Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

feat: ADOT Container logs collection #141

Merged
merged 12 commits into from
Feb 6, 2024
Merged
Show file tree
Hide file tree
Changes from 5 commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
Original file line number Diff line number Diff line change
@@ -0,0 +1,85 @@
# Single Cluster Open Source Observability - NGINX Monitoring

## Objective

This pattern demonstrates how to use the _New EKS Cluster Open Source Observability Accelerator_ forward container logs to cloud watch using ADOT containers log collector.
arunvthangaraj marked this conversation as resolved.
Show resolved Hide resolved

## Prerequisites

Ensure that you have installed the following tools on your machine.

1. [aws cli](https://docs.aws.amazon.com/cli/latest/userguide/install-cliv2.html)
2. [kubectl](https://Kubernetes.io/docs/tasks/tools/)
3. [cdk](https://docs.aws.amazon.com/cdk/v2/guide/getting_started.html#getting_started_install)
4. [npm](https://docs.npmjs.com/cli/v8/commands/npm-install)

## Deploying

Please follow the _Deploying_ instructions of the [New EKS Cluster Open Source Observability Accelerator](./single-new-eks-opensource-observability.md) pattern, except for step 7, where you need to replace "context" in `~/.cdk.json` with the following:

```typescript
"context": {
"fluxRepository": {
"name": "grafana-dashboards",
"namespace": "grafana-operator",
"repository": {
"repoUrl": "https://github.com/aws-observability/aws-observability-accelerator",
"name": "grafana-dashboards",
"targetRevision": "main",
"path": "./artifacts/grafana-operator-manifests/eks/infrastructure"
},
"values": {
"GRAFANA_CLUSTER_DASH_URL" : "https://raw.githubusercontent.com/aws-observability/aws-observability-accelerator/main/artifacts/grafana-dashboards/eks/infrastructure/cluster.json",
"GRAFANA_KUBELET_DASH_URL" : "https://raw.githubusercontent.com/aws-observability/aws-observability-accelerator/main/artifacts/grafana-dashboards/eks/infrastructure/kubelet.json",
"GRAFANA_NSWRKLDS_DASH_URL" : "https://raw.githubusercontent.com/aws-observability/aws-observability-accelerator/main/artifacts/grafana-dashboards/eks/infrastructure/namespace-workloads.json",
"GRAFANA_NODEEXP_DASH_URL" : "https://raw.githubusercontent.com/aws-observability/aws-observability-accelerator/main/artifacts/grafana-dashboards/eks/infrastructure/nodeexporter-nodes.json",
"GRAFANA_NODES_DASH_URL" : "https://raw.githubusercontent.com/aws-observability/aws-observability-accelerator/main/artifacts/grafana-dashboards/eks/infrastructure/nodes.json",
"GRAFANA_WORKLOADS_DASH_URL" : "https://raw.githubusercontent.com/aws-observability/aws-observability-accelerator/main/artifacts/grafana-dashboards/eks/infrastructure/workloads.json",
"GRAFANA_NGINX_DASH_URL" : "https://raw.githubusercontent.com/aws-observability/aws-observability-accelerator/main/artifacts/grafana-dashboards/eks/nginx/nginx.json"
arunvthangaraj marked this conversation as resolved.
Show resolved Hide resolved
},
"kustomizations": [
{
"kustomizationPath": "./artifacts/grafana-operator-manifests/eks/infrastructure"
},
{
"kustomizationPath": "./artifacts/grafana-operator-manifests/eks/nginx"
arunvthangaraj marked this conversation as resolved.
Show resolved Hide resolved
}
]
},
"adotcontainerlogs.pattern.enabled": true
}
```

!! warning This scenario might need larger worker node for the pod.


Once completed the rest of the _Deploying_ steps, you can move on with the deployment of the Nginx workload.

## Viewing Logs in CloudWatch Logs Insights
arunvthangaraj marked this conversation as resolved.
Show resolved Hide resolved

Navigate to CloudWatch, then go to "Logs Insights"
arunvthangaraj marked this conversation as resolved.
Show resolved Hide resolved

In the dropdown, select any of the logs that begin with "/aws/eks/single-new-eks-mixed-observability-accelerator" and run a query.

