You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardexpand all lines: cs_at_events.md
+1-4
Original file line number
Diff line number
Diff line change
@@ -2,7 +2,7 @@
2
2
3
3
copyright:
4
4
years: 2017, 2019
5
-
lastupdated: "2019-09-25"
5
+
lastupdated: "2019-10-01"
6
6
7
7
keywords: kubernetes, iks, audit
8
8
@@ -34,9 +34,6 @@ You can view, manage, and audit user-initiated activities in your {{site.data.ke
34
34
You can also collect Kubernetes API audit logs from your cluster and forward them to {{site.data.keyword.la_full_notm}}. To access Kubernetes audit logs, you must [create an audit webhook in your cluster](/docs/containers?topic=containers-health#webhook_logdna).
35
35
{: tip}
36
36
37
-
Previously, you could collect and forward audit logs to {{site.data.keyword.cloudaccesstrailfull_notm}} with LogAnalysis. As of 30 April 2019, you cannot provision new {{site.data.keyword.loganalysisshort_notm}} instances, and all Lite plan instances are deleted. Existing premium plan instances are supported until 30 September 2019. To continue collecting audit logs for your cluster, you must set up {{site.data.keyword.at_full_notm}}.
Copy file name to clipboardexpand all lines: cs_firewall.md
+2-63
Original file line number
Diff line number
Diff line change
@@ -2,7 +2,7 @@
2
2
3
3
copyright:
4
4
years: 2014, 2019
5
-
lastupdated: "2019-09-26"
5
+
lastupdated: "2019-10-01"
6
6
7
7
keywords: kubernetes, iks, firewall, vyatta, ips
8
8
@@ -347,71 +347,10 @@ If you have a firewall on the public network in your IBM Cloud infrastructure ac
347
347
- `TCP port 443 FROM <each_worker_node_publicIP> TO https://iam.bluemix.net`
348
348
- `TCP port 443 FROM <each_worker_node_publicIP> TO https://iam.cloud.ibm.com`
349
349
350
-
5. Optional: Allow outgoing network traffic from the worker nodes to {{site.data.keyword.monitoringlong_notm}}, {{site.data.keyword.loganalysislong_notm}}, Sysdig, and LogDNA services:
351
-
* **{{site.data.keyword.monitoringlong_notm}}**:
352
-
<pre class="screen">TCP port 443, port 9095 FROM <each_worker_node_public_IP> TO <monitoring_subnet></pre>
353
-
Replace <em><monitoring_subnet></em> with the subnets for the monitoring regions to which you want to allow traffic:
354
-
<p><table summary="The first row in the table spans both columns. The rest of the rows should be read left to right, with the server zone in column one and IP addresses to match in column two.">
355
-
<caption>IP addresses to open for monitoring traffic</caption>
5. Optional: Allow outgoing network traffic from the worker nodes to Sysdig and LogDNA services:
379
351
* **{{site.data.keyword.mon_full_notm}}**:
380
352
<pre class="screen">TCP port 443, port 6443 FROM <each_worker_node_public_IP> TO <sysdig_public_IP></pre>
381
353
Replace <em><sysdig_public_IP></em> with the [Sysdig IP addresses](/docs/services/Monitoring-with-Sysdig?topic=Sysdig-network#network).
382
-
* **{{site.data.keyword.loganalysislong_notm}}**:
383
-
<pre class="screen">TCP port 443, port 9091 FROM <each_worker_node_public_IP> TO <logging_public_IP></pre>
384
-
Replace <em><logging_public_IP></em> with all of the addresses for the logging regions to which you want to allow traffic:
385
-
<p><table summary="The first row in the table spans both columns. The rest of the rows should be read left to right, with the server zone in column one and IP addresses to match in column two.">
386
-
<caption>IP addresses to open for logging traffic</caption>
Copy file name to clipboardexpand all lines: cs_health.md
+6-40
Original file line number
Diff line number
Diff line change
@@ -2,7 +2,7 @@
2
2
3
3
copyright:
4
4
years: 2014, 2019
5
-
lastupdated: "2019-09-26"
5
+
lastupdated: "2019-10-01"
6
6
7
7
keywords: kubernetes, iks, logmet, logs, metrics
8
8
@@ -42,7 +42,7 @@ You can choose your logging solution based on which cluster components you need
42
42
<dl>
43
43
44
44
<dt>{{site.data.keyword.la_full}}</dt>
45
-
<dd>Manage pod container logs by deploying LogDNA as a third-party service to your cluster. To use {{site.data.keyword.la_full_notm}}, you must deploy a logging agent to every worker node in your cluster. This agent collects logs with the extension `*.log` and extensionless files that are stored in the `/var/log` directory of your pod from all namespaces, including `kube-system`. The agent then forwards the logs to the {{site.data.keyword.la_full_notm}} service. For more information about the service, see the [{{site.data.keyword.la_full_notm}}](/docs/services/Log-Analysis-with-LogDNA?topic=LogDNA-about) documentation. To get started, see [Managing Kubernetes cluster logs with {{site.data.keyword.loganalysisfull_notm}} with LogDNA](/docs/services/Log-Analysis-with-LogDNA/tutorials?topic=LogDNA-kube#kube).
