Simple Log Service and Distributed Cloud Container Platform for Kubernetes (ACK One) jointly launch the log collection feature. You can use this feature to deliver the control plane logs and audit logs of master instances and the control plane logs and audit logs of GitOps from ACK One to Simple Log Service for query and analysis. This topic describes the assets and billing of the log collection feature.
Assets
Dedicated projects and dedicated Logstores
ImportantBefore you disable log collection, do not delete the related Simple Log Service project and Logstore. Otherwise, logs cannot be delivered to Simple Log Service.
If you have enabled the pay-by-ingested-data billing mode, Simple Log Service creates a dedicated Logstore that uses the pay-by-ingested-data billing mode by default. If you want to switch the billing mode from pay-by-ingested-data to pay-by-feature, you can modify the configurations of the Logstore. For more information, see Manage a Logstore.
Control plane logs and audit logs of master instances
If you select an existing project when you enable the collection of control plane logs and audit logs for a master instance, Simple Log Service creates multiple dedicated Logstores in the project, as shown in the following table.
If you select Create Project when you enable the collection of control plane logs and audit logs for a master instance, Simple Log Service creates a project named
k8s-log-<Master instance ID>
in the region where the master instance resides and multiple dedicated Logstores in the project, as shown in the following table.Logstore
Component
Description
apiserver-<Master instance ID>
kube-apiserver
Stores the logs of the kube-apiserver component.
The kube-apiserver component is used to expose the Kubernetes API. For more information, see kube-apiserver.
kcm-<Master instance ID>
kube-controller-manager
Stores the logs of the kube-controller-manager component.
The kube-controller-manager component is the internal management and control center of a Kubernetes cluster. The component is embedded with core control links in all released Kubernetes versions. For more information, see kube-controller-manager.
application-controller-<Master instance ID>
application-controller
Stores the logs of the application-controller component.
The application-controller component is used to distribute applications in ACK One.
cluster-operator-<Master instance ID>
cluster-operator
Stores the logs of the cluster-operator component.
The cluster-operator component is used to associate and disassociate clusters.
audit-<Master instance ID>
All components
Stores the audit logs of all components.
Control plane logs and audit logs of GitOps
After you enable the collection of control plane logs and audit logs of GitOps, Simple Log Service creates a project named
k8s-log-<Master instance ID>
in the region where the corresponding master instance resides and a Logstore named gitops-argocd-logstore in the project.
Dedicated dashboards
Dashboard
Description
Kubernetes CVE Vulnerability
Displays the Common Vulnerabilities and Exposures (CVE) vulnerabilities that may occur in the current Kubernetes cluster, including Kubernetes CVE-2022-3294, Kubernetes CVE-2022-3172, and Kubernetes CVE-2022-3162.
Kubernetes Elastic Autoscale
Displays the information about Kubernetes resources on which auto scaling is performed, including the number of added standard Horizontal Pod Autoscaler (HPA)-based instances, number of removed standard HPA-based instances, number of added CronHPA-based instances, and number of removed CronHPA-based instances.
Kubernetes Network Policy Audit
Displays the information about Kubernetes network policies, including network policies and operation traces.
Kubernetes Node Operation Audit
Displays the operation information of Kubernetes nodes, including active nodes, new nodes, deleted nodes, and accounts that update nodes.
Kubernetes Audit Center Overview
Displays the Kubernetes audit information, including the total number of events, number of access requests over the Internet, number of unauthorized access requests, number of creation events, and number of deletion events.
Kubernetes Resource Operation Overview
Displays the information about operations that are performed on Kubernetes resources, including the creation, update, deletion, and access of resources. The resources include Deployment, StatefulSet, CronJob, DaemonSet, Job, Pod, Service, Ingress, ConfigMap, Secret, PersistentVolumeClaim, Role, ClusterRole, RoleBinding, and ClusterRoleBinding.
Kubernetes Resource Operation Details
Displays the details of the operations that are performed on Kubernetes resources, including the lists of created resources, updated resources, accessed resources, and deleted resources.
Kubernetes Operation Audit for Accounts
Displays the operation information of Kubernetes resources by account, including the number of created resources, number of updated resources, and operation traces.
Billing
You are not charged for the log collection feature of ACK One.
If the billing mode of the related Logstore is pay-by-feature, you are charged based on the storage usage, read traffic, number of requests, data transformation, and data shipping after ACK One logs are delivered to Simple Log Service. For more information, see Billable items of pay-by-feature.
If the billing mode of the related Logstore is pay-by-ingested-data, you are charged for the ingested raw data volume after ACK One logs are delivered to Simple Log Service. For more information, see Billable items of pay-by-ingested-data.