< img height="1" width="1" style="display:none;" alt="" src="https://px.ads.linkedin.com/collect/?pid=3131724&fmt=gif" />

Configure OpenSearch Log Receiver

This section introduces how to configure the OpenSearch log receiver to send log data to the specified OpenSearch database.

Note

You can modify the extension configuration to configure the log receiver either during or after the extension installation. The following only introduces how to configure the OpenSearch log receiver when the extension is already installed.

Prerequisites

  • You should have the platform-admin role on the KubeSphere platform.

  • You have obtained the service address and port of OpenSearch.

Configuration Steps

  1. Log in to the KubeSphere web console with a user who has the platform-admin role.

  2. Click Extensions Center.

  3. Click the name of the extension to enter the details page.

  4. Click more under the icon, and select Extension Config.

  5. Edit the configuration of WhizardTelemetry Logging and modify the configuration of opensearch under vector-logging.

    vector-logging:
      sinks:
        opensearch:
          # Create opensearch sink or not
          enabled: true
          # Configurations for the opensearch sink, more info for https://vector.dev/docs/reference/configuration/sinks/elasticsearch/
          # Usually users needn't change the following OpenSearch sink config, and the default sinks in secret "kubesphere-logging-system/vector-sinks" created by the WhizardTelemetry Data Pipeline extension will be used.
          metadata:
            api_version: v8
            auth:
              strategy: basic
              user: admin
              password: admin
            batch:
              timeout_secs: 5
            buffer:
              max_events: 10000
            endpoints:
              - https://<the opensearch cluster url>:<port>
            tls:
              verify_certificate: false
  6. Edit the configuration of WhizardTelemetry Auditing and modify the configuration of opensearch under kube-auditing.

    Note

    Additionally, you need to enable KubeSphere and Kubernetes auditing. For more information, see the details page of the "WhizardTelemetry Auditing" extension in the Extensions Center.

    kube-auditing:
      sinks:
        opensearch:
          # Create opensearch sink or not
          enabled: true
          # Configurations for the opensearch sink, more info for https://vector.dev/docs/reference/configuration/sinks/elasticsearch/
          # Usually users needn't change the following OpenSearch sink config, and the default sinks in secret "kubesphere-logging-system/vector-sinks" created by the WhizardTelemetry Data Pipeline extension will be used.
      #    metadata:
      #      api_version: v8
      #      auth:
      #        strategy: basic
      #        user: admin
      #        password: admin
      #      batch:
      #        timeout_secs: 5
      #      buffer:
      #        max_events: 10000
      #      endpoints:
      #        - https://<the opensearch cluster url>:<port>
      #      tls:
      #        verify_certificate: false
  7. Edit the configuration of WhizardTelemetry Events and modify the configuration of opensearch under kube-events-exporter.

    kube-events-exporter:
      sinks:
        opensearch:
          # Create opensearch sink or not
          enabled: true
          # Configurations for the opensearch sink, more info for https://vector.dev/docs/reference/configuration/sinks/elasticsearch/
          # Usually users needn't change the following OpenSearch sink config, and the default sinks in secret "kubesphere-logging-system/vector-sinks" created by the WhizardTelemetry Data Pipeline extension will be used.
      #    metadata:
      #      api_version: v8
      #      auth:
      #        strategy: basic
      #        user: admin
      #        password: admin
      #      batch:
      #        timeout_secs: 5
      #      buffer:
      #        max_events: 10000
      #      endpoints:
      #        - https://<the opensearch cluster url>:<port>
      #      tls:
      #        verify_certificate: false
  8. Edit the configuration of WhizardTelemetry Notification and modify the configuration of opensearch under notification-history.

    notification-history:
      sinks:
        opensearch:
          # Create opensearch sink or not
          enabled: true
          # Configurations for the opensearch sink, more info for https://vector.dev/docs/reference/configuration/sinks/elasticsearch/
          # Usually users needn't change the following OpenSearch sink config, and the default sinks in secret "kubesphere-logging-system/vector-sinks" created by the WhizardTelemetry Data Pipeline extension will be used.
      #    metadata:
      #      api_version: v8
      #      auth:
      #        strategy: basic
      #        user: admin
      #        password: admin
      #      batch:
      #        timeout_secs: 5
      #      buffer:
      #        max_events: 10000
      #      endpoints:
      #        - https://<the opensearch cluster url>:<port>
      #      tls:
      #        verify_certificate: false
  9. Edit the configuration of WhizardTelemetry Platform Service and ensure that the endpoints under each extension is consistent with the endpoints configuration of the above extensions, so that the KubeSphere platform can correctly query the log data. For more information, see the details page of the "WhizardTelemetry Platform Service" extension in the Extensions Center.

    At this point, the OpenSearch log receiver configuration is complete. On the Cluster Settings > Log Receivers page, you can see that OpenSearch has been configured as the log receiver for container logs, resource events, audit logs, and notification history.

Receive the latest news, articles and updates from KubeSphere


Thanks for the feedback. If you have a specific question about how to use KubeSphere, ask it on Slack. Open an issue in the GitHub repo if you want to report a problem or suggest an improvement.

What’s on this Page