45
+
<dd>Manage pod container logs by deploying LogDNA as a third-party service to your cluster. To use {{site.data.keyword.la_full_notm}}, you must deploy a logging agent to every worker node in your cluster. This agent collects logs with the extension `*.log` and extensionless files that are stored in the `/var/log` directory of your pod from all namespaces, including `kube-system`. The agent then forwards the logs to the {{site.data.keyword.la_full_notm}} service. For more information about the service, see the [{{site.data.keyword.la_full_notm}}](/docs/services/Log-Analysis-with-LogDNA?topic=LogDNA-about) documentation. To get started, see [Managing Kubernetes cluster logs with {{site.data.keyword.la_full_notm}}](/docs/services/Log-Analysis-with-LogDNA/tutorials?topic=LogDNA-kube#kube).
46
46
47
47
<dt>{{site.data.keyword.at_full}}</dt>
48
48
<dd>To monitor user-initiated administrative activity made in your cluster, {{site.data.keyword.containershort_notm}} automatically generates cluster management events and forwards these event logs to {{site.data.keyword.at_full_notm}}. To access these logs, [provision an instance of {{site.data.keyword.at_full_notm}}](/docs/services/Activity-Tracker-with-LogDNA?topic=logdnaat-getting-started). For more information about the types of {{site.data.keyword.containerlong_notm}} events that you can track, see [Activity Tracker events](/docs/containers?topic=containers-at_events).</dd>
@@ -58,14 +58,6 @@ You can choose your logging solution based on which cluster components you need
58
58
<dd>If you have special requirements, you can set up your own logging solution. Check out third-party logging services that you can add to your cluster in [Logging and monitoring integrations](/docs/containers?topic=containers-supported_integrations#health_services). To check the logs of an individual Kubernetes pod or other resource, you can run `kubectl logs <resource_name>`. By default, logs are stored in `/var/log` for the namespace. For example, you can collect container logs from the `/var/log/pods/` path. You might write a script to export logs to a persistent storage device that you can use to analyze with your own logging solution.<pclass="important">To check the logs for individual app pods, run `kubectl logs <podname>`. Do not use the Kubernetes dashboard to stream logs for your pods, which might cause a disruption in your access to the Kubernetes dashboard.</p></dd>
59
59
</dd>
60
60
61
-
<dt>Deprecated: Fluentd with {{site.data.keyword.loganalysisfull}}</dt>
62
-
<dd><pclass="deprecated">Previously, you could create a logging configuration to forward logs that are collected by the Fluentd cluster component to {{site.data.keyword.loganalysisfull_notm}}. As of 30 April 2019, you cannot provision new {{site.data.keyword.loganalysisshort_notm}} instances, and all Lite plan instances are deleted. On 30 September 2019, {{site.data.keyword.containerlong_notm}} is disabling log forwarding from the Fluentd cluster component to {{site.data.keyword.loganalysisshort_notm}} for existing premium plan instances. To continue collecting logs for your cluster, you must set up {{site.data.keyword.la_full_notm}} or change your configuration to forward logs to an external server.</p>
63
-
</dd>
64
-
65
-
<dt>Deprecated: {{site.data.keyword.cloudaccesstrailfull_notm}} with LogAnalysis</dt>
66
-
<dd><pclass="deprecated">Previously, you could collect and forward audit logs to {{site.data.keyword.cloudaccesstrailfull_notm}} with LogAnalysis. As of 30 April 2019, you cannot provision new {{site.data.keyword.loganalysisshort_notm}} instances, and all Lite plan instances are deleted. Existing premium plan instances are supported until 30 September 2019. To continue collecting audit logs for your cluster, you must set up {{site.data.keyword.at_full_notm}}.</p>
67
-
</dd>
68
-
69
61
</dl>
70
62
71
63
<br />
@@ -83,7 +75,7 @@ Manage logs by deploying LogDNA as a third-party service to your cluster.
83
75
To use {{site.data.keyword.la_full_notm}}, you must deploy a logging agent to every worker node in your cluster.
