-
Notifications
You must be signed in to change notification settings - Fork 141
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Merge pull request #1789 from jcantrill/feature_doc
Add a feature document
- Loading branch information
Showing
1 changed file
with
134 additions
and
0 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,134 @@ | ||
== Collection and Log Forwarding Features | ||
|
||
Administrators create a `ClusterLogForwarder` instance to specify which logs will be collected, how they will be transformed, and to where they will be forwarded. The operator will deploy a collector based upon this specification. There are two collector options supported by this operator: https://www.fluentd.org/[fluentd] and https://vector.dev/[vector]. Vector is the newest collector implementation and the difference in feature parity is identified below. | ||
|
||
NOTE: Some features implemented in fluentd may not be implemented for vector. Justifications for this variance will be documented below. | ||
|
||
=== Log Sources | ||
Following is a list of possible log sources that are collected from each node in the cluster: | ||
|
||
.Log Sources | ||
[options="header"] | ||
|====== | ||
|Feature|Desc.|Fluentd|Vector | ||
|App container logs|Logs generated by container workloads in non-infrastructure namespaces|x|x | ||
|https://github.com/openshift/enhancements/blob/196445c9d19b2159c9e8639e4428fa5a4c1b3577/enhancements/cluster-logging/forwarder-label-selector.md[Application label selector]|Selectively collect application by namespace or pod label selector|x|x | ||
|Infra container logs|Logs generated by container workloads in infrastructure namespaces|x|x | ||
|Infra journal logs|Logs generated by node services from the nodes' journald service|x|x | ||
|Kubernetes api audit logs|Kubernetes api service logs|x|x | ||
|OpenShift api audit logs|OpenShift api service logs|x|x | ||
|OVN audit logs|Open Virtual Network Logs written to the node filesystem|x|x | ||
|Auditd logs|Linux auditd logs written to the node filesystem|x|x | ||
|====== | ||
|
||
=== Outputs | ||
|
||
.Output Destinations | ||
[options="header"] | ||
|====== | ||
|Feature|Protocol|Tested with|Fluentd|Vector | ||
|Cloudwatch|REST over HTTPS||x|x | ||
|Elasticearch|||| | ||
| * v6||v6.8.1|x|x | ||
| * v7||v7.12.2|x|x | ||
| * v8||||x | ||
|Google Cloud Logging||||x | ||
|
||
|Kafka|kafka 0.11|kafka 2.4.1 kafka 2.7.0|x|x | ||
|
||
|Fluent Forward|fluentd forward v1|fluentd 1.14.6 | ||
logstash 7.10.1|x| | ||
|
||
|Loki|REST over HTTP(S)|Loki 2.3.0|x|x | ||
|Splunk||||x | ||
|Syslog|RFC3164,RFC5424|rsyslog 8.39.0|X| | ||
|====== | ||
|
||
=== Authorization and Authentication | ||
|
||
.Authorization and Authentication Methods | ||
[options="header"] | ||
|====== | ||
|Feature|Output Type|Fluentd|Vector | ||
|Bearer Token|loki|| | ||
|Certificates|elasticsearch,kafka,fluentd forward|x|x | ||
|Cloud service keys|cloudwatch|x|x | ||
|Cloud service keys| google||x | ||
|Username / Password|elasticsearch,kafka|| | ||
|Security Token Service (STS)|cloudwatch|x|x | ||
|SASL|kafka|x|x | ||
|====== | ||
|
||
=== Normalizations and Transformations | ||
.Normalizations and Transformations | ||
[options="header"] | ||
|====== | ||
|Feature|Desc.|Fluentd|Vector | ||
|Viaq data model|See reference document for details. Not all fields are supported for both collector implementations |x|x | ||
|Loglevel||x|x | ||
|https://github.com/openshift/enhancements/blob/196445c9d19b2159c9e8639e4428fa5a4c1b3577/enhancements/cluster-logging/forwarding-json-structured-logs.md[JSON Parsing]||x|x | ||
|Structured Index for Elasticsearch JSON parsing||x|x | ||
|Multiline error detection||x| | ||
|https://github.com/openshift/enhancements/blob/196445c9d19b2159c9e8639e4428fa5a4c1b3577/enhancements/cluster-logging/multi-container-structured-logging.md[Split indices for multi-container pods]||x|x | ||
|https://github.com/openshift/enhancements/blob/196445c9d19b2159c9e8639e4428fa5a4c1b3577/enhancements/cluster-logging/forwarder-tagging.md[Static labels for forwarding pipelines] ||x|x | ||
|
||
|====== | ||
|
||
=== Security and Compliance | ||
.Security and Compliance | ||
[options="header"] | ||
|====== | ||
|Feature|Desc.|Fluentd|Vector | ||
|FIPS|Tested on a FIPS enabled cluster|x|x | ||
|Crypto Export||?|? | ||
|====== | ||
|
||
=== Tuning | ||
.Fluentd Tuning | ||
[options="header"] | ||
|====== | ||
|Feature|Desc. | ||
|https://github.com/openshift/enhancements/blob/196445c9d19b2159c9e8639e4428fa5a4c1b3577/enhancements/cluster-logging/fluentd-tuning.md[Source] | ||
| readLinesLimit | ||
|
||
|https://github.com/openshift/enhancements/blob/196445c9d19b2159c9e8639e4428fa5a4c1b3577/enhancements/cluster-logging/fluentd-tuning.md[Output Buffering] | ||
| | ||
- chunklimitsize | ||
- totallimitsize | ||
- overflowaction | ||
- flushthreadcount | ||
- flushmode | ||
- flushinterval | ||
- retrywait | ||
- retrytype | ||
- retrymaxinterval | ||
- retrytimeout | ||
|
||
|====== | ||
|
||
=== Metrics and Alerting | ||
.Metrics and Alerting | ||
[options="header"] | ||
|====== | ||
|Feature|Desc.|Fluentd|Vector | ||
|Logs collected||x| | ||
|Container logs generated||x|x | ||
|Collector dashboard||x|x | ||
|Collector alerts||x| | ||
|
||
|====== | ||
|
||
=== Miscellaneous | ||
.Miscellaneous | ||
[options="header"] | ||
|====== | ||
|Feature|Desc.|Fluentd|Vector | ||
|Global Proxy||x|x | ||
|Architecture||| | ||
| ...x86||x|x | ||
| ...ARM||x|x | ||
| ...Power PC||x|x | ||
| ...IBM Z||x|x | ||
| IPv6||x|x | ||
|
||
|====== |