Enable CloudWatch logging in the EKS Kubernetes cluster

To
You can download this article in PDF format via the link below to support us.

Download the guide in PDF format

turn off
To

To
To

After installing an EKS cluster in AWS, logging is not enabled for the control plane by default due to data ingestion and storage costs. Amazon EKS control plane logging provides audit and diagnostic logs directly from the Amazon EKS control plane to CloudWatch Logs in your account, making it easy to protect and run the cluster. You can flexibly choose the exact log types you need and send them as a log stream to each Amazon EKS cluster group in CloudWatch.

We have previously completed a separate guide on installing EKS Cluster using eksctl. Confirm whether there is an active Kubernetes EKS cluster in your AWS account.

$ eksctl get cluster
NAME			REGION
prod-eks-cluster	eu-west-1

You can enable multiple Amazon EKS control plane log types for each new or existing Amazon EKS cluster.

  • Kubernetes API server component log (api) -Control plane API log
  • Audit (audit) Log – The Kubernetes audit log provides a record of individual users, administrators, or system components that affect the cluster.
  • Authenticator (authenticator) Log – Exclusive to Amazon EKS. These logs represent the control plane component of Amazon EKS for Kubernetes Role-based access control (RBAC) authentication of (IAC credential).
  • Financial managercontrollerManager) Log -The controller manager manages the core control loop that comes with Kubernetes.
  • Scheduler (scheduler) Log -The scheduler component manages when and where to run Pods in the cluster.

Enable Control Plane CloudWatch logging in the EKS cluster

Please note that the reception, archive storage, and data scanning rate of CloudWatch Logs are applicable to the enabled control plane logs. For more information, see CloudWatch pricing.

You can check the logging status on the AWS console.

You can enable logging using the AWS CLI, or you can use the eksctl command line tool.

Use eksctl to enable EKS control plane logging

The command used is:

eksctl utils update-cluster-logging [flags]

You can view all available options with the following command:

eksctl utils update-cluster-logging --help

To enable all types of logs, use All Either *

eksctl utils update-cluster-logging --enable-types all

The supported log types are:

  • all
  • No
  • api
  • audit
  • Authenticator
  • controllerManager
  • scheduler

To enable the audit log, run:

eksctl utils update-cluster-logging --enable-types audit

To enable all controller controller logs, run:

eksctl utils update-cluster-logging --enable-types=all --disable-types=controllerManager

For me, I will enable all log types Product cluster cluster:

eksctl utils update-cluster-logging --enable-types all --cluster prod-eks-cluster --region eu-west-1 --approve

Command execution output:

[ℹ]  eksctl version 0.25.0
[ℹ]  using region eu-west-1
[ℹ]  will update CloudWatch logging for cluster "prod-eks-cluster" in "eu-west-1" (enable types: api, audit, authenticator, controllerManager, scheduler & no types to disable)
c[✔]  configured CloudWatch logging for cluster "prod-eks-cluster" in "eu-west-1" (enabled types: api, audit, authenticator, controllerManager, scheduler & no types disabled)

The logging status should be changed to enabled.

Enable CloudWatch logging in the EKS Kubernetes cluster

To disable, use the following command:

$ eksctl utils update-cluster-logging --disable-types all --cluster prod-eks-cluster --region eu-west-1 --approve
[ℹ]  eksctl version 0.25.0
[ℹ]  using region eu-west-1
[ℹ]  will update CloudWatch logging for cluster "prod-eks-cluster" in "eu-west-1" (no types to enable & disable types: api, audit, authenticator, controllerManager, scheduler)
[✔]  configured CloudWatch logging for cluster "prod-eks-cluster" in "eu-west-1" (no types enabled & disabled types: api, audit, authenticator, controllerManager, scheduler)

Use AWS CLI to enable EKS control plane logging

Enable all logs:

aws eks --region eu-west-1 update-cluster-config --name prod-eks-cluster 
--logging '{"clusterLogging":[{"types":["api","audit","authenticator","controllerManager","scheduler"],"enabled":true}]}'

where:

  • Product cluster Is the name of the cluster
  • eu-west-1 Is the area where the cluster is created

Disable:

aws eks --region eu-west-1 update-cluster-config --name prod-eks-cluster 
--logging '{"clusterLogging":[{"types":["api","audit","authenticator","controllerManager","scheduler"],"enabled":false}]}'

Sample output:

{
    "update": {
        "id": "582a74a9-da01-4393-9169-3a3816965911",
        "status": "InProgress",
        "type": "LoggingUpdate",
        "params": [
            {
                "type": "ClusterLogging",
                "value": "{"clusterLogging":[{"types":["api","audit","authenticator","controllerManager","scheduler"],"enabled":false}]}"
            }
        ],
        "createdAt": "2020-08-14T15:28:32.555000+03:00",
        "errors": []
    }
}

How to view cluster control plane logs

Once cluster logging is enabled, you can use CloudWatch console Check the cluster control plane log.

Enable CloudWatch logging in the EKS Kubernetes cluster

related articles:

Install Kubernetes Metrics Server on Amazon EKS cluster

To
You can download this article in PDF format via the link below to support us.

Download the guide in PDF format

turn off
To

To
To

Sidebar