timezone override support for logs collected via fluetnd agent (#93)

oracle-quickstart · Oct 14, 2024 · d0512d6 · d0512d6
1 parent 7206227
commit d0512d6
Show file tree

Hide file tree

Showing 8 changed files with 148 additions and 6 deletions.
diff --git a/charts/logan/Chart.yaml b/charts/logan/Chart.yaml
@@ -5,7 +5,7 @@ apiVersion: v2
 name: oci-onm-logan
 description: Charts for sending Kubernetes platform logs, compute logs, and Kubernetes Objects information to OCI Logging Analytics.
 type: application
-version: 3.5.0
+version: 3.5.1
 appVersion: "3.0.0"
 
 dependencies:

diff --git a/charts/logan/templates/discovery-cronjob.yaml b/charts/logan/templates/discovery-cronjob.yaml
@@ -22,8 +22,10 @@ spec:
         spec:
           restartPolicy: {{ .Values.k8sDiscovery.objects.restartPolicy }}
           serviceAccountName: {{ $serviceAccount }}
+          {{- if .Values.image.imagePullSecrets }}
           imagePullSecrets:
           - name: {{ .Values.image.imagePullSecrets }}
+          {{- end }}
           containers:
           - name: k8-discovery-job
             image: {{ .Values.image.url }}

diff --git a/charts/logan/templates/ekscp-logs-configmap.yaml b/charts/logan/templates/ekscp-logs-configmap.yaml
@@ -166,6 +166,13 @@ data:
        {{- else }}
        oci_la_log_set "{{ $.Values.fluentd.eksControlPlane.ociLALogSet | default $.Values.ociLALogSet }}"
        {{- end }}
+       {{- if $logDefinition.timezone }}
+       oci_la_timezone "{{ $logDefinition.timezone }}"
+       {{- else if $.Values.fluentd.eksControlPlane.timezone }}
+       oci_la_timezone "{{ $.Values.fluentd.eksControlPlane.timezone }}"
+       {{- else if $.Values.fluentd.timezone }}
+       oci_la_timezone "{{ $.Values.fluentd.timezone }}"
+       {{- end }}  
        message "${record['message']}"
        tag ${tag}
        </record>
@@ -241,6 +248,13 @@ data:
        oci_la_log_set "{{ $.Values.fluentd.eksControlPlane.ociLALogSet | default $.Values.ociLALogSet }}"
        {{- end }}
        message "${record['message']}"
+       {{- if $logDefinition.timezone }}
+       oci_la_timezone "{{ $logDefinition.timezone }}"
+       {{- else if $.Values.fluentd.eksControlPlane.timezone }}
+       oci_la_timezone "{{ $.Values.fluentd.eksControlPlane.timezone }}"
+       {{- else if $.Values.fluentd.timezone }}
+       oci_la_timezone "{{ $.Values.fluentd.timezone }}"
+       {{- end }}  
        tag ${tag}
        </record>
     </filter>
@@ -270,6 +284,7 @@ data:
           @type oci-logging-analytics
           enable_ruby               true
           namespace                 "{{ $.Values.ociLANamespace }}"
+          collection_source         "kubernetes_solution"
           endpoint                  "{{ $.Values.fluentd.ociLoggingAnalyticsOutputPlugin.endpoint }}"
           {{- if eq $authtype "config" }}
           config_file_location      {{ $.Values.oci.path }}/{{ $.Values.oci.file }}