Example with "kubesystem" log group:

![logs-query](../images/mixed-query.png)
arunvthangaraj marked this conversation as resolved.
Show resolved Hide resolved

Then you can view the results of your query:

![logs-results](../images/mixed-log-results.png)
arunvthangaraj marked this conversation as resolved.
Show resolved Hide resolved

You can also find control plane logs in CloudWatch with Control Plane logs visible under the `/cluster` log group:

![control-plane-logs](../images/control-plane-logs.png)
arunvthangaraj marked this conversation as resolved.
Show resolved Hide resolved

You can then filter by patterns within the logs to find specific events like so:
![control-plane-insights](../images/control-plane-insights.png)

## Teardown

You can teardown the whole CDK stack with the following command:

```bash
make pattern single-new-eks-opensource-observability destroy
```
73 changes: 73 additions & 0 deletions lib/common/resources/otel-collector-config.yml
Original file line number Diff line number Diff line change
Expand Up @@ -1740,13 +1740,86 @@ spec:
source_labels:
- __meta_kubernetes_pod_phase
{{ stop enableIstioMonJob }}
{{ start enableAdotContainerLogsReceiver }}
filelog:
include:
- /var/log/pods/*/*/*.log
include_file_name: false
include_file_path: true
operators:
- id: get-format
routes:
- expr: body matches "^\\{"
output: parser-docker
- expr: body matches "^[^ Z]+ "
output: parser-crio
- expr: body matches "^[^ Z]+Z"
output: parser-containerd
type: router
- id: parser-crio
output: extract_metadata_from_filepath
regex: ^(?P<time>[^ Z]+) (?P<stream>stdout|stderr) (?P<logtag>[^ ]*) ?(?P<log>.*)$
timestamp:
layout: 2006-01-02T15:04:05.999999999Z07:00
layout_type: gotime
parse_from: attributes.time
type: regex_parser
- id: parser-containerd
output: extract_metadata_from_filepath
regex: ^(?P<time>[^ ^Z]+Z) (?P<stream>stdout|stderr) (?P<logtag>[^ ]*) ?(?P<log>.*)$
timestamp:
layout: '%Y-%m-%dT%H:%M:%S.%LZ'
parse_from: attributes.time
type: regex_parser
- id: parser-docker
output: extract_metadata_from_filepath
timestamp:
layout: '%Y-%m-%dT%H:%M:%S.%LZ'
parse_from: attributes.time
type: json_parser
- id: extract_metadata_from_filepath
parse_from: attributes["log.file.path"]
regex: ^.*\/(?P<namespace>[^_]+)_(?P<pod_name>[^_]+)_(?P<uid>[a-f0-9\-]+)\/(?P<container_name>[^\._]+)\/(?P<restart_count>\d+)\.log$
type: regex_parser
- from: attributes.stream
to: attributes["log.iostream"]
type: move
- from: attributes.container_name
to: resource["k8s.container.name"]
type: move
- from: attributes.namespace
to: resource["k8s.namespace.name"]
type: move
- from: attributes.pod_name
to: resource["k8s.pod.name"]
type: move
- from: attributes.restart_count
to: resource["k8s.container.restart_count"]
type: move
- from: attributes.uid
to: resource["k8s.pod.uid"]
type: move
- from: attributes.log
to: body
type: move
start_at: beginning
{{ stop enableAdotContainerLogsReceiver }}
exporters:
prometheusremotewrite:
endpoint: "{{remoteWriteEndpoint}}"
auth:
authenticator: sigv4auth
logging:
loglevel: info
{{ start enableAdotContainerLogsExporter }}
awscloudwatchlogs:
log_group_name: "{{logGroupName}}"
log_stream_name: "{{logStreamName}}"
region: "{{awsRegion}}"
endpoint: "logs.{{awsRegion}}.amazonaws.com"
log_retention: {{logRetentionDays}}
raw_log: false
{{ stop enableAdotContainerLogsExporter }}
extensions:
sigv4auth:
region: "{{awsRegion}}"
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -79,6 +79,18 @@ export default class SingleNewEksGravitonOpenSourceObservabilityPattern {
"{{ stop enableAdotMetricsCollectionTelemetry }}",
jsonStringnew.context["adotcollectormetrics.pattern.enabled"]
);
doc = utils.changeTextBetweenTokens(
arunvthangaraj marked this conversation as resolved.
Show resolved Hide resolved
doc,
"{{ start enableAdotContainerLogsReceiver }}",
"{{ stop enableAdotContainerLogsReceiver }}",
jsonStringnew.context["adotcontainerlogs.pattern.enabled"]
);
doc = utils.changeTextBetweenTokens(
doc,
"{{ start enableAdotContainerLogsExporter }}",
"{{ stop enableAdotContainerLogsExporter }}",
jsonStringnew.context["adotcontainerlogs.pattern.enabled"]
);
console.log(doc);
fs.writeFileSync(__dirname + '/../common/resources/otel-collector-config-new.yml', doc);

