Kubernetes host logs, journals, and logfiles
Kubernetes host tailer allows you to tail logs like kubelet
, audit
logs, or the systemd
journal from the nodes.
Create host tailer
To tail logs from the node’s host filesystem, define one or more file tailers in the host-tailer
configuration.
Create file tailer
When an application (mostly legacy programs) is not logging in a Kubernetes-native way, Logging operator cannot process its logs. (For example, an old application does not send its logs to stdout
, but uses some log files instead.) File-tailer
helps to solve this problem: It configures Fluent Bit to tail the given file(s), and sends the logs to the stdout
, to implement Kubernetes-native logging.
However, file-tailer
cannot access the pod’s local dir, so the logfiles need to be written on a mounted volume.
Let’s assume the following code represents a legacy application that generates logs into the /legacy-logs/date.log
file. While the legacy-logs directory is mounted, it’s accessible from other pods by mounting the same volume.
To tail the logs of the previous example application, you can use the following host-tailer
custom resource:
Logging operator configure the environment and start a file-tailer
pod. It’s also able to deal with multi-node clusters, since is starts the host-tailer
pod through a daemonset
.
Check the created file tailer pod:
The output should be similar to:
Checking the logs of the file-tailer's
pod. You will see the logfile’s content on stdout
. This way Logging operator can process those logs as well.
The logs of the sample application should be similar to:
File Tailer configuration options
Variable Name | Type | Required | Default | Description |
---|---|---|---|---|
name | string | Yes | - | Name for the tailer |
path | string | No | - | Path to the loggable file |
disabled | bool | No | - | Disable tailing the file |
containerOverrides | *types.ContainerBase | No | - | Override container fields for the given tailer |
Tail systemd journal
This is a special case of file-tailer
, since it tails the systemd
journal file specifically.
Systemd tailer configuration options
Variable Name | Type | Required | Default | Description |
---|---|---|---|---|
name | string | Yes | - | Name for the tailer |
path | string | No | - | Override systemd log path |
disabled | bool | No | - | Disable component |
systemdFilter | string | No | - | Filter to select systemd unit example: kubelet.service |
maxEntries | int | No | - | Maximum entries to read when starting to tail logs to avoid high pressure |
containerOverrides | *types.ContainerBase | No | - | Override container fields for the given tailer |
Example: Configure logging Flow to route logs from a host tailer
The following example uses the flow’s match term to listen the previously created file-hosttailer-sample
Hosttailer’s log.
Example: Kubernetes host tailer with multiple tailers
Set custom priority
Create your own custom priority class in Kubernetes. Set its value between 0 and 2000000000. Note that:
- 0 is the default priority
- To change the default priority, set the
globalDefault
key. - 2000000000 and above are reserved for the Kubernetes system
- PriorityClass is a non-namespaced object.
Now you can use your private priority class name to start hosttailer/eventtailer, for example:
Configuration options
Variable Name | Type | Required | Default | Description |
---|---|---|---|---|
fileTailers | []FileTailer | No | - | List of file tailers |
systemdTailers | []SystemdTailer | No | - | List of systemd tailers |
enableRecreateWorkloadOnImmutableFieldChange | bool | No | - | EnableRecreateWorkloadOnImmutableFieldChange enables the operator to recreate the fluentbit daemonset and the fluentd statefulset (and possibly other resource in the future) in case there is a change in an immutable field that otherwise couldn’t be managed with a simple update. |
workloadMetaOverrides | *types.MetaBase | No | - | Override metadata of the created resources |
workloadOverrides | *types.PodSpecBase | No | - | Override podSpec fields for the given daemonset |
Advanced configuration overrides
MetaBase
Variable Name | Type | Required | Default | Description |
---|---|---|---|---|
annotations | map[string]string | No | - | |
labels | map[string]string | No | - |
PodSpecBase
Variable Name | Type | Required | Default | Description |
---|---|---|---|---|
tolerations | []corev1.Toleration | No | - | |
nodeSelector | map[string]string | No | - | |
serviceAccountName | string | No | - | |
affinity | *corev1.Affinity | No | - | |
securityContext | *corev1.PodSecurityContext | No | - | |
volumes | []corev1.Volume | No | - | |
priorityClassName | string | No | - |
ContainerBase
Variable Name | Type | Required | Default | Description |
---|---|---|---|---|
resources | *corev1.ResourceRequirements | No | - | |
image | string | No | - | |
pullPolicy | corev1.PullPolicy | No | - | |
command | []string | No | - | |
volumeMounts | []corev1.VolumeMount | No | - | |
securityContext | *corev1.SecurityContext | No | - |