mirror of
https://github.com/openshift/openshift-docs.git
synced 2026-02-05 12:46:18 +01:00
80 lines
4.8 KiB
Plaintext
80 lines
4.8 KiB
Plaintext
// Module included in the following assemblies:
|
|
//
|
|
// * observability/logging/log_collection_forwarding/log-forwarding.adoc
|
|
|
|
:_mod-docs-content-type: PROCEDURE
|
|
[id="cluster-logging-collector-log-forward-loki_{context}"]
|
|
= Forwarding logs to an external Loki logging system
|
|
|
|
You can forward logs to an external Loki logging system in addition to, or instead of, the default log store.
|
|
|
|
To configure log forwarding to Loki, you must create a `ClusterLogForwarder` custom resource (CR) with an output to Loki, and a pipeline that uses the output. The output to Loki can use the HTTP (insecure) or HTTPS (secure HTTP) connection.
|
|
|
|
.Prerequisites
|
|
|
|
* You must have a Loki logging system running at the URL you specify with the `url` field in the CR.
|
|
|
|
.Procedure
|
|
|
|
. Create or edit a YAML file that defines the `ClusterLogForwarder` CR object:
|
|
+
|
|
[source,yaml]
|
|
----
|
|
apiVersion: logging.openshift.io/v1
|
|
kind: ClusterLogForwarder
|
|
metadata:
|
|
name: <log_forwarder_name> <1>
|
|
namespace: <log_forwarder_namespace> <2>
|
|
spec:
|
|
serviceAccountName: <service_account_name> <3>
|
|
outputs:
|
|
- name: loki-insecure <4>
|
|
type: "loki" <5>
|
|
url: http://loki.insecure.com:3100 <6>
|
|
loki:
|
|
tenantKey: kubernetes.namespace_name
|
|
labelKeys:
|
|
- kubernetes.labels.foo
|
|
- name: loki-secure <7>
|
|
type: "loki"
|
|
url: https://loki.secure.com:3100
|
|
secret:
|
|
name: loki-secret <8>
|
|
loki:
|
|
tenantKey: kubernetes.namespace_name <9>
|
|
labelKeys:
|
|
- kubernetes.labels.foo <10>
|
|
pipelines:
|
|
- name: application-logs <11>
|
|
inputRefs: <12>
|
|
- application
|
|
- audit
|
|
outputRefs: <13>
|
|
- loki-secure
|
|
----
|
|
<1> In legacy implementations, the CR name must be `instance`. In multi log forwarder implementations, you can use any name.
|
|
<2> In legacy implementations, the CR namespace must be `openshift-logging`. In multi log forwarder implementations, you can use any namespace.
|
|
<3> The name of your service account. The service account is only required in multi log forwarder implementations if the log forwarder is not deployed in the `openshift-logging` namespace.
|
|
<4> Specify a name for the output.
|
|
<5> Specify the type as `"loki"`.
|
|
<6> Specify the URL and port of the Loki system as a valid absolute URL. You can use the `http` (insecure) or `https` (secure HTTP) protocol. If the cluster-wide proxy using the CIDR annotation is enabled, the output must be a server name or FQDN, not an IP Address. Loki's default port for HTTP(S) communication is 3100.
|
|
<7> For a secure connection, you can specify an `https` or `http` URL that you authenticate by specifying a `secret`.
|
|
<8> For an `https` prefix, specify the name of the secret required by the endpoint for TLS communication. The secret must contain a `ca-bundle.crt` key that points to the certificates it represents. Otherwise, for `http` and `https` prefixes, you can specify a secret that contains a username and password. In legacy implementations, the secret must exist in the `openshift-logging` project. For more information, see the following "Example: Setting a secret that contains a username and password."
|
|
<9> Optional: Specify a metadata key field to generate values for the `TenantID` field in Loki. For example, setting `tenantKey: kubernetes.namespace_name` uses the names of the Kubernetes namespaces as values for tenant IDs in Loki. To see which other log record fields you can specify, see the "Log Record Fields" link in the following "Additional resources" section.
|
|
<10> Optional: Specify a list of metadata field keys to replace the default Loki labels. Loki label names must match the regular expression `[a-zA-Z_:][a-zA-Z0-9_:]*`. Illegal characters in metadata keys are replaced with `_` to form the label name. For example, the `kubernetes.labels.foo` metadata key becomes Loki label `kubernetes_labels_foo`. If you do not set `labelKeys`, the default value is: `[log_type, kubernetes.namespace_name, kubernetes.pod_name, kubernetes_host]`. Keep the set of labels small because Loki limits the size and number of labels allowed. See link:https://grafana.com/docs/loki/latest/configuration/#limits_config[Configuring Loki, limits_config]. You can still query based on any log record field using query filters.
|
|
<11> Optional: Specify a name for the pipeline.
|
|
<12> Specify which log types to forward by using the pipeline: `application,` `infrastructure`, or `audit`.
|
|
<13> Specify the name of the output to use when forwarding logs with this pipeline.
|
|
+
|
|
[NOTE]
|
|
====
|
|
Because Loki requires log streams to be correctly ordered by timestamp, `labelKeys` always includes the `kubernetes_host` label set, even if you do not specify it. This inclusion ensures that each stream originates from a single host, which prevents timestamps from becoming disordered due to clock differences on different hosts.
|
|
====
|
|
|
|
. Apply the `ClusterLogForwarder` CR object by running the following command:
|
|
+
|
|
[source,terminal]
|
|
----
|
|
$ oc apply -f <filename>.yaml
|
|
----
|