Upstream bug: cloudfoundry/cf-for-k8s#157

(Part of #59.)

We would want to understand the following characteristics of any system for short-term log access:

• What ingestion/egress throughput do these systems have?
• What is their resource consumption?
  • CPU
  • Memory
  • Disk (IO and space)
• How complex are they to deploy for "kick-the-tires" levels of performance?
• How far can their throughput and retention scale?
• What does the ecosystem around them look like?
  • Contributions from a diverse set of companies?
  • Breadth of knowledge on using/scaling?

Expected Behavior

During app staging, I expect cf-push to stream build logs.

Actual Behavior

No build logs are shown to the user.

Steps to Reproduce the Problem

• Run through steps in cf-for-k8s install steps
• Run cf push app -p /path/to/java-app
• Notice the lack of build logs

Additional information

See this slack thread for more information.

CAPI team recently used the Fluent Logging Ruby to send their logs to the Forwarder API. The team was sending logs in the correct format, but the instance_id was 0. This caused parsing errors in the output plugin that eventually showed up as parse errors in log cache.

Smoke tests that use the CF CLI to get logs from Log Cache are unreliable in this Kubernetes provider specifically.

Kubernetes 1.16 removed the extensions/v1beta1 API group. https://kubernetes.io/blog/2019/07/18/api-deprecations-in-1-16/

config/manifests/500-fluentd-daemonset.yaml includes a resource definition from that API group.

Please migrate that resource definition to meet the apps/v1 specification.

Note that apps/v1/DaemonSet requires that spec.selector needs to be a subset matching spec.template.metadata.labels.

This came to CF for K8s / Release Integration's attention through: cloudfoundry/cf-for-k8s#22.

When enriching Fluentd logs via filtering, I want Kubernetes labels and annotations to be added without dropping performance or adding overhead, so that my log transport infrastructure doesn't overload my cluster.

AC

Given a Fluentd
When I add the new Fluentd filter plugin
And configure it with my desired labels, annotations, and other necessary information
Then I see my desired labels and annotations on outgoing logs

We did a scalability tests on cf-for-k8s version 0.6.0. We were succeeded in deploying 1600 apps. To simulate real workload scenario we deploy apps which generate 1 log/sec and 1 req/sec. During the tests we could observe log-cache consumes > 10Gi of memory . We tried by scaling to two replicas, even with that it memory spikes up.

Below graph show you the number of apps deployed vs log-cache memory.

Just a note: Fluentd was consuming an average of 2.5Gi

Expected behavior: Enriching app logs with Kubernetes metadata should not add undue overhead or dramatically decrease throughput.

Actual behavior: Adding the Kubernetes filter plugin dramatically reduces throughput.

Enable higher availability and throughput of the Log Cache API, which serves cf logs. It will be possible to scale the storage layer and API layer separately.

Pivotal provides the GitBot service to synchronize pull requests and/or issues made against public GitHub repos with Pivotal Tracker projects. This service does not track individual commits.

If you are a Pivotal employee, you can configure Gitbot to sync your GitHub repo to your Pivotal Tracker project with a pull request. An ask+rd@ ticket is the fastest way to get write access if you get a 404 to the config repo.

If you do not want have pull requests and/or issues copied from GitHub to Pivotal Tracker, you do not need to take any action.

If there are any questions, please reach out to [email protected].

if users need to have image pull secret they can always add it via an overlay. /cc @ciriarte

• Push a logspinner to cf-for-k8s
• run a cf task against the logspinner: cf run-task test "echo "LISTING" && pwd; done" --name TASK_NAME
• No logs come out from cf logs
• run many tasks: for i in $(seq 100); do cf run-task test "echo "LISTING" && pwd; done" --name TASK_NAME$i; done
• logs come out!

This might be because the task is super short lived. How long does it take for fluent tail to recognize new containers?

For coherence with the rest of the images on the platform (and closed-source OSL reasons), the Fluentd Docker image (and everything else) should be based on Ubuntu Bionic.

Questions to answer:

• What log throughput can this support?
  • Per app?
  • Per node?
• What is the memory/CPU footprint of each sidecar?
  • When idle?
  • When busy?
• Can we add Kubernetes metadata at the sidecar?
  • How does this change the load on the Kubernetes API?

Send all application logs from a single app or all apps in an org or space, configured via CAPI annotations.

The current architecture has throughput limits we'd like to move past. We see a maximum of about 2,000 logs/second/node.

Log Cache meets our basic needs for short-term app log storage, but has minimal disaster tolerance. If any of the Log Cache pods go down, then access to current/past logs for a subset is lost.

To resolve this, we need to either:

• Improve Log Cache's disaster recovery, or
• Use a different tool for short-term log storage

Possibilities:

• extra fixed metadata (environment tags, etc.)
• filtering out dynamic metadata

Containerd logs use CRI format.
You need multi-format plugin to support them.
See how this was done in the upstream https://github.com/kubernetes/kubernetes/pull/54777/files

Allow log drains to send logs via HTTP (as JSON).

Undecided:

• support for batching?
• configurability of JSON format?