11.4.

11.4.1.
링크 복사

apiVersion: "logging.openshift.io/v1"
kind: ClusterLogForwarder
metadata:
  name: <log_forwarder_name>

1


  namespace: <log_forwarder_namespace>

2


spec:
  serviceAccountName: <service_account_name>

3


  outputs:
   - name: elasticsearch-secure

4


     type: "elasticsearch"
     url: https://elasticsearch.secure.com:9200
     secret:
        name: elasticsearch
   - name: elasticsearch-insecure

5


     type: "elasticsearch"
     url: http://elasticsearch.insecure.com:9200
   - name: kafka-app

6


     type: "kafka"
     url: tls://kafka.secure.com:9093/app-topic
  inputs:

7


   - name: my-app-logs
     application:
        namespaces:
        - my-project
  pipelines:
   - name: audit-logs

8


     inputRefs:
      - audit
     outputRefs:
      - elasticsearch-secure
      - default
     labels:
       secure: "true"

9


       datacenter: "east"
   - name: infrastructure-logs

10


     inputRefs:
      - infrastructure
     outputRefs:
      - elasticsearch-insecure
     labels:
       datacenter: "west"
   - name: my-app

11


     inputRefs:
      - my-app-logs
     outputRefs:
      - default
   - inputRefs:

12


      - application
     outputRefs:
      - kafka-app
     labels:
       datacenter: "south"

11.4.1.1.
링크 복사

$ oc create secret generic -n <namespace> <secret_name> \
  --from-file=ca-bundle.crt=<your_bundle_file> \
  --from-literal=username=<your_username> \
  --from-literal=password=<your_password>

참고

11.4.2.
링크 복사

중요

apiVersion: logging.openshift.io/v1
kind: ClusterLogForwarder
metadata:
  name: <log_forwarder_name>

1


  namespace: <log_forwarder_namespace>

2


spec:
  serviceAccountName: <service_account_name>

3


  pipelines:
   - inputRefs:
     - <log_type>

4


     outputRefs:
     - <output_name>

5


  outputs:
  - name: <output_name>

6


    type: <output_type>

7


    url: <log_output_url>

8


# ...

1
2
3
4
5 7: 참고
6
8

11.4.3.
링크 복사

중요

apiVersion: logging.openshift.io/v1
kind: ClusterLogForwarder
metadata:
# ...
spec:
  tuning:
    delivery: AtLeastOnce

1


    compression: none

2


    maxWrite: <integer>

3


    minRetryDuration: 1s

4


    maxRetryDuration: 1s

5


# ...

Expand

표 11.9.

11.4.4.
링크 복사

주의

java.lang.NullPointerException: Cannot invoke "String.toString()" because "<param1>" is null
    at testjava.Main.handle(Main.java:47)
    at testjava.Main.printMe(Main.java:19)
    at testjava.Main.main(Main.java:10)

apiVersion: logging.openshift.io/v1
kind: ClusterLogForwarder
metadata:
  name: instance
  namespace: openshift-logging
spec:
  pipelines:
    - name: my-app-logs
      inputRefs:
        - application
      outputRefs:
        - default
      detectMultilineErrors: true

11.4.4.1.
링크 복사

Expand

표 11.10.

11.4.4.2.
링크 복사

[transforms.detect_exceptions_app-logs]
 type = "detect_exceptions"
 inputs = ["application"]
 languages = ["All"]
 group_by = ["kubernetes.namespace_name","kubernetes.pod_name","kubernetes.container_name"]
 expire_after_ms = 2000
 multiline_flush_interval_ms = 1000

<label @MULTILINE_APP_LOGS>
  <match kubernetes.**>
    @type detect_exceptions
    remove_tag_prefix 'kubernetes'
    message message
    force_line_breaks true
    multiline_flush_interval .2
  </match>
</label>

11.4.5.
링크 복사

참고

$ oc -n openshift-logging create secret generic gcp-secret --from-file google-application-credentials.json=<your_service_account_key_file.json>

apiVersion: logging.openshift.io/v1
kind: ClusterLogForwarder
metadata:
  name: <log_forwarder_name>

