spec:
logStore:
elasticsearch:
resources:
limits:
cpu:
memory:
requests:
cpu: 1
memory: 16Gi
type: "elasticsearch"
collection:
logs:
fluentd:
resources:
limits:
cpu:
memory:
requests:
cpu:
memory:
type: "fluentd"
visualization:
kibana:
resources:
limits:
cpu:
memory:
requests:
cpu:
memory:
type: kibana
curation:
curator:
resources:
limits:
memory: 200Mi
requests:
cpu: 200m
memory: 200Mi
type: "curator"
- Documentation
- OpenShift Container Platform
- Logging
- About deploying cluster logging history
- About
- Release notes
- Architecture
- Installing
- Updating clusters
- Support
- Web console
-
Authentication
- Understanding authentication
- Configuring the internal OAuth server
- Understanding identity provider configuration
-
Configuring identity providers
- Configuring an HTPasswd identity provider
- Configuring a Keystone identity provider
- Configuring an LDAP identity provider
- Configuring a basic authentication identity provider
- Configuring a request header identity provider
- Configuring a GitHub or GitHub Enterprise identity provider
- Configuring a GitLab identity provider
- Configuring a Google identity provider
- Configuring an OpenID Connect identity provider
- Configuring certificates
- Using RBAC to define and apply permissions
- Removing the kubeadmin user
- Configuring the user agent
- Understanding and creating service accounts
- Using service accounts in applications
- Using a service account as an OAuth client
- Scoping tokens
- Managing Security Context Constraints
- Impersonating the system:admin user
- Syncing LDAP groups
- Networking
-
Storage
- Understanding persistent storage
-
Configuring persistent storage
- Persistent storage using AWS Elastic Block Store
- Persistent storage using Fibre Channel
- Persistent storage using NFS
- Persistent storage using hostPath
- Persistent Storage using iSCSI
- Persistent storage using Container Storage Interface (CSI)
- Persistent storage using VMware vSphere
- Persistent storage using volume snapshots
- Expanding persistent volumes
- Dynamic provisioning
- Registry
-
Builds
- Understanding image builds
- Understanding build configurations
- Creating build inputs
- Managing build output
- Using build strategies
- Custom image builds with Buildah
- Performing basic builds
- Triggering and modifying builds
- Performing advanced builds
- Using Red Hat subscriptions in builds
- Securing builds by strategy
- Build configuration resources
- Troubleshooting builds
- Setting up additional trusted certificate authorities for builds
- Images
- Applications
- Machine management
-
Nodes
- Working with pods
-
Controlling pod placement onto nodes (scheduling)
- About pod placement using the scheduler
- Configuring the default scheduler to control pod placement
- Placing pods relative to other pods using pod affinity and anti-affinity rules
- Controlling pod placement on nodes using node affinity rules
- Placing pods onto overcommited nodes
- Controlling pod placement using node taints
- Placing pods on specific nodes using node selectors
- Using Jobs and DaemonSets
- Working with nodes
-
Working with containers
- Using containers
- Using Init Containers to perform tasks before a pod is deployed
- Using volumes to persist container data
- Mapping volumes using projected volumes
- Allowing containers to consume API objects
- Copying files to or from a container
- Executing remote commands in a container
- Using port forwarding to access applications in a container
- Working with clusters
-
Logging
- About cluster logging
- About deploying cluster logging
- Deploying cluster logging
- Viewing the Kibana interface
- Deploying and Configuring the Event Router
- Configuring your cluster logging deployment
- Viewing Elasticsearch status
- Moving the cluster logging resources with node selectors
- Manually rolling out Elasticsearch
- Troubleshooting Kibana
- Exported fields
- Uninstalling cluster logging
- Monitoring
- Telemetry
- Scalability and performance
- Backup and restore
- CLI reference
- Service Mesh
-
Serverless applications
- Getting started with OpenShift Serverless
- OpenShift Serverless product architecture
- Installing OpenShift Serverless
- Getting started with Knative services
- Monitoring OpenShift Serverless components
- Cluster logging with OpenShift Serverless
- Configuring Knative Serving autoscaling
- Using Knative Client
- Release Notes
×
About deploying cluster logging
Before installing cluster logging into your cluster, review the following sections.
About deploying and configuring cluster logging
OpenShift Container Platform cluster logging is designed to be used with the default configuration, which is tuned for small to medium sized OpenShift Container Platform clusters.