diff --git a/charts/logan/templates/logs-configmap.yaml b/charts/logan/templates/logs-configmap.yaml
@@ -110,6 +110,13 @@ data:
        {{- if eq $runtime "docker" }}
        message "${record['log']}"
        {{- end }}
+       {{- if $logDefinition.timezone }}
+       oci_la_timezone "{{ $logDefinition.timezone }}"
+       {{- else if $.Values.fluentd.kubernetesSystem.timezone }}
+       oci_la_timezone "{{ $.Values.fluentd.kubernetesSystem.timezone }}"
+       {{- else if $.Values.fluentd.timezone }}
+       oci_la_timezone "{{ $.Values.fluentd.timezone }}"
+       {{- end }}
        tag ${tag}
        </record>
     </filter>
@@ -208,6 +215,13 @@ data:
        {{- else }}
        oci_la_log_set "{{ $.Values.fluentd.linuxSystem.ociLALogSet | default $.Values.ociLALogSet }}"
        {{- end }}
+       {{- if $logDefinition.timezone }}
+       oci_la_timezone "{{ $logDefinition.timezone }}"
+       {{- else if $.Values.fluentd.linuxSystem.timezone }}
+       oci_la_timezone "{{ $.Values.fluentd.linuxSystem.timezone }}"
+       {{- else if $.Values.fluentd.timezone }}
+       oci_la_timezone "{{ $.Values.fluentd.timezone }}"
+       {{- end }}
        tag ${tag}
        </record>
     </filter>
@@ -292,6 +306,13 @@ data:
        {{- else }}
        oci_la_log_set "{{ $.Values.fluentd.linuxSystem.ociLALogSet | default $.Values.ociLALogSet }}"
        {{- end }}
+       {{- if $.Values.fluentd.linuxSystem.logs.kubeletlog.timezone }}
+       oci_la_timezone "{{ $.Values.fluentd.linuxSystem.logs.kubeletlog.timezone }}"
+       {{- else if $.Values.fluentd.linuxSystem.timezone }}
+       oci_la_timezone "{{ $.Values.fluentd.linuxSystem.timezone }}"
+       {{- else if $.Values.fluentd.timezone }}
+       oci_la_timezone "{{ $.Values.fluentd.timezone }}"
+       {{- end }}       
        tag ${tag}
        </record>
     </filter>
@@ -322,6 +343,13 @@ data:
        {{- else }}
        oci_la_log_set "{{ $.Values.fluentd.linuxSystem.ociLALogSet | default $.Values.ociLALogSet }}"
        {{- end }}
+       {{- if $.Values.fluentd.linuxSystem.logs.syslog.timezone }}
+       oci_la_timezone "{{ $.Values.fluentd.linuxSystem.logs.syslog }}"
+       {{- else if $.Values.fluentd.linuxSystem.timezone }}
+       oci_la_timezone "{{ $.Values.fluentd.linuxSystem.timezone }}"
+       {{- else if $.Values.fluentd.timezone }}
+       oci_la_timezone "{{ $.Values.fluentd.timezone }}"
+       {{- end }}
        tag ${tag}
        </record>
     </filter>
@@ -395,6 +423,11 @@ data:
        {{- if and (ne "false" ($logDefinition.isContainerLog | toString)) (eq $runtime "docker") }}
        message "${record['log']}"
        {{- end }}
+       {{- if $logDefinition.timezone }}
+       oci_la_timezone "{{ $logDefinition.timezone }}"
+       {{- else if $.Values.fluentd.timezone }}
+       oci_la_timezone "{{ $.Values.fluentd.timezone }}"
+       {{- end }}
        tag ${tag}
        </record>
     </filter>
@@ -502,6 +535,11 @@ data:
        {{- if eq $runtime "docker" }}
        message "${record['log']}"
        {{- end }}
+       {{- if $.Values.fluentd.genericContainerLogs.timezone }}
+       oci_la_timezone "{{ $.Values.fluentd.genericContainerLogs.timezone }}"
+       {{- else if $.Values.fluentd.timezone }}
+       oci_la_timezone "{{ $.Values.fluentd.timezone }}"
+       {{- end }}
        tag ${tag}
        </record>
     </filter>
@@ -566,6 +604,7 @@ data:
           enable_ruby               true
           namespace                 "{{ $.Values.ociLANamespace }}"
           endpoint                  "{{ $.Values.fluentd.ociLoggingAnalyticsOutputPlugin.endpoint }}"
+          collection_source         "kubernetes_solution"
           {{- if eq $authtype "config" }}
           config_file_location      {{ $.Values.oci.path }}/{{ $.Values.oci.file }}
           profile_name              "{{ $.Values.fluentd.ociLoggingAnalyticsOutputPlugin.profile_name }}"

diff --git a/charts/logan/values.yaml b/charts/logan/values.yaml
@@ -48,7 +48,7 @@ image:
    # Image pull secrets for. Secret must be in the namespace defined by namespace
    imagePullSecrets:
    # -- Replace this value with actual docker image url
-   url: container-registry.oracle.com/oci_observability_management/oci-la-fluentd-collector:1.5.0
+   url: container-registry.oracle.com/oci_observability_management/oci-la-fluentd-collector:1.5.1
    # -- Image pull policy
    imagePullPolicy: Always
 
@@ -164,6 +164,8 @@ fluentd:
    # -- To enable MultiProcessWorkers, set this to (> 0) the number of required workers. Defaults to 0.
    # -- Set corresponding workerId using worker field against each source/log. When enabled MultiProcessWorkers, the default worker would be 0 until unless set for each source/log.
    multiProcessWorkers: 0
+   # -- To set timezone override for all logs collected using this solution (applies only to log records without explicit timezone identifier in the record itself)
+   timezone:
 