1


  namespace: <log_forwarder_namespace>

2


spec:
  serviceAccountName: <service_account_name>

3


  outputs:
    - name: gcp-1
      type: googleCloudLogging
      secret:
        name: gcp-secret
      googleCloudLogging:
        projectId : "openshift-gce-devel"

4


        logId : "app-gcp"

5


  pipelines:
    - name: test-app
      inputRefs:

6


        - application
      outputRefs:
        - gcp-1

1
2
3
4
5
6

11.4.6.
링크 복사

참고

$ oc -n openshift-logging create secret generic vector-splunk-secret --from-literal hecToken=<HEC_Token>

apiVersion: logging.openshift.io/v1
kind: ClusterLogForwarder
metadata:
  name: <log_forwarder_name>

1


  namespace: <log_forwarder_namespace>

2


spec:
  serviceAccountName: <service_account_name>

3


  outputs:
    - name: splunk-receiver

4


      secret:
        name: vector-splunk-secret

5


      type: splunk

6


      url: <http://your.splunk.hec.url:8088>

7


  pipelines:

8


    - inputRefs:
        - application
        - infrastructure
      name:

9


      outputRefs:
        - splunk-receiver

10

1
2
3
4
5
6
7
8
9
10

11.4.7.
링크 복사

apiVersion: logging.openshift.io/v1
kind: ClusterLogForwarder
metadata:
  name: <log_forwarder_name>

1


  namespace: <log_forwarder_namespace>

2


spec:
  serviceAccountName: <service_account_name>

3


  outputs:
    - name: httpout-app
      type: http
      url:

4


      http:
        headers:

5


          h1: v1
          h2: v2
        method: POST
      secret:
        name:

6


      tls:
        insecureSkipVerify:

7


  pipelines:
    - name:
      inputRefs:
        - application
      outputRefs:
        - httpout-app

8

1
2
3
4
5
6
7
8

11.4.8.
링크 복사

apiVersion: v1
kind: Secret
metadata:
  name: my-secret
  namespace: openshift-logging
type: Opaque
data:
  shared_key: <your_shared_key>

1

1

Get-AzOperationalInsightsWorkspaceSharedKey -ResourceGroupName "<resource_name>" -Name "<workspace_name>”

apiVersion: "logging.openshift.io/v1"
kind: "ClusterLogForwarder"
metadata:
  name: instance
  namespace: openshift-logging
spec:
  outputs:
  - name: azure-monitor
    type: azureMonitor
    azureMonitor:
      customerId: my-customer-id

1


      logType: my_log_type

2


    secret:
       name: my-secret
  pipelines:
  - name: app-pipeline
    inputRefs:
    - application
    outputRefs:
    - azure-monitor

1
2

apiVersion: "logging.openshift.io/v1"
kind: "ClusterLogForwarder"
metadata:
  name: instance
  namespace: openshift-logging
spec:
  outputs:
  - name: azure-monitor-app
    type: azureMonitor
    azureMonitor:
      customerId: my-customer-id
      logType: application_log

1


    secret:
      name: my-secret
  - name: azure-monitor-infra
    type: azureMonitor
    azureMonitor:
      customerId: my-customer-id
      logType: infra_log #
    secret:
      name: my-secret
  pipelines:
    - name: app-pipeline
      inputRefs:
      - application
      outputRefs:
      - azure-monitor-app
    - name: infra-pipeline
      inputRefs:
      - infrastructure
      outputRefs:
      - azure-monitor-infra

1

apiVersion: "logging.openshift.io/v1"
kind: "ClusterLogForwarder"
metadata:
  name: instance
  namespace: openshift-logging
spec:
  outputs:
  - name: azure-monitor
    type: azureMonitor
    azureMonitor:
      customerId: my-customer-id
      logType: my_log_type
      azureResourceId: "/subscriptions/111111111"

1


      host: "ods.opinsights.azure.com"

2


    secret:
       name: my-secret
  pipelines:
  - name: app-pipeline
    inputRefs:
    - application
    outputRefs:
    - azure-monitor

1
2

11.4.9.
링크 복사

apiVersion: logging.openshift.io/v1
kind: ClusterLogForwarder
metadata:
  name: instance

