Enable logging

This step explains how to enable logging for Apigee Hybrid. The following table summarizes the logging features available in Hybrid:

Logging feature Description
Hybrid runtime logs Runtime logs collect information from the pods where the Hybrid services run. You can get log output from the Synchronizer, Cassandra, MART, and the other services. Runtime logging is enabled by default; however, you must perform some additional configuration as explained below. See Enable logging for a GKE deployment or Enable logging for a non-GKE deployment to get started.
Access logs Access logs collect data from the Istio ingress gateway that fronts the Hybrid runtime. Access logging is disabled by default. See Enable access logging.

Enable logging for a GKE deployment

Apigee Hybrid enables logging by default. However, note that GKE comes with a built-in log collector; therefore, if you are on GKE, you must disable logging so that Hybrid can use GKE's logging system:

  1. Be sure your nodes are labeled for logging as explained in the cluster setup instructions for your Kubernetes platform. If your nodes are not labeled properly, logs will not be collected from any pods running on the nodes. See Cluster overview.
  2. Create a GCP service account with the Logs Writer role. You can create the service account using the Hybrid CLI command create-service-account:

    ./tools/create-service-account service-account-name apigee-logger

    For example:

    ./tools/create-service-account my-logger-svc-account apigee-logger

    For more information about GCP service accounts, see Creating and managing service accounts.

  3. Locate the service account key (a JSON file) that was downloaded by create-service-account. The key should be in the same directory where you ran the command. The file will have a name similar to this: my-logger-svc-account.json.
  4. Add the following properties to your overrides.yaml. These properties only need to be specified one time in the file. They provide configuration for both logging and metrics.
  5. ...
    logger:
      enabled: false
      serviceAccountPath: sa_json_file_path
    
    gcpProjectID: GCP_project-ID
    k8sClusterName: cluster_name
    gcpRegion: cluster_region
    ...
    

    Where:

    • The enabled property must be set to false because StackDriver is already enabled for GCP projects.
    • GCP_project_ID is your GCP project ID for the project where you want the log entries to be sent to.
    • cluster_name is the name of the cluster running Hybrid.
    • cluster_region is a GCP region name. The name must be in the standard GCP region format. You must specify the closest GCP region to where your cluster is located.

      For example, if your cluster is located on premises in Seattle, Washington, USA, the closest GCP region is in The Dalles, Oregon, USA, with the name us-west2. In this case, you would set k8s_cluster_location to us-west2.

      For example:

      logger:
        enabled: false
        serviceAccountPath: "path-to-file/foo-hybrid-2e5d9dbe010d.json
      gcpProjectID: myproject
      k8sClusterName: mycluster
      gcpRegion: us-west1
    • Save the overrides.yaml file.
    • Go to the next step, Enable metrics.

Enable logging for a non-GKE deployment

  1. Be sure your nodes are labeled for logging as explained in the cluster setup instructions for your Kubernetes platform. If your nodes are not labeled properly, logs will not be collected from any pods running on the nodes. See Cluster overview.

  2. Create a GCP service account with the Logs Writer role. You can create the service account using the Hybrid CLI command create-service-account:

    ./tools/create-service-account service-account-name apigee-logger

    For example:

    ./tools/create-service-account my-logger-svc-account apigee-logger

    For more information about GCP service accounts, see Creating and managing service accounts.

  3. Locate the service account key (a JSON file) that was downloaded by create-service-account. The key should be in the same directory where you ran the command. The file will have a name similar to this: my-logger-svc-account.json.
  4. Add the following properties to your overrides.yaml. These properties only need to be specified one time in the file. They provide configuration for both logging and metrics.
  5. ...
    logger:
      enabled: true
      serviceAccountPath: sa_json_file_path
    
    gcpProjectID: GCP_project-ID
    k8sClusterName: cluster_name
    gcpRegion: cluster_region
    ...
    

    Where:

    • The enabled property must be set to false because StackDriver is already enabled for GCP projects.
    • GCP_project_ID is your GCP project ID for the project where you want the log entries to be sent to.
    • cluster_name is the name of the cluster running Hybrid.
    • cluster_region is a GCP region name. The name must be in the standard GCP region format. You must specify the closest GCP region to where your cluster is located.

      For example, if your cluster is located on premises in Seattle, Washington, USA, the closest GCP region is in The Dalles, Oregon, USA, with the name us-west2. In this case, you would set k8s_cluster_location to us-west2.

      For example:

      logger:
        enabled: true
        serviceAccountPath: "path-to-file/foo-hybrid-2e5d9dbe010d.json
      gcpProjectID: myproject
      k8sClusterName: mycluster
      gcpRegion: us-west1
  6. Save the overrides.yaml file.

Enable access logging

Access logging is a feature provided with the Istio ingress. By enabling access logging, you will be able to get information about the traffic that passes through the ingress gateway. Access logging is disabled by default.

To enable access logging, add the following stanza to overrides.yaml:

...
ingress:
  enableAccesslog: true
...

When your cluster is running, you can view access logs as follows:

  1. Get a list of pods:
    kubectl get pods -n my-namespace
  2. View the logs for the istio-ingressgateway pod:
    kubectl logs istio-ingressgatway-pod-name -n my-namespace

    Logs are returned in JSON format.

Next Step

1 2 3 4 5 6 7 NEXT: 8: METRICS 9 10 11