Distributed Cloud Container Platform for Kubernetes (ACK One) supports centralized collection of control plane component logs and audit logs from Fleet instances, delivering them to designated Simple Log Service projects within your Alibaba Cloud account. This topic describes how to enable log collection and view logs in Simple Log Service.
Prerequisite
Sufficient Logstore quota is available in your Simple Log Service account.
The default Logstore quota for each Alibaba Cloud account is 50. To increase the quota, submit a ticket.
Background information
Control plane component logs can help you securely and efficiently manage and maintain your clusters. When creating new Fleet instances, turn on Enable Collection of Operation Logs and Auditing Logs. Then, collected logs are delivered to the specified Simple Log Service projects with pay-as-you-go billing basis.
Enable collection of control plane component logs and audit logs
Method 1: Enable the feature when you create a Fleet instance
When you create a Fleet instance, turn on Enable Collection of Operation Logs and Auditing Logs. For more information about how to create a Fleet instance, see Enable Fleet management.
By default, Enable Collection of Operation Logs and Auditing Logs is turned on.
The control plane component logs and audit logs can be collected only to newly created projects of Simple Log Service.
Method 2: Enable the feature for an existing Fleet instance
Log on to the ACK One console. In the left-side navigation pane, choose .
On the Log Center page, click the Audit Logs tab, then click Enable.
NoteAudit Logs and Logs of Control Plane Components are enabled together.
If you no longer want to collect control plane component logs or audit logs, click Disable Audit Logs & Control Plane Logs in the top-right of the page.
View control plane component logs and audit logs
After the Fleet instance is created, you can use the following methods to view the control plane component logs and audit logs.
Method 1: View the control plane component logs and audit logs in the Simple Log Service console
Log on to the Simple Log Service console.
In the Projects section, click the name of the project used by the Fleet instance.
In the left-side Logstores list on the Log Storage page, select the Logstore that stores control plane component logs. You can query the logs of the kube-apiserver, application-controller, kube-controller-manager, and cluster operator control plane components. For more information, see What is Simple Log Service?
Method 2: View the control plane component logs and audit logs in the ACK One console
Log on to the ACK One console. In the left-side navigation pane, choose .
On the Log Center page, click the Audit Logs and Logs of Control Plane Components tabs to view the logs.
NoteIf multiple Fleet instances exist, select the Fleet instance you want to manage on the Fleet Information page and click the related tabs.
Logstores for control plane components
ACK allows you to collect the logs of the following control plane components. The log of each component is stored in a separate Logstore. For more information about the components, see Kubernetes components.
Component | Logstore | Description |
kube-apiserver | apiserver | kube-apiserver is used to expose the Kubernetes API. For more information, see kube-apiserver. |
kube-controller-manager | kcm | The kube-controller-manager component is the internal management and control center of a Kubernetes cluster. The component embeds the core control loops shipped with Kubernetes. For more information, see kube-controller-manager. |
application-controller | application-controller | application-controller is used to distribute applications in ACK One. You can view the logs about application distribution events. |
cluster-operator | cluster-operator | cluster-operator is used to associate clusters with and disassociate clusters from Fleet instances. You can view the logs about cluster association events and cluster disassociation events. |
FAQ
After I click the Audit Logs tab or the Logs of Control Plane Components tab, an error message appears, which indicates that the endpoint is invalid. What do I do?
Your Alibaba Cloud account has exceeded the Simple Log Service project quota. To resolve this issue:
Delete unnecessary Simple Log Service projects to free up quota.
Submit a ticket to request a quota increase.
After I delete the Simple Log Service project used to collect logs, control plane component logs and audit logs cannot be collected. What do I do?
The system does not automatically create a new Simple Log Service project or Logstores after you delete the Simple Log Service project used to collect logs. To resolve this problem, turn off Enable Collection of Operation Logs and Auditing Logs and turn on the switch again.