Expand All @@ -96,6 +108,18 @@ export default class SingleNewEksGravitonOpenSourceObservabilityPattern {
);
}

if (utils.valueFromContext(scope, "adotcontainerlogs.pattern.enabled", false)) {
ampAddOnProps.openTelemetryCollector = {
manifestPath: __dirname + '/../common/resources/otel-collector-config-new.yml',
manifestParameterMap: {
logGroupName: `/aws/eks/${stackId}`,
logStreamName: `/aws/eks/${stackId}`,
logRetentionDays: 30,
awsRegion: region
}
};
}

if (utils.valueFromContext(scope, "apiserver.pattern.enabled", false)) {
ampAddOnProps.enableAPIServerJob = true,
ampAddOnProps.ampRules?.ruleFilePaths.push(
Expand Down Expand Up @@ -128,10 +152,6 @@ export default class SingleNewEksGravitonOpenSourceObservabilityPattern {

Reflect.defineMetadata("ordered", true, blueprints.addons.GrafanaOperatorAddon);
const addOns: Array<blueprints.ClusterAddOn> = [
new blueprints.addons.CloudWatchLogsAddon({
logGroupPrefix: `/aws/eks/${stackId}`,
logRetentionDays: 30
}),
new blueprints.addons.XrayAdotAddOn(),
new blueprints.addons.FluxCDAddOn({"repositories": [fluxRepository]}),
new GrafanaOperatorSecretAddon(),
Expand Down
28 changes: 24 additions & 4 deletions lib/single-new-eks-opensource-observability-pattern/index.ts
Original file line number Diff line number Diff line change
Expand Up @@ -82,6 +82,18 @@ export default class SingleNewEksOpenSourceobservabilityPattern {
"{{ stop enableAdotMetricsCollectionTelemetry }}",
jsonStringnew.context["adotcollectormetrics.pattern.enabled"]
);
doc = utils.changeTextBetweenTokens(
doc,
elamaran11 marked this conversation as resolved.
Show resolved Hide resolved
"{{ start enableAdotContainerLogsReceiver }}",
"{{ stop enableAdotContainerLogsReceiver }}",
jsonStringnew.context["adotcontainerlogs.pattern.enabled"]
);
doc = utils.changeTextBetweenTokens(
doc,
"{{ start enableAdotContainerLogsExporter }}",
"{{ stop enableAdotContainerLogsExporter }}",
jsonStringnew.context["adotcontainerlogs.pattern.enabled"]
);
console.log(doc);
fs.writeFileSync(__dirname + '/../common/resources/otel-collector-config-new.yml', doc);

Expand Down Expand Up @@ -129,12 +141,20 @@ export default class SingleNewEksOpenSourceobservabilityPattern {
);
}

if (utils.valueFromContext(scope, "adotcontainerlogs.pattern.enabled", false)) {
ampAddOnProps.openTelemetryCollector = {
manifestPath: __dirname + '/../common/resources/otel-collector-config-new.yml',
manifestParameterMap: {
logGroupName: `/aws/eks/${stackId}`,
logStreamName: `/aws/eks/${stackId}`,
logRetentionDays: 30,
awsRegion: region
}
};
}

Reflect.defineMetadata("ordered", true, blueprints.addons.GrafanaOperatorAddon);
const addOns: Array<blueprints.ClusterAddOn> = [
new blueprints.addons.CloudWatchLogsAddon({
logGroupPrefix: `/aws/eks/${stackId}`,
logRetentionDays: 30
}),
new blueprints.addons.XrayAdotAddOn(),
new blueprints.addons.FluxCDAddOn({"repositories": [fluxRepository]}),
new GrafanaOperatorSecretAddon()
Expand Down
1 change: 1 addition & 0 deletions mkdocs.yml
Original file line number Diff line number Diff line change
Expand Up @@ -46,6 +46,7 @@ nav:
- OSS Java Mon : patterns/single-new-eks-observability-accelerators/single-new-eks-java-opensource-observability.md
- OSS Nginx Mon : patterns/single-new-eks-observability-accelerators/single-new-eks-nginx-opensource-observability.md
- OSS ADOT Collector Mon: patterns/single-new-eks-observability-accelerators/single-new-eks-adotmetrics-collection-opensource-observability.md
- OSS ADOT Container Logs: patterns/single-new-eks-observability-accelerators/single-new-eks-container-logs-opensource-observability.md
- Logs: logs.md
- Tracing: tracing.md
- Supporting Examples:
Expand Down