1


  namespace: openshift-logging

2


spec:
  outputs:
   - name: fluentd-server-secure

3


     type: fluentdForward

4


     url: 'tls://fluentdserver.security.example.com:24224'

5


     secret:

6


        name: fluentd-secret
   - name: fluentd-server-insecure
     type: fluentdForward
     url: 'tcp://fluentdserver.home.example.com:24224'
  inputs:

7


   - name: my-app-logs
     application:
        namespaces:
        - my-project

8


  pipelines:
   - name: forward-to-fluentd-insecure

9


     inputRefs:

10


     - my-app-logs
     outputRefs:

11


     - fluentd-server-insecure
     labels:
       project: "my-project"

12


   - name: forward-to-fluentd-secure

13


     inputRefs:
     - application

14


     - audit
     - infrastructure
     outputRefs:
     - fluentd-server-secure
     - default
     labels:
       clusterId: "C1234"

```
$ oc apply -f <filename>.yaml
```

11.4.10.
링크 복사

apiVersion: logging.openshift.io/v1
kind: ClusterLogForwarder
metadata:
  name: <log_forwarder_name>

1


  namespace: <log_forwarder_namespace>

2


spec:
  pipelines:
    - inputRefs: [ myAppLogData ]

3


      outputRefs: [ default ]

4


  inputs:

5


    - name: myAppLogData
      application:
        selector:
          matchLabels:

6


            environment: production
            app: nginx
        namespaces:

7


        - app1
        - app2
  outputs:

8


    - <output_name>
    ...

1
2
3
4
5
6
7
8

- inputRefs: [ myAppLogData, myOtherAppLogData ]

```
$ oc create -f <file-name>.yaml
```

11.4.11.
링크 복사

참고

참고

apiVersion: logging.openshift.io/v1
kind: ClusterLogForwarder
metadata:
  name: instance
  namespace: openshift-logging
spec:
  pipelines:
    - name: my-pipeline
      inputRefs: audit

1


      filterRefs: my-policy

2


      outputRefs: default
  filters:
    - name: my-policy
      type: kubeAPIAudit
      kubeAPIAudit:
        # Don't generate audit events for all requests in RequestReceived stage.
        omitStages:
          - "RequestReceived"

        rules:
          # Log pod changes at RequestResponse level
          - level: RequestResponse
            resources:
            - group: ""
              resources: ["pods"]

          # Log "pods/log", "pods/status" at Metadata level
          - level: Metadata
            resources:
            - group: ""
              resources: ["pods/log", "pods/status"]

          # Don't log requests to a configmap called "controller-leader"
          - level: None
            resources:
            - group: ""
              resources: ["configmaps"]
              resourceNames: ["controller-leader"]

          # Don't log watch requests by the "system:kube-proxy" on endpoints or services
          - level: None
            users: ["system:kube-proxy"]
            verbs: ["watch"]
            resources:
            - group: "" # core API group
              resources: ["endpoints", "services"]

          # Don't log authenticated requests to certain non-resource URL paths.
          - level: None
            userGroups: ["system:authenticated"]
            nonResourceURLs:
            - "/api*" # Wildcard matching.
            - "/version"

          # Log the request body of configmap changes in kube-system.
          - level: Request
            resources:
            - group: "" # core API group
              resources: ["configmaps"]
            # This rule only applies to resources in the "kube-system" namespace.
            # The empty string "" can be used to select non-namespaced resources.
            namespaces: ["kube-system"]

          # Log configmap and secret changes in all other namespaces at the Metadata level.
          - level: Metadata
            resources:
            - group: "" # core API group
              resources: ["secrets", "configmaps"]

          # Log all other resources in core and extensions at the Request level.
          - level: Request
            resources:
            - group: "" # core API group
            - group: "extensions" # Version of group should NOT be included.