    # Configuration for oci-logging-analytics fluentd output plugin
    ociLoggingAnalyticsOutputPlugin:
@@ -244,6 +246,8 @@ fluentd:
       #encoding:
       # Worker number in case of multi process workers enabled. If not set when multi process workers enabled, then it defaults to 0.
       #worker:
+      # -- To set timezone override for all kubernetesSystem logs (applies only to log records without explicit timezone identifier in the record itself)
+      #timezone:
 
       logs:
          # -- Kube Proxy logs collection configuration
@@ -261,7 +265,9 @@ fluentd:
             #ociLALogGroupID:
             #encoding:
             # Worker number in case of multi process workers enabled. If not set when multi process workers enabled, then it defaults to 0.
-           #worker:
+            #worker:
+            # -- To set timezone override for kube-proxy logs (applies only to log records without explicit timezone identifier in the record itself)
+            #timezone:
 
          # -- Kube Flannel logs collection configuration
          kube-flannel:
@@ -371,6 +377,9 @@ fluentd:
       #encoding:
       # Worker number in case of multi process workers enabled. If not set when multi process workers enabled, then it defaults to 0.
       #worker:
+      # -- To set timezone override for all linuxSystem logs (applies only to log records without explicit timezone identifier in the record itself)
+      #timezone:
+
       logs:
          # -- Linux CRON logs collection configuration
          cronlog:
@@ -380,6 +389,8 @@ fluentd:
             ociLALogSourceName: "Linux Cron Logs"
             #  The regular expression pattern for the starting line in case of multi-line logs.
             multilineStartRegExp: /^(?:(?:\d+\s+)?<([^>]*)>(?:\d+\s+)?)?\S+\s+\d{1,2}\s+\d{1,2}:\d{1,2}:\d{1,2}\s+/
+            # -- To set timezone override for cronlog (applies only to log records without explicit timezone identifier in the record itself)
+            #timezone:
 
          # -- Linux CRON logs collection configuration
          securelog:
@@ -403,6 +414,7 @@ fluentd:
             ociLALogSourceName: "Linux Syslog Logs"
             #  The regular expression pattern for the starting line in case of multi-line logs.
             multilineStartRegExp: /^(?:(?:\d+\s+)?<([^>]*)>(?:\d+\s+)?)?\S+\s+\d{1,2}\s+\d{1,2}:\d{1,2}:\d{1,2}\s+/
+
          # -- Linux maillog collection configuration
          maillog:
             #  maillog file path
@@ -462,6 +474,9 @@ fluentd:
          #"Third Key": "Third Value"
       # Worker number in case of multi process workers enabled. If not set when multi process workers enabled, then it defaults to 0.
       #worker:
+      # -- To set timezone override for all eksControlPlane logs (applies only to log records without explicit timezone identifier in the record itself)
+      #timezone:
+
       logs:
          # If using cloudwatch collection mechanism, apiserver and audit logs need to be part of the same worker as they share the same log stream name prefix.
          # Thus "worker" variable is only picked up from "apiserver" section.
@@ -482,6 +497,9 @@ fluentd:
             #ociLALogGroupID:
             # Worker number in case of multi process workers enabled. If not set when multi process workers enabled, then it defaults to 0.
             #worker:
+            # -- To set timezone override for apiserver logs (applies only to log records without explicit timezone identifier in the record itself)
+            #timezone:
+
          audit:
             sqsQueue: "audit"
             # S3 object key
@@ -494,6 +512,7 @@ fluentd:
                #"Third Key": "Third Value"
             #ociLALogGroupID:
             #worker:
+
          authenticator:
             cwLogStreamName: "authenticator"
             sqsQueue: "authenticator"
@@ -508,6 +527,7 @@ fluentd:
                #"Third Key": "Third Value"
             #ociLALogGroupID:
             #worker:
+
          kubecontrollermanager:
             cwLogStreamName: "kube-controller-manager"
             sqsQueue: "kube-controller-manager"
@@ -522,6 +542,7 @@ fluentd:
                #"Third Key": "Third Value"
             #ociLALogGroupID:
             #worker:
+
          cloudcontrollermanager:
             cwLogStreamName: "cloud-controller-manager"
             sqsQueue: "cloud-controller-manager"
@@ -536,6 +557,7 @@ fluentd:
                #"Third Key": "Third Value"
             #ociLALogGroupID:
             #worker:
+
          scheduler:
             cwLogStreamName: "kube-scheduler"
             sqsQueue: "scheduler"
@@ -551,6 +573,7 @@ fluentd:
             #ociLALogGroupID:
             #worker:
 
