This section describes the system logging processes available for Platform Administrators (PA) as part of the Observability platform of Google Distributed Cloud (GDC) air-gapped appliance.
Operational logs record conditions, changes, and actions as you manage ongoing operations in GDC. These logs help test and debug applications.
When the Observability pipeline is up and running, the platform automatically collects organizational logs from GDC standard components running by default in any cluster. Those components include networking so that you can perform operations such as network monitoring. You can also collect and query operational logs from your project's applications and services for data observability.
GDC uses a custom resource to configure system logging processes. To collect operational logs from your project's applications and services, this section describes how to deploy the LoggingTarget custom resource in your project and manage logging targets.
Types of logs
The PA can query two types of logs for the entire organization:
Audit logs: They record user and administrative activities on privileged operations and help you achieve auditing and compliance requirements on GDC. GDC observability collects audit logs for all access activity in the root-admin, system clusters, and hardware (storage and switches) in a single audit log store, without any separation in storage. All audit logs are collected within a single instance that has logical separation by tenant (IO/PA).
GDC uses the service_name field to filter on operable component source. The IO and PAs can view and query this information from a /infra-obs/grafana Grafana instance with a user identity that has the Project Grafana Viewer role for the infra-obs project. Some audit logs are saved in the platform-obs tenant, and are visible in the /platform-obs/grafana Grafana instance.
Operational logs: They record conditions, changes, and actions as you manage ongoing operations in applications and services on GDC. These logs help developers and operators to test and debug applications. All operational logs are collected within a single operational Log Loki instance that has logical separation by project namespace (tenant_id). System-level logs are in the infra-obs and the platform-obs namespace or tenant while the user workloads are in the operational project namespaces.
There are individual Grafana instances for access to logs, infra-obs/grafana and platform-obs/grafana for system operational logs. The end user workload operational logs are accessible from {project_name}/grafana. Users with the Project-Grafana Viewer role for a specific project can access that project's Grafana instance and any logs and metrics within that Grafana instance.
GDC users can deploy an observability logging pipeline to collect operational logs generated by Kubernetes containers by using stdout and stderr from their projects.
GDC deployments are single tenant with a root-admin and system cluster. User workloads are also deployed in the system cluster. Since GDC is offered as an appliance, IO and PA users have access to all audit logs and operational logs with the exception of project-level logs, which the AO can access.