Goal: Enable L7/HTTP flow logs in hipstershop with Calico cloud.
Calico cloud not only can provide L3 flow logs, but also can provide L7 visibility without service mesh headache. For more details refer to Configure L7 logs documentaiton.
Not supported:
Windows eBPF dataplane RKE clusters
-
Configure Felix for log data collection
kubectl patch felixconfiguration default --type='merge' -p '{"spec":{"policySyncPathPrefix":"/var/run/nodeagent"}}'
-
Apply application layer resource and ensure that l7-collector and envoy-proxy containers are in Running state. Refer to Log Collection Spec with different options.
cat > configs/alr7.yaml << EOF apiVersion: operator.tigera.io/v1 kind: ApplicationLayer metadata: name: tigera-secure spec: logCollection: collectLogs: Enabled logIntervalSeconds: 5 logRequestsPerInterval: -1 EOF
kubectl create -f configs/alr7.yaml
-
Select traffic for L7 log collection
#Annotate the services you wish to collect L7 logs as shown. Use hipstershop as example kubectl annotate svc --all -n hipstershop projectcalico.org/l7-logging=true -
[Optional] restart the pods in
hipstershopif you want to see l7 logs right away.kubectl delete pods --all -n hipstershop
Now view the L7 logs in Kibana by selecting the tigera_secure_ee_l7 index pattern. You should also see the relevant HTTP log from service graph.