          # A catch-all rule to log all other requests at the Metadata level.
          - level: Metadata

1
2

11.4.12.
링크 복사

apiVersion: logging.openshift.io/v1
kind: ClusterLogForwarder
metadata:
  name: <log_forwarder_name>

1


  namespace: <log_forwarder_namespace>

2


spec:
  serviceAccountName: <service_account_name>

3


  outputs:
  - name: loki-insecure

4


    type: "loki"

5


    url: http://loki.insecure.com:3100

6


    loki:
      tenantKey: kubernetes.namespace_name
      labelKeys:
      - kubernetes.labels.foo
  - name: loki-secure

7


    type: "loki"
    url: https://loki.secure.com:3100
    secret:
      name: loki-secret

8


    loki:
      tenantKey: kubernetes.namespace_name

9


      labelKeys:
      - kubernetes.labels.foo

10


  pipelines:
  - name: application-logs

11


    inputRefs:

12


    - application
    - audit
    outputRefs:

13


    - loki-secure

1
2
3
4
5
6
7
8
9
10
11
12
13

참고

```
$ oc apply -f <filename>.yaml
```

11.4.13.
링크 복사

참고

apiVersion: logging.openshift.io/v1
kind: ClusterLogForwarder
metadata:
  name: <log_forwarder_name>

1


  namespace: <log_forwarder_namespace>

2


spec:
  serviceAccountName: <service_account_name>

3


  outputs:
   - name: elasticsearch-example

4


     type: elasticsearch

5


     elasticsearch:
       version: 8

6


     url: http://elasticsearch.example.com:9200

7


     secret:
       name: es-secret

8


  pipelines:
   - name: application-logs

9


     inputRefs:

10


     - application
     - audit
     outputRefs:
     - elasticsearch-example

11


     - default

12


     labels:
       myLabel: "myValue"

13


# ...

1
2
3
4
5
6
7
8
9
10
11
12
13

```
$ oc apply -f <filename>.yaml
```

apiVersion: v1
kind: Secret
metadata:
  name: openshift-test-secret
data:
  username: <username>
  password: <password>
# ...

$ oc create secret -n openshift-logging openshift-test-secret.yaml

kind: ClusterLogForwarder
metadata:
  name: instance
  namespace: openshift-logging
spec:
  outputs:
   - name: elasticsearch
     type: "elasticsearch"
     url: https://elasticsearch.secure.com:9200
     secret:
        name: openshift-test-secret
# ...

참고

```
$ oc apply -f <filename>.yaml
```

11.4.14.
링크 복사

apiVersion: logging.openshift.io/v1
kind: ClusterLogForwarder
metadata:
  name: instance

1


  namespace: openshift-logging

2


spec:
  outputs:
   - name: fluentd-server-secure

3


     type: fluentdForward

4


     url: 'tls://fluentdserver.security.example.com:24224'

5


     secret:

6


        name: fluentd-secret
   - name: fluentd-server-insecure
     type: fluentdForward
     url: 'tcp://fluentdserver.home.example.com:24224'
  pipelines:
   - name: forward-to-fluentd-secure

7


     inputRefs:

8


     - application
     - audit
     outputRefs:
     - fluentd-server-secure

9


     - default

10


     labels:
       clusterId: "C1234"

11


   - name: forward-to-fluentd-insecure

12


     inputRefs:
     - infrastructure
     outputRefs:
     - fluentd-server-insecure
     labels:
       clusterId: "C1234"

```
$ oc create -f <file-name>.yaml
```

11.4.14.1.
링크 복사

input { tcp { codec => fluent { nanosecond_precision => true } port => 24114 } }
filter { }
output { stdout { codec => rubydebug } }

11.4.15.
링크 복사

apiVersion: logging.openshift.io/v1
kind: ClusterLogForwarder
metadata:
  name: <log_forwarder_name>

1


  namespace: <log_forwarder_namespace>

2


spec:
  serviceAccountName: <service_account_name>

3


  outputs:
   - name: rsyslog-east

4


     type: syslog

5


     syslog:

6


       facility: local0
       rfc: RFC3164
       payloadKey: message
       severity: informational
     url: 'tls://rsyslogserver.east.example.com:514'

7


     secret:

8


        name: syslog-secret
   - name: rsyslog-west
     type: syslog
     syslog:
      appName: myapp
      facility: user
      msgID: mymsg
      procID: myproc
      rfc: RFC5424
      severity: debug
     url: 'tcp://rsyslogserver.west.example.com:514'
  pipelines:
   - name: syslog-east

9


     inputRefs:

10


     - audit
     - application
     outputRefs:

