K
Q

Use awslogs with kubernetes 'natively'

4/10/2019
  1. I came up with a way of configuring k8s to use aws logs without any 3rd party service/application. All you have to do is to add the following lines in your master.yaml file:
spec:
  additionalPolicies:
    master: |
      [
        {
          "Effect": "Allow",
          "Action": ["logs:CreateLogGroup", "logs:CreateLogStream", "logs:PutLogEvents"],
          "Resource": ["*"]
        }
      ]
    node: |
      [
        {
          "Effect": "Allow",
          "Action": ["logs:CreateLogGroup", "logs:CreateLogStream", "logs:PutLogEvents"],
          "Resource": ["*"]
        }
      ]
  docker:
    logDriver: awslogs
    logOpt:
    - awslogs-region=eu-west-1
    - awslogs-group=<group-name> # make sure that this group already exist (create it manually)
    - tag={{.Name}}

  1. The last line is the most important one, and it will rename the log-stream for each pod to something readable instead of the docker hash.

  2. goes without saying that you have to update the cluster in order for the changes to take affect. (kops update cluster ${CLUSTER-NAME} --yes)

  3. That's it. Open AWS Cloudwatch and enjoy your logs :-)

  4. With that said, I have one problem. The log stream name contains much more info than what I would have wanted. Any idea how to trim the log stream name into simply the pod nice name?

  5. I have tried several ways of manipulating the 'tag' value (e.g. tag={{ with split .Name "_" }}{{ index . 2 }}{{end}} ), but it has failed the update operation.

  6. logstream name example: k8s_POD-NICE-NAME_POD-NICE-NAME-67c77758bf-8knn8_mind_24ed4160-5b5e-11e9-b53a-0a02b6d80d7c_1

-- Ophir B
amazon-cloudwatchlogs
amazon-web-services
kubernetes

Similar Questions

Kubernetes coredns pods stuck in Pending status. Cannot start the dashboard
DNS records are not created for ingress resources
Pod has unbound immediate PersistentVolumeClaims
How to expose service outside k8s cluster?
How do reclaim policys for persistent storage work in Kubernetes?
When to use spring cloud like Eureka discovery,Ribbon etc if we have the same while we deployed the application in K8s?
How to release resources of containers in Kubernetes?

1 Answer

4/10/2019

In this case you are using the Docker awslogs driver for logging. In which case you have to specify awslogs-stream or tag options to change the stream name from default. The tag is a bit more flexible and I think it will adjust to your requirements better, since it interprets Go template markup. This way you can have a more friendly stream name instead of the container ID.

From docker documentation:

Specify tag as an alternative to the awslogs-stream option. tag interprets Go template markup, such as {{.ID}}, {{.FullID}} or {{.Name}} docker.{{.ID}}. See the tag option documentation for details on all supported template substitutions.

When both awslogs-stream and tag are specified, the value supplied for awslogs-stream overrides the template specified with tag.

If not specified, the container ID is used as the log stream.

See tag and awslogs-stream options here: https://docs.docker.com/config/containers/logging/awslogs/

-- Marcos Pagnucco
Source: StackOverflow