DocsEdge StackLog service
Log service
By default, Ambassador Edge Stack puts the access logs on stdout; such
that the can be read using kubectl logs
. The format of those logs,
and the local destination of them, can be configured using the
envoy_log_
settings in the ambassador
Module
. However, the
options there only allow for logging local to Ambassador Edge Stack's Pod. By
configuring a LogService
, you can configure Ambassador Edge Stack to
report its access logs to a remote service, in addition to the usual
ambassador Module
configured logging.
The remote access log service (or ALS) must implement the
AccessLogService
gRPC interface, defined in Envoy's als.proto
.
service
is where to route the access log gRPC requests todriver
identifies which type of accesses to log; HTTP requests ("http"
) or TLS connections ("tcp"
).driver_config
stores the configuration that is specific to thedriver
:driver: tcp
has no additional configuration; the config must be set asdriver_config: {}
.driver: http
additional_log_headers
identifies HTTP headers to include in the access log, and when in the logged-request's lifecycle to include them.
flush_interval_time
is the maximum number of seconds to buffer accesses for before sending them to the ALS. The logs will be flushed to the ALS every time this duration is reached, or when the buffered data reachesflush_interval_byte_size
, whichever comes first. See the Envoy documentation onbuffer_flush_interval
for more information.flush_interval_byte_size
is a soft size limit for the access log buffer. The logs will be flushed to the ALS every time the buffered data reaches this size, or wheneverflush_interval_time
elapses, whichever comes first. See the Envoy documentation onbuffer_size_bytes
for more information.grpc
must betrue
.
protocol_version
was used in previous versions of Ambassador Edge Stack to control the gRPC service name used to communicate with theLogService
. Ambassador Edge Stack 3.x is running an updated version of Envoy that has dropped support for thev2
protocol, so starting in 3.x, ifprotocol_version
is not specified, the default value ofv2
will cause an error to be posted and a static response will be returned. Therefore, you must set it toprotocol_version: v3
. If upgrading from a previous version, you will want to set it tov3
and ensure it is working before upgrading to Emissary-ingress 3.Y. The default value forprotocol_version
remainsv2
in thegetambassador.io/v3alpha1
CRD specifications to avoid making breaking changes outside of a CRD version change. Future versions of CRD's will deprecate it.
Example
Transport Protocol Migration
Note: The following information is only applicable to
AuthServices
usingproto: grpc
As of Ambassador Edge Stack version 2.3, thev2
transport protocol is deprecated and any AuthServices making use of it should migrate tov3
before support forv2
is removed in a future release.
The following imports simply need to be updated to migrate an AuthService
v2
Imports:
v3
Imports:
ON THIS PAGE