11


     - rsyslog-east
     - default

12


     labels:
       secure: "true"

13


       syslog: "east"
   - name: syslog-west

14


     inputRefs:
     - infrastructure
     outputRefs:
     - rsyslog-west
     - default
     labels:
       syslog: "west"

```
$ oc create -f <filename>.yaml
```

11.4.15.1.
링크 복사

  spec:
    outputs:
    - name: syslogout
      syslog:
        addLogSource: true
        facility: user
        payloadKey: message
        rfc: RFC3164
        severity: debug
        tag: mytag
      type: syslog
      url: tls://syslog-receiver.openshift-logging.svc:24224
    pipelines:
    - inputRefs:
      - application
      name: test-app
      outputRefs:
      - syslogout

참고

<15>1 2020-11-15T17:06:14+00:00 fluentd-9hkb4 mytag - - -  {"msgcontent"=>"Message Contents", "timestamp"=>"2020-11-15 17:06:09", "tag_key"=>"rec_tag", "index"=>56}

<15>1 2020-11-16T10:49:37+00:00 crc-j55b9-master-0 mytag - - -  namespace_name=clo-test-6327,pod_name=log-generator-ff9746c49-qxm7l,container_name=log-generator,message={"msgcontent":"My life is my message", "timestamp":"2020-11-16 10:49:36", "tag_key":"rec_tag", "index":76}

11.4.15.2.
링크 복사

참고

11.4.15.3.
링크 복사

11.4.16.
링크 복사

apiVersion: logging.openshift.io/v1
kind: ClusterLogForwarder
metadata:
  name: <log_forwarder_name>

1


  namespace: <log_forwarder_namespace>

2


spec:
  serviceAccountName: <service_account_name>

3


  outputs:
   - name: app-logs

4


     type: kafka

5


     url: tls://kafka.example.devlab.com:9093/app-topic

6


     secret:
       name: kafka-secret

7


   - name: infra-logs
     type: kafka
     url: tcp://kafka.devlab2.example.com:9093/infra-topic

8


   - name: audit-logs
     type: kafka
     url: tls://kafka.qelab.example.com:9093/audit-topic
     secret:
        name: kafka-secret-qe
  pipelines:
   - name: app-topic

9


     inputRefs:

10


     - application
     outputRefs:

11


     - app-logs
     labels:
       logType: "application"

12


   - name: infra-topic

13


     inputRefs:
     - infrastructure
     outputRefs:
     - infra-logs
     labels:
       logType: "infra"
   - name: audit-topic
     inputRefs:
     - audit
     outputRefs:
     - audit-logs
     labels:
       logType: "audit"

# ...
spec:
  outputs:
  - name: app-logs
    type: kafka
    secret:
      name: kafka-secret-dev
    kafka:

1


      brokers:

2


        - tls://kafka-broker1.example.com:9093/
        - tls://kafka-broker2.example.com:9093/
      topic: app-topic

3


# ...

1
2
3

```
$ oc apply -f <filename>.yaml
```

11.4.17.
링크 복사

apiVersion: v1
kind: Secret
metadata:
  name: cw-secret
  namespace: openshift-logging
data:
  aws_access_key_id: QUtJQUlPU0ZPRE5ON0VYQU1QTEUK
  aws_secret_access_key: d0phbHJYVXRuRkVNSS9LN01ERU5HL2JQeFJmaUNZRVhBTVBMRUtFWQo=

```
$ oc apply -f cw-secret.yaml
```

apiVersion: logging.openshift.io/v1
kind: ClusterLogForwarder
metadata:
  name: <log_forwarder_name>

1


  namespace: <log_forwarder_namespace>

2


spec:
  serviceAccountName: <service_account_name>

3


  outputs:
   - name: cw

4


     type: cloudwatch

5


     cloudwatch:
       groupBy: logType

6


       groupPrefix: <group prefix>

7


       region: us-east-2

8


     secret:
        name: cw-secret

9


  pipelines:
    - name: infra-logs

10


      inputRefs:

11


        - infrastructure
        - audit
        - application
      outputRefs:
        - cw

12

```
$ oc create -f <file-name>.yaml
```

$ oc get Infrastructure/cluster -ojson | jq .status.infrastructureName
"mycluster-7977k"

$ oc run busybox --image=busybox -- sh -c 'while true; do echo "My life is my message"; sleep 3; done'
$ oc logs -f busybox
My life is my message
My life is my message
My life is my message
...