The installation instructions that follow include a sample Cluster Logging Custom Resource (CR), which you can use to create a cluster logging instance and configure your cluster logging deployment.
If you want to use the default cluster logging install, you can use the sample CR directly.
If you want to customize your deployment, make changes to the sample CR as needed. The following describes the configurations you can make when installing your cluster logging instance or modify after installtion. See the Configuring sections for more information on working with each component, including modifications you can make outside of the Cluster Logging Custom Resource.
Configuring and Tuning Cluster Logging
You can configure your cluster logging environment by modifying the Cluster Logging Custom Resource deployed
in the openshift-logging project.
You can modify any of the following components upon install or after install:
- Memory and CPU
-
You can adjust both the CPU and memory limits for each component by modifying the
resourcesblock with valid memory and CPU values:
- Elasticsearch storage
-
You can configure a persistent storage class and size for the Elasticsearch cluster using the
storageClassnameandsizeparameters. The Cluster Logging Operator creates aPersistentVolumeClaimfor each data node in the Elasticsearch cluster based on these parameters.
spec:
logStore:
type: "elasticsearch"
elasticsearch:
storage:
storageClassName: "gp2"
size: "200G"
This example specifies each data node in the cluster will be bound to a PersistentVolumeClaim that
requests "200G" of "gp2" storage. Each primary shard will be backed by a single replica.
|
Omitting the spec:
logStore:
type: "elasticsearch"
elasticsearch:
storage: {}
|
- Elasticsearch replication policy
-
You can set the policy that defines how Elasticsearch shards are replicated across data nodes in the cluster:
-
FullRedundancy. The shards for each index are fully replicated to every data node. -
MultipleRedundancy. The shards for each index are spread over half of the data nodes. -
SingleRedundancy. A single copy of each shard. Logs are always available and recoverable as long as at least two data nodes exist. -
ZeroRedundancy. No copies of any shards. Logs may be unavailable (or lost) in the event a node is down or fails.
-
- Curator schedule
-
You specify the schedule for Curator in the [cron format](https://en.wikipedia.org/wiki/Cron).
spec:
curation:
type: "curator"
resources:
curator:
schedule: "30 3 * * *"
Sample modified Cluster Logging Custom Resource
The following is an example of a Cluster Logging Custom Resource modified using the options previously described.
Sample modified Cluster Logging Custom Resource
apiVersion: "logging.openshift.io/v1"
kind: "ClusterLogging"
metadata:
name: "instance"
namespace: "openshift-logging"
spec:
managementState: "Managed"
logStore:
type: "elasticsearch"
elasticsearch:
nodeCount: 2
resources:
limits:
memory: 2Gi
requests:
cpu: 200m
memory: 2Gi
storage: {}
redundancyPolicy: "SingleRedundancy"
visualization:
type: "kibana"
kibana:
resources:
limits:
memory: 1Gi
requests:
cpu: 500m
memory: 1Gi
replicas: 1
curation:
type: "curator"
curator:
resources:
limits:
memory: 200Mi
requests:
cpu: 200m
memory: 200Mi
schedule: "*/5 * * * *"
collection:
logs:
type: "fluentd"
fluentd:
resources:
limits:
memory: 1Gi
requests:
cpu: 200m
memory: 1Gi
Storage considerations for cluster logging and OpenShift Container Platform
A persistent volume is required for each Elasticsearch deployment to have one data volume per data node. On OpenShift Container Platform this is achieved using Persistent Volume Claims.
The Elasticsearch Operator names the PVCs using the Elasticsearch resource name. Refer to Persistent Elasticsearch Storage for more details.
Fluentd ships any logs from systemd journal and /var/log/containers/ to Elasticsearch.
Therefore, consider how much data you need in advance and that you are aggregating application log data. Some Elasticsearch users have found that it is necessary to keep absolute storage consumption around 50% and below 70% at all times. This helps to avoid Elasticsearch becoming unresponsive during large merge operations.
By default, at 85% Elasticsearch stops allocating new data to the node, at 90% Elasticsearch attempts to relocate existing shards from that node to other nodes if possible. But if no nodes have free capacity below 85%, Elasticsearch effectively rejects creating new indices and becomes RED.
|
These low and high watermark values are Elasticsearch defaults in the current release. You can modify these values, but you also must apply any modifications to the alerts also. The alerts are based on these defaults. |
Additional resources
For more information on installing operators,see Installing Operators from the OperatorHub.