Merge pull request #1789 from jcantrill/feature_doc

Add a feature document
openshift · Dec 21, 2022 · ade2908 · ade2908
2 parents 4cd0c67 + 1c44f14
commit ade2908
Showing 1 changed file with 134 additions and 0 deletions.
diff --git a/docs/features/collection.adoc b/docs/features/collection.adoc
@@ -0,0 +1,134 @@
+== Collection and Log Forwarding Features
+
+Administrators create a `ClusterLogForwarder` instance to specify which logs will be collected, how they will be transformed, and to where they will be forwarded.  The operator will deploy a collector based upon this specification.  There are two collector options supported by this operator: https://www.fluentd.org/[fluentd] and https://vector.dev/[vector].  Vector is the newest collector implementation and the difference in feature parity is identified below.
+
+NOTE: Some features implemented in fluentd may not be implemented for vector.  Justifications for this variance will be documented below.
+
+=== Log Sources
+Following is a list of possible log sources that are collected from each node in the cluster:
+
+.Log Sources
+[options="header"]
+|======
+|Feature|Desc.|Fluentd|Vector
+|App container logs|Logs generated by container workloads in non-infrastructure namespaces|x|x
+|https://github.com/openshift/enhancements/blob/196445c9d19b2159c9e8639e4428fa5a4c1b3577/enhancements/cluster-logging/forwarder-label-selector.md[Application label selector]|Selectively collect application by namespace or pod label selector|x|x
+|Infra container logs|Logs generated by container workloads in infrastructure namespaces|x|x
+|Infra journal logs|Logs generated by node services from the nodes' journald service|x|x
+|Kubernetes api audit logs|Kubernetes api service logs|x|x
+|OpenShift api audit logs|OpenShift api service logs|x|x
+|OVN audit logs|Open Virtual Network Logs written to the node filesystem|x|x
+|Auditd logs|Linux auditd logs written to the node filesystem|x|x
+|======
+
+=== Outputs
+
+.Output Destinations
+[options="header"]
+|======
+|Feature|Protocol|Tested with|Fluentd|Vector
+|Cloudwatch|REST over HTTPS||x|x
+|Elasticearch||||
+| * v6||v6.8.1|x|x
+| * v7||v7.12.2|x|x
+| * v8||||x
+|Google Cloud Logging||||x
+
+|Kafka|kafka 0.11|kafka 2.4.1 kafka 2.7.0|x|x
+
+|Fluent Forward|fluentd forward v1|fluentd 1.14.6
+logstash 7.10.1|x|
+
+|Loki|REST over HTTP(S)|Loki 2.3.0|x|x
+|Splunk||||x
+|Syslog|RFC3164,RFC5424|rsyslog 8.39.0|X|
+|======
+
+=== Authorization and Authentication
+
+.Authorization and Authentication Methods
+[options="header"]
+|======
+|Feature|Output Type|Fluentd|Vector
+|Bearer Token|loki||
+|Certificates|elasticsearch,kafka,fluentd forward|x|x
+|Cloud service keys|cloudwatch|x|x
+|Cloud service keys| google||x
+|Username / Password|elasticsearch,kafka||
+|Security Token Service (STS)|cloudwatch|x|x
+|SASL|kafka|x|x
+|======
+
+=== Normalizations and Transformations
+.Normalizations and Transformations
+[options="header"]
+|======
+|Feature|Desc.|Fluentd|Vector
+|Viaq data model|See reference document for details.  Not all fields are supported for both collector implementations |x|x
+|Loglevel||x|x
+|https://github.com/openshift/enhancements/blob/196445c9d19b2159c9e8639e4428fa5a4c1b3577/enhancements/cluster-logging/forwarding-json-structured-logs.md[JSON Parsing]||x|x
+|Structured Index for Elasticsearch JSON parsing||x|x
+|Multiline error detection||x|
+|https://github.com/openshift/enhancements/blob/196445c9d19b2159c9e8639e4428fa5a4c1b3577/enhancements/cluster-logging/multi-container-structured-logging.md[Split indices for multi-container pods]||x|x
+|https://github.com/openshift/enhancements/blob/196445c9d19b2159c9e8639e4428fa5a4c1b3577/enhancements/cluster-logging/forwarder-tagging.md[Static labels for forwarding pipelines] ||x|x
+
+|======
+
+=== Security and Compliance
+.Security and Compliance
+[options="header"]
+|======
+|Feature|Desc.|Fluentd|Vector
+|FIPS|Tested on a FIPS enabled cluster|x|x
+|Crypto Export||?|?
+|======
+
+=== Tuning
+.Fluentd Tuning
+[options="header"]
+|======
+|Feature|Desc.
+|https://github.com/openshift/enhancements/blob/196445c9d19b2159c9e8639e4428fa5a4c1b3577/enhancements/cluster-logging/fluentd-tuning.md[Source]
+| readLinesLimit
+
+|https://github.com/openshift/enhancements/blob/196445c9d19b2159c9e8639e4428fa5a4c1b3577/enhancements/cluster-logging/fluentd-tuning.md[Output Buffering]
+|
+- chunklimitsize
+- totallimitsize
+- overflowaction
+- flushthreadcount
+- flushmode
+- flushinterval
+- retrywait
+- retrytype
+- retrymaxinterval
+- retrytimeout
+
+|======
+
+=== Metrics and Alerting
+.Metrics and Alerting
+[options="header"]
+|======
+|Feature|Desc.|Fluentd|Vector
+|Logs collected||x|
+|Container logs generated||x|x
+|Collector dashboard||x|x
+|Collector alerts||x|
+
+|======
+
+=== Miscellaneous
+.Miscellaneous
+[options="header"]
+|======
+|Feature|Desc.|Fluentd|Vector
+|Global Proxy||x|x
+|Architecture|||
+| ...x86||x|x
+| ...ARM||x|x
+| ...Power PC||x|x
+| ...IBM Z||x|x
+| IPv6||x|x
+
+|======