spec:
additionalPolicies:
master: |
[
{
"Effect": "Allow",
"Action": ["logs:CreateLogGroup", "logs:CreateLogStream", "logs:PutLogEvents"],
"Resource": ["*"]
}
]
node: |
[
{
"Effect": "Allow",
"Action": ["logs:CreateLogGroup", "logs:CreateLogStream", "logs:PutLogEvents"],
"Resource": ["*"]
}
]
docker:
logDriver: awslogs
logOpt:
- awslogs-region=eu-west-1
- awslogs-group=<group-name> # make sure that this group already exist (create it manually)
- tag={{.Name}}
The last line is the most important one, and it will rename the log-stream for each pod to something readable instead of the docker hash.
goes without saying that you have to update the cluster in order for the changes to take affect. (kops update cluster ${CLUSTER-NAME} --yes)
That's it. Open AWS Cloudwatch and enjoy your logs :-)
With that said, I have one problem. The log stream name contains much more info than what I would have wanted. Any idea how to trim the log stream name into simply the pod nice name?
I have tried several ways of manipulating the 'tag' value (e.g. tag={{ with split .Name "_" }}{{ index . 2 }}{{end}} ), but it has failed the update operation.
logstream name example: k8s_POD-NICE-NAME_POD-NICE-NAME-67c77758bf-8knn8_mind_24ed4160-5b5e-11e9-b53a-0a02b6d80d7c_1
In this case you are using the Docker awslogs driver for logging. In which case you have to specify awslogs-stream or tag options to change the stream name from default. The tag is a bit more flexible and I think it will adjust to your requirements better, since it interprets Go template markup. This way you can have a more friendly stream name instead of the container ID.
From docker documentation:
Specify tag as an alternative to the awslogs-stream option. tag interprets Go template markup, such as {{.ID}}, {{.FullID}} or {{.Name}} docker.{{.ID}}. See the tag option documentation for details on all supported template substitutions.
When both awslogs-stream and tag are specified, the value supplied for awslogs-stream overrides the template specified with tag.
If not specified, the container ID is used as the log stream.
See tag and awslogs-stream options here: https://docs.docker.com/config/containers/logging/awslogs/