$ oc get ns/app -ojson | jq .metadata.uid
"794e1e1a-b9f5-4958-a190-e76a9b53d7bf"

apiVersion: "logging.openshift.io/v1"
kind: ClusterLogForwarder
metadata:
  name: instance
  namespace: openshift-logging
spec:
  outputs:
   - name: cw
     type: cloudwatch
     cloudwatch:
       groupBy: logType
       region: us-east-2
     secret:
        name: cw-secret
  pipelines:
    - name: all-logs
      inputRefs:
        - infrastructure
        - audit
        - application
      outputRefs:
        - cw

$ aws --output json logs describe-log-groups | jq .logGroups[].logGroupName
"mycluster-7977k.application"
"mycluster-7977k.audit"
"mycluster-7977k.infrastructure"

$ aws --output json logs describe-log-streams --log-group-name mycluster-7977k.application | jq .logStreams[].logStreamName
"kubernetes.var.log.containers.busybox_app_busybox-da085893053e20beddd6747acdbaf98e77c37718f85a7f6a4facf09ca195ad76.log"

$ aws --output json logs describe-log-streams --log-group-name mycluster-7977k.audit | jq .logStreams[].logStreamName
"ip-10-0-131-228.us-east-2.compute.internal.k8s-audit.log"
"ip-10-0-131-228.us-east-2.compute.internal.linux-audit.log"
"ip-10-0-131-228.us-east-2.compute.internal.openshift-audit.log"
...

$ aws --output json logs describe-log-streams --log-group-name mycluster-7977k.infrastructure | jq .logStreams[].logStreamName
"ip-10-0-131-228.us-east-2.compute.internal.kubernetes.var.log.containers.apiserver-69f9fd9b58-zqzw5_openshift-oauth-apiserver_oauth-apiserver-453c5c4ee026fe20a6139ba6b1cdd1bed25989c905bf5ac5ca211b7cbb5c3d7b.log"
"ip-10-0-131-228.us-east-2.compute.internal.kubernetes.var.log.containers.apiserver-797774f7c5-lftrx_openshift-apiserver_openshift-apiserver-ce51532df7d4e4d5f21c4f4be05f6575b93196336be0027067fd7d93d70f66a4.log"
"ip-10-0-131-228.us-east-2.compute.internal.kubernetes.var.log.containers.apiserver-797774f7c5-lftrx_openshift-apiserver_openshift-apiserver-check-endpoints-82a9096b5931b5c3b1d6dc4b66113252da4a6472c9fff48623baee761911a9ef.log"
...

$ aws logs get-log-events --log-group-name mycluster-7977k.application --log-stream-name kubernetes.var.log.containers.busybox_app_busybox-da085893053e20beddd6747acdbaf98e77c37718f85a7f6a4facf09ca195ad76.log
{
    "events": [
        {
            "timestamp": 1629422704178,
            "message": "{\"docker\":{\"container_id\":\"da085893053e20beddd6747acdbaf98e77c37718f85a7f6a4facf09ca195ad76\"},\"kubernetes\":{\"container_name\":\"busybox\",\"namespace_name\":\"app\",\"pod_name\":\"busybox\",\"container_image\":\"docker.io/library/busybox:latest\",\"container_image_id\":\"docker.io/library/busybox@sha256:0f354ec1728d9ff32edcd7d1b8bbdfc798277ad36120dc3dc683be44524c8b60\",\"pod_id\":\"870be234-90a3-4258-b73f-4f4d6e2777c7\",\"host\":\"ip-10-0-216-3.us-east-2.compute.internal\",\"labels\":{\"run\":\"busybox\"},\"master_url\":\"https://kubernetes.default.svc\",\"namespace_id\":\"794e1e1a-b9f5-4958-a190-e76a9b53d7bf\",\"namespace_labels\":{\"kubernetes_io/metadata_name\":\"app\"}},\"message\":\"My life is my message\",\"level\":\"unknown\",\"hostname\":\"ip-10-0-216-3.us-east-2.compute.internal\",\"pipeline_metadata\":{\"collector\":{\"ipaddr4\":\"10.0.216.3\",\"inputname\":\"fluent-plugin-systemd\",\"name\":\"fluentd\",\"received_at\":\"2021-08-20T01:25:08.085760+00:00\",\"version\":\"1.7.4 1.6.0\"}},\"@timestamp\":\"2021-08-20T01:25:04.178986+00:00\",\"viaq_index_name\":\"app-write\",\"viaq_msg_id\":\"NWRjZmUyMWQtZjgzNC00MjI4LTk3MjMtNTk3NmY3ZjU4NDk1\",\"log_type\":\"application\",\"time\":\"2021-08-20T01:25:04+00:00\"}",
            "ingestionTime": 1629422744016
        },
...

