all projects and writes them to `STDOUT`. Fluentd collects those events and forwards them into the {product-title} Elasticsearch instance. Elasticsearch indexes the events to the `infra` index. + +You must manually deploy the Event Router. diff --git a/modules/cluster-logging-eventrouter-deploy.adoc b/modules/cluster-logging-eventrouter-deploy.adoc index 9b478ea392..03c2f59875 100644 --- a/modules/cluster-logging-eventrouter-deploy.adoc +++ b/modules/cluster-logging-eventrouter-deploy.adoc @@ -3,23 +3,18 @@ // * logging/cluster-logging-eventrouter.adoc [id="cluster-logging-eventrouter-deploy_{context}"] -= Deploying and Configuring the Event Router += Deploying and configuring the Event Router -Use the following steps to deploy Event Router into your cluster. +Use the following steps to deploy the Event Router into your cluster. You should always deploy the Event Router to the `openshift-logging` project to ensure it collects events from across the cluster. -The following Template object creates the Service Account, ClusterRole, and ClusterRoleBinding required for the Event Router. - -//// -[NOTE] -==== -The Event Router is not supported for the Rsyslog log collector. -==== -//// +The following Template object creates the service account, cluster role, and cluster role rinding required for the Event Router. The template also configures and deploys the Event Router Pod. You can use this template without making changes, or change the Deployment object CPU and memory requests. .Prerequisites * You need proper permissions to create service accounts and update cluster role bindings. For example, you can run the following template with a user that has the *cluster-admin* role. +* Cluster logging must be installed. + .Procedure . Create a template for the Event Router: @@ -43,11 +38,11 @@ objects: apiVersion: v1 metadata: name: event-reader - rules: <3> + rules: - apiGroups: [""] resources: ["events"] verbs: ["get", "watch", "list"] - - kind: ClusterRoleBinding <4> + - kind: ClusterRoleBinding <3> apiVersion: v1 metadata: name: event-reader-binding @@ -58,7 +53,7 @@ objects: roleRef: kind: ClusterRole name: event-reader - - kind: ConfigMap + - kind: ConfigMap <4> apiVersion: v1 metadata: name: eventrouter @@ -68,7 +63,7 @@ objects: { "sink": "stdout" } - - kind: Deployment + - kind: Deployment <5> apiVersion: apps/v1 metadata: name: eventrouter @@ -98,8 +93,6 @@ objects: image: ${IMAGE} imagePullPolicy: IfNotPresent resources: - limits: - memory: ${MEMORY} requests: cpu: ${CPU} memory: ${MEMORY} @@ -111,30 +104,27 @@ objects: configMap: name: eventrouter parameters: - - name: IMAGE <5> + - name: IMAGE displayName: Image value: "registry.redhat.io/openshift4/ose-logging-eventrouter:latest" - - name: MEMORY <6> - displayName: Memory - value: "128Mi" - - name: CPU <7> + - name: CPU <6> displayName: CPU value: "100m" - - name: NAMESPACE <8> + - name: MEMORY <7> + displayName: Memory + value: "128Mi" + - name: NAMESPACE displayName: Namespace - value: "openshift-logging" + value: "openshift-logging" <8> ---- -<1> Creates a Service Account for the Event Router. -<2> Creates a cluster role to monitor for events in the cluster. -<3> Allows the `get`, `watch`, and `list` permissions for the `events` resource. -<4> Creates a ClusterRoleBinding to bind the ClusterRole to the ServiceAccount. -<5> Specify the image version for the Event Router. -<6> Specify the memory limit for the Event Router pods. Defaults to '128Mi'. -<7> Specify the minimum amount of CPU to allocate to the Event Router. Defaults to '100m'. -<8> Specify the namespace where eventrouter is deployed. Defaults to `openshift-logging`. The value must be the same as specified for the ServiceAccount and ClusterRoleBinding. -The project indicates where in Kibana you can locate events: -* If the event router pod is deployed in a default project, such