84
76
{: shortdesc}
85
77
86
-
This agent collects logs with the extension `*.log` and extensionless files that are stored in the `/var/log` directory of your pod from all namespaces, including `kube-system`. The agent then forwards the logs to the {{site.data.keyword.la_full_notm}} service. For more information about the service, see the [{{site.data.keyword.la_full_notm}}](/docs/services/Log-Analysis-with-LogDNA?topic=LogDNA-about) documentation. To get started, see [Managing Kubernetes cluster logs with {{site.data.keyword.loganalysisfull_notm}} with LogDNA](/docs/services/Log-Analysis-with-LogDNA/tutorials?topic=LogDNA-kube#kube).
78
+
This agent collects logs with the extension `*.log` and extensionless files that are stored in the `/var/log` directory of your pod from all namespaces, including `kube-system`. The agent then forwards the logs to the {{site.data.keyword.la_full_notm}} service. For more information about the service, see the [{{site.data.keyword.la_full_notm}}](/docs/services/Log-Analysis-with-LogDNA?topic=LogDNA-about) documentation. To get started, see [Managing Kubernetes cluster logs with {{site.data.keyword.la_full_notm}}](/docs/services/Log-Analysis-with-LogDNA/tutorials?topic=LogDNA-kube#kube).
87
79
88
80
### Forwarding Kubernetes API audit logs
89
81
{: #webhook_logdna}
@@ -323,8 +315,7 @@ The following table shows the different options that you have when you configure
323
315
</tr>
324
316
<tr>
325
317
<td><code><em>--hostname</em></code></td>
326
-
<td><p>For {{site.data.keyword.loganalysisshort_notm}}, use the [ingestion URL](/docs/services/CloudLogAnalysis?topic=cloudloganalysis-log_ingestion#log_ingestion_urls). If you do not specify an ingestion URL, the endpoint for the region in which you created your cluster is used.</p>
327
-
<p>For syslog, specify the hostname or IP address of the log collector service.</p></td>
318
+
<td>Specify the hostname or IP address of the log collector service.</td>
328
319
</tr>
329
320
<tr>
330
321
<td><code><em>--port</em></code></td>
@@ -719,31 +710,6 @@ Because Kubernetes API Server logs are automatically streamed, they're also auto
719
710
<br />
720
711
721
712
722
-
## Deprecated: Forwarding logs to {{site.data.keyword.loganalysisfull_notm}}
723
-
{: #loga}
724
-
725
-
Previously, you could create a logging configuration to forward logs that are collected by the Fluentd cluster component to {{site.data.keyword.loganalysisfull_notm}}. As of 30 April 2019, {{site.data.keyword.loganalysisfull_notm}} is deprecated. You cannot provision new {{site.data.keyword.loganalysisshort_notm}} instances, and all Lite plan instances are deleted. Existing premium plan instances are supported until 30 September 2019.
726
-
{: deprecated}
727
-
728
-
To continue collecting logs for your cluster, you have the following options:
729
-
* Set up {{site.data.keyword.la_full_notm}}. For more information, see [Transitioning to {{site.data.keyword.la_full_notm}}](/docs/services/CloudLogAnalysis?topic=cloudloganalysis-transition).
730
-
* [Change your configuration to forward logs to an external server](#configuring).
731
-
732
-
For more information about existing {{site.data.keyword.loganalysisshort_notm}} instances, see the [{{site.data.keyword.loganalysisshort_notm}} documentation](/docs/services/CloudLogAnalysis?topic=cloudloganalysis-containers_kube_other_logs).
733
-
734
-
<br />
735
-
736
-
737
-
## Deprecated: Forwarding Kubernetes API audit logs to {{site.data.keyword.cloudaccesstrailfull_notm}} with LogAnalysis
738
-
{: #api_forward}
739
-
740
-
<p class="deprecated">Previously, you could collect and forward audit logs to {{site.data.keyword.cloudaccesstrailfull_notm}} with LogAnalysis. As of 30 April 2019, you cannot provision new {{site.data.keyword.loganalysisshort_notm}} instances, and all Lite plan instances are deleted. Existing premium plan instances are supported until 30 September 2019.</p>
741
-
742
-
To continue collecting audit logs for your cluster, you must set up {{site.data.keyword.at_full_notm}}. For more information about the types of {{site.data.keyword.containerlong_notm}} events that you can track, see [Activity Tracker events](/docs/containers?topic=containers-at_events). For more information about the service, see the [{{site.data.keyword.at_full_notm}}](/docs/services/Activity-Tracker-with-LogDNA?topic=logdnaat-getting-started) documentation.
