Configure Kubernetes Logging from the Tanzu Mission Control Catalog

Configure Log Forwarding through Tanzu Mission Control Catalog Packages

Deploying Kubernetes resources usually involves creating or editing YAML manifests in a text editor before finally applying a desired state to the cluster. A YAML manifest saved in version control is a great way to manage configuration options in your Kubernetes clusters, but this might not be the preferred option for some organizations.

Tanzu Mission Control announced a new "Catalog" capability where platform operators can select an application from the catalog and deploy it to one of their Kubernetes clusters managed by Tanzu Mission Control. VMware provides a list of packages included with your TMC version to help you get your clusters up and running with little effort. Things like ingress routing with Contour, cert-manager for applying TLS certificates to your apps, Fluent-bit for logging, and Prometheus for monitoring, to name a few.

This post focuses on one of these packages (fluent-bit) and how you can use the catalog to deploy fluent-bit to your Kubernetes clusters and push logs to vRealize Log Insight Cloud.

Deploy the Fluent-bit Package

Log in to the Tanzu Mission Control portal and select the "Catalog" menu item to deploy a package from the catalog. The catalog screen will open and prompt you to deploy the package on a cluster. Then select the package you wish to install. For this post, we'll use the fluent-bit package.

image-20220103151413-2

Once you've selected the package and the cluster, you will be presented with a new screen that shows details about the package, including version and release notes. The most important part of this screen is the configuration values. These configuration values show what variables can be changed, or are required, to deploy your packages. This screen is purely informational, but you'll need to configure these values in the next step.

image-20220103151342-1

Tanzu Mission Control will now prompt you for deployment information in a wizard-based menu. Give the package a deployment name and select a package version. Click "Next."

image-20220103151445-3

On the next screen, you'll be prompted with some radio buttons. You should be able to leave these settings the default if you're just getting started, but you can change the package's namespace to a custom namespace if you like.

NOTE: this namespace is for the package object and NOT the actual package contents. For example, we might deploy this package to a "Packages" namespace. However, Fluent-bit itself might still be deployed into a logging namespace or wherever you decide to set that variable (seen in the next phase).

image-20220103151749-5

Once you've decided about your package resources, you'll need to set the configuration values for the package. These values were shown during a previous step and are shown again here with an option to modify them. It should be noted that these configuration values will change depending on the type of package used. In our case, we need to make a few changes to the default fluent-bit configuration to push logs to vRealize Insight Cloud using our API token.

image-20220103151831-6

In my case, I needed to change the configurations for the "fluent_bit" object. My full configuration is shown below, which I've pasted into the "Configured values" section.

fluent_bit:
  config:
    service: |
      [Service]
        Flush         3
        Log_Level     info
        Daemon        off
        Parsers_File  parsers.conf
        HTTP_Server   On
        HTTP_Listen   0.0.0.0
        HTTP_Port     2020
    outputs: |
      [OUTPUT]
        Name          http
        Match         *
        tls           On
        tls.verify    Off
        Host          data.mgmt.cloud.vmware.com
        Port          443
        URI           /le-mans/v1/streams/ingestion-pipeline-stream
        Header        Authorization Bearer “Your-API-Token-Goes-Here”
        Format        json
    inputs: |
      [INPUT]
        Name tail
        Path /var/log/containers/*.log
        Parser docker
        Tag kube.*
        Mem_Buf_Limit 5MB
        Skip_Long_Lines On
      [INPUT]
        Name systemd
        Tag host.*
        Systemd_Filter _SYSTEMD_UNIT=kubelet.service
        Read_From_Tail On
    filters: |
      [FILTER]
        Name                kubernetes
        Match               kube.*
        Kube_URL            https://kubernetes.default.svc:443
        Kube_CA_File        /var/run/secrets/kubernetes.io/serviceaccount/ca.crt
        Kube_Token_File     /var/run/secrets/kubernetes.io/serviceaccount/token
        Kube_Tag_Prefix     kube.var.log.containers.
        Merge_Log           On
        Merge_Log_Key       log_processed
        K8S-Logging.Parser  On
        K8S-Logging.Exclude On
      [FILTER]
        Name                modify
        Match               *
        Rename message text
    parsers: |
      [PARSER]
        Name   json
        Format json
        Time_Key time
        Time_Format %d/%b/%Y:%H:%M:%S %z
    streams: ""
    plugins: ""
  #! optional configuration for the daemonset
  daemonset:
    resources:
    #! limits:
    #!   cpu: 100m
    #!   memory: 128Mi
    #! requests:
    #!   cpu: 100m
    #!   memory: 128Mi
    podAnnotations: {}
    podLabels: {}

Once your configuration is in place, click the "Install Package" button to begin the deployment.

Within the Tanzu Mission Control portal, you can look at the installed packages under the "Add-ons" tab of the cluster view. You can see from the screenshot below that two packages were already successfully deployed, and our fluent-bit package is in the process of being deployed.

image-20220103151908-7

Once the reconciliation loops are complete, you should see a "Succeeded" status message or an error with some information about what failed during the deployment.

image-20220103151939-8

If your fluent-bit configuration succeeded, you should start seeing logs in your vRealize Log Insight instance within a couple of minutes. Your next steps would be to build fancy dashboards or alerts out of those new logs that vRealize Log Insight is receiving.

image-20220103151602-4

Summary and Additional Resources

The Tanzu Mission Control catalog feature is a nice way to provide platform operators a GUI based method of deploying software to Kubernetes clusters. Platform operators can use these catalog items to configure any Kubernetes clusters registered with TMC so they can quickly update their fleet of clusters. VMware Cloud on AWS customers are entitled to this catalog feature for free with their Tanzu Mission Control Essentials licensing that comes with VMware Cloud on AWS.

Additional Resources

Tanzu Mission Control Documentation

Changelog

The following updates were made to this guide.

Date 

Description of Changes

2022-01-03

Initial publication

About the Author and Contributors

Eric Shanks has spent two decades working with VMware and cloud technologies focusing on hybrid cloud and automation. Eric has obtained some of the industry's highest distinctions, including two VMware Certified Design Expert (VCDX #195) certifications and many others across various solutions, including Microsoft, Cisco, and Amazon Web Services.

Eric's acted as a community contributor as a Chicago VMUG Users Group leader, blogger at theITHollow.com, and Tech Field Day delegate.

  • Eric Shanks, Sr. Technical Marketing Architect, Cloud Services Business Unit, VMware

 

 


 

Filter Tags

App Modernization Operations and Management Tanzu VMware Cloud on AWS Document Feature Walkthrough Intermediate Manage