Skip to content

Latest commit

 

History

History

Folders and files

NameName
Last commit message
Last commit date

parent directory

..
 
 
 
 

Cluster Logging Architecture

Summary

Cluster Logging collects logs from various sources within a cluster and forwards them to destinations where they are stored or further processed. This primary goal of this solution is to facilitate the process of identifying the logs to be collected and where they should be forwarded. Cluster Logging is capable of forwarding logs to various outputs which include an opt-in managed LokiStack.

Note: The remaining portion of this documentation primarily focuses on log collection and forwarding.

Log Types and Log Sources

Logs are generated by various workloads running on a cluster. Cluster Logging categorizes them into distinct log types with each type providing subclasses by log source. This allows for fine-grained control of log collection at the source. Log type, additionally, is a core concept of Cluster Logging that controls how logs are handled and defines the design of the tenancy model for managed storage.

  • Application: Container logs from non-infrastructure namespaces (e.g. ^(default|kube.*|openshift.*)`

  • Infrastructure:

    • node: Node log sources are journal log events from individual cluster nodes core services

    • container: Container log sources are container logs from workloads running on the cluster that run in namespaces: default,kube*,openshift*

  • Audit: Audit logs are potentially security sensitive

    • auditd: Auditd sources are from individual cluster node auditd services

    • kubeAPI: Kubernetes API sources are cluster-wide log events from the Kubernetes API service

    • openshiftAPI: OpenShift API sources are cluster-wide log events from the OpenShift API and OAuth services

    • ovn: OVN sources are cluster-wide log events from the OVN service when OVN is enabled on the cluster

Components

TODO: INSERT COMPONENT DIAGRAM HERE

The logging system breaks down into 4 logical components.

  • Collector: Read log data from each node of the cluster

  • Forwarder: Forward log data to configured outputs. In practice, this is component is the same as the collector

  • Store: Store log data for analysis. A managed offering is available by this solution.

  • Exploration: UI tools (GUI and command line) to search, query and view stored logs from the managed offering

Operators

Following are the operators that provide and manage the components necessary for a complete logging solution:

  • cluster-logging-operator (CLO): Manages log collection and forwarding component

  • loki-operator (LO): Managing the Red Hat managed log storage solution based upon a Loki stack

  • cluster-observability-operator (COO): Manages observability operands (e.g. LokiStack, ClusterLogForwarder, Tracing) and console plugins to visualize observability data