Explorer Local Logs in Azure API Management Self-hosted Gateway

by | Mar 25, 2021 | Technology | 0 comments

This article is contributed. See the original author and article here.

Overview
The self-hosted gateway features expand API Management support for multi-cloud environments. You can place the gateway in their Docker, Kubernetes, or any other container orchestration solution which allows customers to optimize traffic flows, security, and compliance. However, you may wonder how to manage related logs and monitoring. Does the admin still need to connect to Azure? In this post, I would like to share how to configure Local logs or Azure API Management self-hosted gateway.


 


As mentioned in Microsoft Document: Configure local metrics and logs for Azure API Management self-hosted gateway | Microsoft Docs , self-hosted gateway output logs to stdout and stderr by default, and also supports multiple protocols. How can we view or get those logs? Let’s take a look!


Solutions


First, please follow the document here: Deploy a self-hosted gateway to Azure Kubernetes Service | Microsoft Docs to deploy a self-hosted gateway to Azure Kubernetes. There are some options to check local logs.


 


Option 1. Self-hosted gateway output logs to stdout and stderr on the host machine by default.



  1. Check stdout and stderr logs in Kubernetes
    1)  kubectl get pods: received pods name
    2)  kubectl logs <pod name>:check stdout and stderr logs
    racchen_2-1616642339594.png

     



  2. In Docker, the stdout and stderr from each container are stored in /var/lib/docker/containers


In Kubernetes, it creates a directory structure to help you find logs based on Pods. You can find the container logs for each Pod running on a node at /var/log/pods/<namespace>_<pod_name>_<pod_id>/<container_name>/
ref: Logging Architecture | Kubernetes


Example.


1.  After creating a self-hosting gateway, follow this doc SSH into Azure Kubernetes Service (AKS) cluster nodes – Azure Kubernetes Service | Microsoft Docs to SSH into the Kubernetes node.


2.  Then you can find related logs in the folder:
racchen_1-1616639333425.png


 


Option 2. Use additional endpoints to realize local logging trough different protocols


Azure API Management self-hosted gateway also supports a number of protocols including localsyslog, rfc5424, and journal. To realize this feature,  you need to mount /dev/log into a container from the host machine. It is because API Management does not log into files, but it logs into Syslog (local or remote), JournalD, or remote UDP endpoint in JSON format.



  • telemetry.logs.local must be set to localsyslog to enable syslog logging

  • To log into localsyslog – mount /dev/log from container host into the container.

  • To log into remote Syslog – specify UDP endpoint instead.

  • To log into journal – mount /var/run/systemd/journal/socket. To make localsyslog/journal work, you must mount host sockets into API Management ‘s container.

  • To log into fluentd – specify remote UDP endpoint.


Sample yaml file: 
Below is a complete sample yaml file for localsyslog


 

# NOTE: Before deploying to a production environment, please review the documentation -> https://aka.ms/self-hosted-gateway-production
---
apiVersion: v1
kind: ConfigMap
metadata:
  name: localgateway-env
data:
  config.service.endpoint: "https://<APIMname>.management.azure-api.net/subscriptions/<subscriptionID>/resourceGroups/APIM/providers/Microsoft.ApiManagement/service/<APIMname>?api-version=2019-12-01"
  telemetry.logs.std: "text"
  telemetry.logs.local: "localsyslog"
  telemetry.logs.local.localsyslog.endpoint: "/dev/log"
  telemetry.logs.local.localsyslog.facility: "7"
---
apiVersion: apps/v1
kind: Deployment
metadata:
  name: localgateway
spec:
  replicas: 1
  selector:
    matchLabels:
      app: localgateway
  strategy:
    type: RollingUpdate
    rollingUpdate:
      maxUnavailable: 0
      maxSurge: 25%
  template:
    metadata:
      labels:
        app: localgateway
    spec:
      terminationGracePeriodSeconds: 60
      containers:
      - name: localgateway
        image: mcr.microsoft.com/azure-api-management/gateway:latest
        volumeMounts:
        - name: logs
          mountPath: /dev/log
        ports:
        - name: http
          containerPort: 8080
        - name: https
          containerPort: 8081
        readinessProbe:
          httpGet:
            path: /internal-status-0123456789abcdef
            port: http
            scheme: HTTP
          initialDelaySeconds: 0
          periodSeconds: 5
          failureThreshold: 3
          successThreshold: 1
        env:
        - name: config.service.auth
          valueFrom:
            secretKeyRef:
              name: localgateway-token
              key: value
        envFrom:
        - configMapRef:
            name: localgateway-env
      volumes:
        - name: logs
          hostPath:
            path: /dev/log
            type: Socket
---
apiVersion: v1
kind: Service
metadata:
  name: localgateway
spec:
  type: LoadBalancer
  externalTrafficPolicy: Local
  ports:
  - name: http
    port: 80
    targetPort: 8080
  - name: https
    port: 443
    targetPort: 8081
  selector:
    app: localgateway

 


Lab



  • In this lab, I deployed the yaml file above in my AKS service.

  • After deployment, use kubectl get deployment to confirm the deployment is ready.
    racchen_0-1616645248918.png



  • Check the IP address of this service by the command kubectl get service.

  • Send a few requests from the Postman.
    racchen_0-1616645329341.png



  • Logs can be found under /var/log/syslog.
    racchen_1-1616645400085.png

     




 

Brought to you by Dr. Ware, Microsoft Office 365 Silver Partner, Charleston SC.

Submit a Comment