+
    # Generic configuration for all container/pod logs
    genericContainerLogs:
       # -- Default Logging Analytics log source to use for parsing and processing the logs: Kubernetes Container Generic Logs.
@@ -574,6 +597,8 @@ fluentd:
          - '"/var/log/containers/kube-scheduler-*.log"'
       # Worker number in case of multi process workers enabled. If not set when multi process workers enabled, then it defaults to 0.
       #worker: 1
+      # -- To set timezone override for genericContainerLogs (applies only to log records without explicit timezone identifier in the record itself)
+      #timezone:
 
    # -- Configuration for any custom logs which are not part of the default configuration defined in this file.
    # All the pod/container logs will be collected as per "genericContainerLogs" section.
@@ -598,6 +623,8 @@ fluentd:
          #encoding:
          # Worker number in case of multi process workers enabled. If not set when multi process workers enabled, then it defaults to 0.
          #worker:
+         # -- To set timezone override for "custom-id1" (applies only to log records without explicit timezone identifier in the record itself)
+         #timezone:
       #custom-id2:
          #path: /var/log/custom/*.log
          # Logging Analytics log source to use for parsing and processing the logs:

diff --git a/charts/oci-onm/Chart.yaml b/charts/oci-onm/Chart.yaml
@@ -18,7 +18,7 @@ type: application
 # This is the chart version. This version number should be incremented each time you make changes
 # to the chart and its templates, including the app version.
 # Versions are expected to follow Semantic Versioning (https://semver.org/)
-version: 3.5.0
+version: 3.5.1
 
 # This is the version number of the application being deployed. This version number should be
 # incremented each time you make changes to the application. Versions are not expected to
@@ -32,7 +32,7 @@ dependencies:
   repository: "file://../common"
   condition: oci-onm-common.enabled
 - name: oci-onm-logan
-  version: "3.5.0"
+  version: "3.5.1"
   repository: "file://../logan"
   condition: oci-onm-logan.enabled
 - name: oci-onm-mgmt-agent

diff --git a/charts/oci-onm/values.yaml b/charts/oci-onm/values.yaml
@@ -31,7 +31,7 @@ oci-onm-logan:
   kubernetesClusterID: "{{ .Values.global.kubernetesClusterID }}"
   kubernetesClusterName: "{{ .Values.global.kubernetesClusterName }}"
   image:
-    url: container-registry.oracle.com/oci_observability_management/oci-la-fluentd-collector:1.5.0
+    url: container-registry.oracle.com/oci_observability_management/oci-la-fluentd-collector:1.5.1
   # Go to OCI Logging Analytics Administration, click Service Details, and note the namespace value.
   ociLANamespace:
   # OCI Logging Analytics Default Log Group OCID

diff --git a/docs/FAQ.md b/docs/FAQ.md
@@ -154,6 +154,65 @@ oci-onm-logan:
           encoding: <ENCODING-VALUE>
 ```
 
+### How to set timezone override ?
+
+If a log record contains a timezone identifier, the **Logging Analytics service** will use that timezone. However, if there is no timezone information, the service defaults to **UTC**.
+
+To override this default, use the `timezone` parameter in your `values.yaml` file. This parameter can be configured at different levels.
+
+#### timezone override
+
+**Note:** If a log record already has a timezone identifier, this setting may not be applicable.
+
+* Setting `oci-onm-logan.fluentd.timezone` to **PST** applies PST as the default timezone for all logs collected via the Fluentd agent.
+* Setting `oci-onm-logan.fluentd.genericContainerLogs.timezone` to **IST** applies IST as the default timezone specifically for generic container logs.
+
+
+```
+..
+..
+oci-onm-logan:
+  fluentd:
+    timezone: <Set default timezone for all logs collected via fluentd agent>
+    ...
+    ...
+    
+    kubernetesSystem:
+      timezone: <Set default timezone for all Kubernetes System logs>
+      logs:
+        kube-proxy:
+          timezone: <Set default timezone for kube-proxy logs>
+        ...
+        ...
+    
+    linuxSystem:
+      logs:
+        cronlog:
+          timezone: <Set default timezone for cron logs>
+        ...
+        ...
+    
+    eksControlPlane:
+      logs:
+        apiserver:
+          timezone: <Set default timezone for EKS API server logs>
+        ...
+        ...
+
+    
+    genericContainerLogs:
+      timezone: <Set default timezone for generic container logs>
+      ...
+      ...
+    
+    customLogs:
+      custom-log-1:
+        timezone: <Set default timezone for custom logs>
+        ...
+        ...
+```
+
+#### Specific log level
 ### How to use Configfile based AuthZ (User Principal) instead of default AuthZ (Instance Principal) ?
 
 **Note**: This is supported only through the helm chart based deployment.