cloudwatch:
    groupBy: logType
    groupPrefix: demo-group-prefix
    region: us-east-2

$ aws --output json logs describe-log-groups | jq .logGroups[].logGroupName
"demo-group-prefix.application"
"demo-group-prefix.audit"
"demo-group-prefix.infrastructure"

cloudwatch:
    groupBy: namespaceName
    region: us-east-2

$ aws --output json logs describe-log-groups | jq .logGroups[].logGroupName
"mycluster-7977k.app"
"mycluster-7977k.audit"
"mycluster-7977k.infrastructure"

cloudwatch:
    groupBy: namespaceUUID
    region: us-east-2

$ aws --output json logs describe-log-groups | jq .logGroups[].logGroupName
"mycluster-7977k.794e1e1a-b9f5-4958-a190-e76a9b53d7bf" // uid of the "app" namespace
"mycluster-7977k.audit"
"mycluster-7977k.infrastructure"

11.4.18.
링크 복사

$ oc create secret generic cw-sts-secret -n openshift-logging --from-literal=role_arn=arn:aws:iam::123456789012:role/my-role_with-permissions

apiVersion: v1
kind: Secret
metadata:
  namespace: openshift-logging
  name: my-secret-name
stringData:
  role_arn: arn:aws:iam::123456789012:role/my-role_with-permissions

11.4.19.
링크 복사

apiVersion: cloudcredential.openshift.io/v1
kind: CredentialsRequest
metadata:
  name: <your_role_name>-credrequest
  namespace: openshift-cloud-credential-operator
spec:
  providerSpec:
    apiVersion: cloudcredential.openshift.io/v1
    kind: AWSProviderSpec
    statementEntries:
      - action:
          - logs:PutLogEvents
          - logs:CreateLogGroup
          - logs:PutRetentionPolicy
          - logs:CreateLogStream
          - logs:DescribeLogGroups
          - logs:DescribeLogStreams
        effect: Allow
        resource: arn:aws:logs:*:*:*
  secretRef:
    name: <your_role_name>
    namespace: openshift-logging
  serviceAccountNames:
    - logcollector

$ ccoctl aws create-iam-roles \
--name=<name> \
--region=<aws_region> \
--credentials-requests-dir=<path_to_directory_with_list_of_credentials_requests>/credrequests \
--identity-provider-arn=arn:aws:iam::<aws_account_id>:oidc-provider/<name>-oidc.s3.<aws_region>.amazonaws.com

1

1

$ oc apply -f output/manifests/openshift-logging-<your_role_name>-credentials.yaml

apiVersion: logging.openshift.io/v1
kind: ClusterLogForwarder
metadata:
  name: <log_forwarder_name>

1


  namespace: <log_forwarder_namespace>

2


spec:
  serviceAccountName: clf-collector

3


  outputs:
   - name: cw

4


     type: cloudwatch

5


     cloudwatch:
       groupBy: logType

6


       groupPrefix: <group prefix>

7


       region: us-east-2

8


     secret:
        name: <your_secret_name>

9


  pipelines:
    - name: to-cloudwatch

10


      inputRefs:

11


        - infrastructure
        - audit
        - application
      outputRefs:
        - cw

