This article is contributed. See the original author and article here.
Overview
The self-hosted gateway features expand API Management support for multi-cloud environments. You can place the gateway in their Docker, Kubernetes, or any other container orchestration solution which allows customers to optimize traffic flows, security, and compliance. However, you may wonder how to manage related logs and monitoring. Does the admin still need to connect to Azure? In this post, I would like to share how to configure Local logs or Azure API Management self-hosted gateway.
As mentioned in Microsoft Document: Configure local metrics and logs for Azure API Management self-hosted gateway | Microsoft Docs , self-hosted gateway output logs to stdout and stderr by default, and also supports multiple protocols. How can we view or get those logs? Let’s take a look!
Solutions
First, please follow the document here: Deploy a self-hosted gateway to Azure Kubernetes Service | Microsoft Docs to deploy a self-hosted gateway to Azure Kubernetes. There are some options to check local logs.
Option 1. Self-hosted gateway output logs to stdout and stderr on the host machine by default.
- Check stdout and stderr logs in Kubernetes
1) kubectl get pods: received pods name
2) kubectl logs <pod name>:check stdout and stderr logs
- In Docker, the stdout and stderr from each container are stored in /var/lib/docker/containers
In Kubernetes, it creates a directory structure to help you find logs based on Pods. You can find the container logs for each Pod running on a node at /var/log/pods/<namespace>_<pod_name>_<pod_id>/<container_name>/
ref: Logging Architecture | Kubernetes
Example.
1. After creating a self-hosting gateway, follow this doc SSH into Azure Kubernetes Service (AKS) cluster nodes – Azure Kubernetes Service | Microsoft Docs to SSH into the Kubernetes node.
2. Then you can find related logs in the folder:
Option 2. Use additional endpoints to realize local logging trough different protocols
Azure API Management self-hosted gateway also supports a number of protocols including localsyslog, rfc5424, and journal. To realize this feature, you need to mount /dev/log into a container from the host machine. It is because API Management does not log into files, but it logs into Syslog (local or remote), JournalD, or remote UDP endpoint in JSON format.
- telemetry.logs.local must be set to localsyslog to enable syslog logging
- To log into localsyslog – mount /dev/log from container host into the container.
- To log into remote Syslog – specify UDP endpoint instead.
- To log into journal – mount /var/run/systemd/journal/socket. To make localsyslog/journal work, you must mount host sockets into API Management ‘s container.
- To log into fluentd – specify remote UDP endpoint.
Sample yaml file:
Below is a complete sample yaml file for localsyslog
# NOTE: Before deploying to a production environment, please review the documentation -> https://aka.ms/self-hosted-gateway-production
---
apiVersion: v1
kind: ConfigMap
metadata:
name: localgateway-env
data:
config.service.endpoint: "https://<APIMname>.management.azure-api.net/subscriptions/<subscriptionID>/resourceGroups/APIM/providers/Microsoft.ApiManagement/service/<APIMname>?api-version=2019-12-01"
telemetry.logs.std: "text"
telemetry.logs.local: "localsyslog"
telemetry.logs.local.localsyslog.endpoint: "/dev/log"
telemetry.logs.local.localsyslog.facility: "7"
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: localgateway
spec:
replicas: 1
selector:
matchLabels:
app: localgateway
strategy:
type: RollingUpdate
rollingUpdate:
maxUnavailable: 0
maxSurge: 25%
template:
metadata:
labels:
app: localgateway
spec:
terminationGracePeriodSeconds: 60
containers:
- name: localgateway
image: mcr.microsoft.com/azure-api-management/gateway:latest
volumeMounts:
- name: logs
mountPath: /dev/log
ports:
- name: http
containerPort: 8080
- name: https
containerPort: 8081
readinessProbe:
httpGet:
path: /internal-status-0123456789abcdef
port: http
scheme: HTTP
initialDelaySeconds: 0
periodSeconds: 5
failureThreshold: 3
successThreshold: 1
env:
- name: config.service.auth
valueFrom:
secretKeyRef:
name: localgateway-token
key: value
envFrom:
- configMapRef:
name: localgateway-env
volumes:
- name: logs
hostPath:
path: /dev/log
type: Socket
---
apiVersion: v1
kind: Service
metadata:
name: localgateway
spec:
type: LoadBalancer
externalTrafficPolicy: Local
ports:
- name: http
port: 80
targetPort: 8080
- name: https
port: 443
targetPort: 8081
selector:
app: localgateway
Lab
- In this lab, I deployed the yaml file above in my AKS service.
- After deployment, use kubectl get deployment to confirm the deployment is ready.
- Check the IP address of this service by the command kubectl get service.
- Send a few requests from the Postman.
- Logs can be found under /var/log/syslog.
Brought to you by Dr. Ware, Microsoft Office 365 Silver Partner, Charleston SC.
Recent Comments