as `+kube-*+` and `+openshift-*+`, you can find the events under the *.operation* index. -* If the event router pod is deployed in other projects, you can find the event under the index using the project namespace. +<1> Creates a Service Account in the `openshift-logging` project for the Event Router. +<2> Creates a ClusterRole to monitor for events in the cluster. +<3> Creates a ClusterRoleBinding to bind the ClusterRole to the ServiceAccount. +<4> Creates a ConfigMap in the `openshift-logging` project to generate the required `config.json` file. +<5> Creates a Deployment in the `openshift-logging` project to generate and configure the Event Router Pod. +<6> Specifies the minimum amount of memory to allocate to the Event Router Pod. Defaults to `128Mi`. +<7> Specifies the minimum amount of CPU to allocate to the Event Router Pod. Defaults to `100m`. +<8> Specifies the `openshift-logging` project to install objects in. . Use the following command to process and apply the template: + @@ -148,7 +138,11 @@ For example: [source,terminal] ---- $ oc process -f eventrouter.yaml | oc apply -f - - +---- ++ +.Example output +[source,terminal] +---- serviceaccount/logging-eventrouter created clusterrole.authorization.openshift.io/event-reader created clusterrolebinding.authorization.openshift.io/event-reader-binding created @@ -158,9 +152,11 @@ deployment.apps/logging-eventrouter created . Validate that the Event Router installed in the `openshift-logging` project: + +.. View the new Event Router Pod: ++ [source,terminal] ---- -$ oc get pods --selector component=eventrouter -o name +$ oc get pods --selector component=eventrouter -o name -n openshift-logging ---- + .Example output @@ -168,15 +164,26 @@ $ oc get pods --selector component=eventrouter -o name ---- pod/cluster-logging-eventrouter-d649f97c8-qvv8r ---- + +.. View the events collected by the Event Router: + [source,terminal] ---- -$ oc logs cluster-logging-eventrouter-d649f97c8-qvv8r +$ oc logs -n openshift-logging +---- ++ +For example: ++ +[source,terminal] +---- +$ oc logs cluster-logging-eventrouter-d649f97c8-qvv8r -n openshift-logging ---- + .Example output [source,terminal] ---- -{"verb":"ADDED","event":{"metadata":{"name":"kibana.1612e7cc3325689f","namespace":"openshift-logging","selfLink":"/api/v1/namespaces/openshift-logging/events/kibana.1612e7cc3325689f","uid":"2e20b62e-ebe8-4eb5-9c25-1d7b54fd294a","resourceVersion":"805355","creationTimestamp":"2020-05-27T14:08:02Z"},"involvedObject":{"kind":"Deployment","namespace":"openshift-logging","name":"kibana","uid":"1970b521-bd9e-49e8-ab7b-9f6403a2ba2f","apiVersion":"apps/v1","resourceVersion":"805353"},"reason":"ScalingReplicaSet","message":"Scaled up replica set kibana-6674598965 to 1","source":{"component":"deployment-controller"},"firstTimestamp":"2020-05-27T14:08:02Z","lastTimestamp":"2020-05-27T14:08:02Z","count":1,"type":"Normal"}} +{"verb":"ADDED","event":{"metadata":{"name":"openshift-service-catalog-controller-manager-remover.1632d931e88fcd8f","namespace":"openshift-service-catalog-removed","selfLink":"/api/v1/namespaces/openshift-service-catalog-removed/events/openshift-service-catalog-controller-manager-remover.1632d931e88fcd8f","uid":"787d7b26-3d2f-4017-b0b0-420db4ae62c0","resourceVersion":"21399","creationTimestamp":"2020-09-08T15:40:26Z"},"involvedObject":{"kind":"Job","namespace":"openshift-service-catalog-removed","name":"openshift-service-catalog-controller-manager-remover","uid":"fac9f479-4ad5-4a57-8adc-cb25d3d9cf8f","apiVersion":"batch/v1","resourceVersion":"21280"},"reason":"Completed","message":"Job completed","source":{"component":"job-controller"},"firstTimestamp":"2020-09-08T15:40:26Z","lastTimestamp":"2020-09-08T15:40:26Z","count":1,"type":"Normal"}} ---- ++ +You can also use Kibana to view events by creating an index pattern using the Elasticsearch `infra` index.