12

11.4.1.
링크 복사

11.4.1.1.
링크 복사

11.4.2.
링크 복사

11.4.3.
링크 복사

11.4.4.
링크 복사

11.4.4.1.
링크 복사

11.4.4.2.
링크 복사

11.4.5.
링크 복사

11.4.6.
링크 복사

11.4.7.
링크 복사

11.4.8.
링크 복사

11.4.9.
링크 복사

11.4.10.
링크 복사

11.4.11.
링크 복사

11.4.12.
링크 복사

11.4.13.
링크 복사

11.4.14.
링크 복사

11.4.14.1.
링크 복사

11.4.15.
링크 복사

11.4.15.1.
링크 복사

11.4.15.2.
링크 복사

11.4.15.3.
링크 복사

11.4.16.
링크 복사

11.4.17.
링크 복사

11.4.18.
링크 복사

11.4.19.
링크 복사

자세한 정보

평가판, 구매 및 판매

커뮤니티

Red Hat 문서 정보

보다 포괄적 수용을 위한 오픈 소스 용어 교체

Red Hat 소개

Theme

Red Hat legal and privacy links

Red Hat legal and privacy links

11.4.

11.4.1. 링크 복사링크가 클립보드에 복사되었습니다!

11.4.1.1. 링크 복사링크가 클립보드에 복사되었습니다!

11.4.2. 링크 복사링크가 클립보드에 복사되었습니다!

11.4.3. 링크 복사링크가 클립보드에 복사되었습니다!

11.4.4. 링크 복사링크가 클립보드에 복사되었습니다!

11.4.4.1. 링크 복사링크가 클립보드에 복사되었습니다!

11.4.4.2. 링크 복사링크가 클립보드에 복사되었습니다!

11.4.5. 링크 복사링크가 클립보드에 복사되었습니다!

11.4.6. 링크 복사링크가 클립보드에 복사되었습니다!

11.4.7. 링크 복사링크가 클립보드에 복사되었습니다!

11.4.8. 링크 복사링크가 클립보드에 복사되었습니다!

11.4.9. 링크 복사링크가 클립보드에 복사되었습니다!

11.4.10. 링크 복사링크가 클립보드에 복사되었습니다!

11.4.11. 링크 복사링크가 클립보드에 복사되었습니다!

11.4.12. 링크 복사링크가 클립보드에 복사되었습니다!

11.4.13. 링크 복사링크가 클립보드에 복사되었습니다!

11.4.14. 링크 복사링크가 클립보드에 복사되었습니다!

11.4.14.1. 링크 복사링크가 클립보드에 복사되었습니다!

11.4.15. 링크 복사링크가 클립보드에 복사되었습니다!

11.4.15.1. 링크 복사링크가 클립보드에 복사되었습니다!

11.4.15.2. 링크 복사링크가 클립보드에 복사되었습니다!

11.4.15.3. 링크 복사링크가 클립보드에 복사되었습니다!

11.4.16. 링크 복사링크가 클립보드에 복사되었습니다!

11.4.17. 링크 복사링크가 클립보드에 복사되었습니다!

11.4.18. 링크 복사링크가 클립보드에 복사되었습니다!

11.4.19. 링크 복사링크가 클립보드에 복사되었습니다!

자세한 정보

평가판, 구매 및 판매

커뮤니티

Red Hat 문서 정보

보다 포괄적 수용을 위한 오픈 소스 용어 교체

Red Hat 소개

Theme

Red Hat legal and privacy links

Red Hat legal and privacy links

11.4.1.
링크 복사

11.4.1.1.
링크 복사

11.4.2.
링크 복사

11.4.3.
링크 복사

11.4.4.
링크 복사

11.4.4.1.
링크 복사

11.4.4.2.
링크 복사

11.4.5.
링크 복사

11.4.6.
링크 복사

11.4.7.
링크 복사

11.4.8.
링크 복사

11.4.9.
링크 복사

11.4.10.
링크 복사

11.4.11.
링크 복사

11.4.12.
링크 복사

11.4.13.
링크 복사

11.4.14.
링크 복사

11.4.14.1.
링크 복사

11.4.15.
링크 복사

11.4.15.1.
링크 복사

11.4.15.2.
링크 복사

11.4.15.3.
링크 복사

11.4.16.
링크 복사

11.4.17.
링크 복사

11.4.18.
링크 복사

11.4.19.
링크 복사