Bootstrap FreeKB - OpenShift - Forwarding Logs using ClusterLogForwarder
OpenShift - Forwarding Logs using ClusterLogForwarder
Updated:   |  OpenShift articles

Logging in OpenShift is separated into different systems and services that serve a specific purpose.

  • Collecting log data - typically done with filebeat, fluentd, logstash or vector
  • Storing log data, for example, in an Amazon Web Services (AWS) S3 Bucket - typically done with Loki or Elastic Search
  • Visualizing and query log data - typically done in the OpenShift console or in Kibana

There are abbreviations used as shorthand for the collection of systems and services to collect, store and visualize log data.

  • EFK (Elastic Search, Fluentd, Kibana)
  • ELK (Elastic Search, Logstash, Kibana)
  • EVK (Elastic Search, Vector, Kibana)
  • LFK (Loki, Fluentd, Kibana)
  • LLK (Loki, Logstash, Kibana)
  • LVK (Loki, Vector, Kibana)

The first step in configuring OpenShift to collect log data from various different types of resources in your OpenShift cluster, such as nodes, pods, and so on is to install an Operator that will collect the log data. This is often done by installing the Cluster Logging Operator. Check out my article OpenShift - Getting Started with Cluster Logging.

The ClusterLogFowarder Custom Resource (CR) can be used to forward logs to another system or service within or outside of the OpenShift cluster. For example, let's say you have the following YAML. In this example, application logs will be forwarded to Elastic Search and infrastucture logs will be forwarded to syslog.

apiVersion: logging.openshift.io/v1
kind: ClusterLogForwarder
metadata:
  name: instance
  namespace: openshift-logging
spec:
  outputs:
    - name: external-elastic-search
      type: elasticsearch
      url: https://my-external-elastic-search.example.com:9200
      secret:
        name: elastic-search-secret
    - name: secure-syslog
      type: syslog
      url: tls://my-syslog-server.example.com:6514
      secret:
        name: syslog-tls-secret
  pipelines:
    - name: app-logs-to-elastic-search
      inputRefs:
        - application
      outputRefs:
        - external-elastic-search
    - name: infra-logs-to-syslog
      inputRefs:
        - infrastructure
      outputRefs:
        - secure-syslog

 

Did you find this article helpful?

If so, consider buying me a coffee over at Buy Me A Coffee


Comments


Add a Comment


Please enter 091e95 in the box below so that we can be sure you are a human.