743
-
744
-
<br />
745
-
746
-
747
713
## Choosing a monitoring solution
748
714
{: #view_metrics}
749
715
@@ -758,8 +724,8 @@ To avoid conflicts when using metrics services, be sure that clusters across res
758
724
{: tip}
759
725
760
726
<dl>
761
-
<dt>{{site.data.keyword.mon_full_notm}}</dt>
762
-
<dd>Gain operational visibility into the performance and health of your apps by deploying Sysdig as a third-party service to your worker nodes to forward metrics to {{site.data.keyword.monitoringlong}}. For more information, see [Analyzing metrics for an app that is deployed in a Kubernetes cluster](/docs/services/Monitoring-with-Sysdig/tutorials?topic=Sysdig-kubernetes_cluster#kubernetes_cluster).</dd>
727
+
<dt>{{site.data.keyword.mon_full}}</dt>
728
+
<dd>Gain operational visibility into the performance and health of your apps by deploying Sysdig as a third-party service to your worker nodes to forward metrics to {{site.data.keyword.mon_full_notm}}. For more information, see [Analyzing metrics for an app that is deployed in a Kubernetes cluster](/docs/services/Monitoring-with-Sysdig/tutorials?topic=Sysdig-kubernetes_cluster#kubernetes_cluster).</dd>
763
729
764
730
<dt>Kubernetes dashboard</dt>
765
731
<dd>The Kubernetes dashboard is an administrative web interface where you can review the health of your worker nodes, find Kubernetes resources, deploy containerized apps, and troubleshoot apps with logging and monitoring information. For more information about how to access your Kubernetes dashboard, see [Launching the Kubernetes dashboard for {{site.data.keyword.containerlong_notm}}](/docs/containers?topic=containers-app#cli_dashboard).</dd>
Copy file name to clipboardexpand all lines: cs_integrations_overview.md
+3-3
Original file line number
Diff line number
Diff line change
@@ -2,7 +2,7 @@
2
2
3
3
copyright:
4
4
years: 2014, 2019
5
-
lastupdated: "2019-08-23"
5
+
lastupdated: "2019-10-01"
6
6
7
7
keywords: kubernetes, iks, helm
8
8
@@ -118,7 +118,7 @@ You can use various external services and catalog services with a standard Kuber
118
118
<tr>
119
119
<td>{{site.data.keyword.la_full}}</td>
120
120
<td>Cluster and app logs</td>
121
-
<td>Add log management capabilities to your cluster by deploying LogDNA as a third-party service to your worker nodes to manage logs from your pod containers. For more information, see [Managing Kubernetes cluster logs with {{site.data.keyword.loganalysisfull_notm}} with LogDNA](/docs/services/Log-Analysis-with-LogDNA/tutorials?topic=LogDNA-kube#kube).</td>
121
+
<td>Add log management capabilities to your cluster by deploying LogDNA as a third-party service to your worker nodes to manage logs from your pod containers. For more information, see [Managing Kubernetes cluster logs with {{site.data.keyword.la_full_notm}}](/docs/services/Log-Analysis-with-LogDNA/tutorials?topic=LogDNA-kube#kube).</td>
@@ -304,7 +304,7 @@ You can use various external services and catalog services with a standard Kuber
304
304
</tr>
305
305
<tr>
306
306
<td>{{site.data.keyword.la_full_notm}}</td>
307
-
<td>Add log management capabilities to your cluster by deploying LogDNA as a third-party service to your worker nodes to manage logs from your pod containers. For more information, see [Managing Kubernetes cluster logs with {{site.data.keyword.loganalysisfull_notm}} with LogDNA](/docs/services/Log-Analysis-with-LogDNA/tutorials?topic=LogDNA-kube#kube).</td>
307
+
<td>Add log management capabilities to your cluster by deploying LogDNA as a third-party service to your worker nodes to manage logs from your pod containers. For more information, see [Managing Kubernetes cluster logs with {{site.data.keyword.la_full_notm}}](/docs/services/Log-Analysis-with-LogDNA/tutorials?topic=LogDNA-kube#kube).</td>
@@ -452,7 +452,7 @@ Before you begin, [install the `istio` and `istio-extras` managed add-ons](#isti
452
452
### Setting up logging with {{site.data.keyword.la_full_notm}}
453
453
{: #istio_health_logdna}
454
454
455
-
Seamlessly manage logs for your app container and the Envoy proxy sidecar container in each pod by deploying LogDNA to your worker nodes to forward logs to {{site.data.keyword.loganalysislong}}.
455
+
Seamlessly manage logs for your app container and the Envoy proxy sidecar container in each pod by deploying LogDNA to your worker nodes to forward logs to {{site.data.keyword.la_full}}.
456
456
{: shortdesc}
457
457
458
458
To use [{{site.data.keyword.la_full_notm}}](/docs/services/Log-Analysis-with-LogDNA?topic=LogDNA-about), you deploy a logging agent to every worker node in your cluster. This agent collects logs with the extension `*.log` and extensionless files that are stored in the `/var/log` directory of your pod from all namespaces, including `kube-system`. These logs include logs from your app container and the Envoy proxy sidecar container in each pod. The agent then forwards the logs to the {{site.data.keyword.la_full_notm}} service.
0 commit comments