Home > Software engineering >  How to handle STDOUT logs in K8s?
How to handle STDOUT logs in K8s?

Time:09-22

In a Docker environment my Java-App logs on STDOUT via log4j, the messages will be sent to a Graylog instance. There is no special logging config besides configuring the Console-Appender to use JsonLayout.

My docker-compose.yml snippet:

logging:
  driver: gelf
  options:
    gelf-address: "tcp://[GRAYLOG_HOST]:[PORT]"
    tag: "[...]"

Everything works fine there. But we are thinking about changing this environment to K8s.

There will be a Graylog instance in K8s, too. It looks like that there is no K8s equivalent for the docker-compose.yml logging settings. It seems that I have to use some kind of logging agent, e.g. fluent-bit. But the documentation of fluent-bit looks like that it only can collect logs from a log file as input (and some more), but not from STDOUT.

I have the following questions:

  • Is there another possibility to read the logs directly from STDOUT and send them into Graylog?
  • If I have to log the log messages into a log file to be read from fluent-bit: Do I have to configure log4j to do some roll-over strategies to prevent, that the log file will be bigger and bigger? I do not want to "waste" my resources "just" for logging.
  • How do you handle application logs in K8s?

Maybe I misunderstand the logging principles in K8s. Feel free to explain it to me.

CodePudding user response:

Is there another possibility to read the logs directly from STDOUT and send them into Graylog?

Fluent Bit allows for data collection through STDIN. Redirect your application STDOUT to Fluent Bit's STDIN and you are set.

If I have to log the log messages into a log file to be read from fluent-bit: Do I have to configure log4j to do some roll-over strategies to prevent, that the log file will be bigger and bigger? I do not want to "waste" my resources "just" for logging.

In this case you can use logrotate

How do you handle application logs in K8s?

Three possible ways:

  1. Application directly output their traces in external systems (eg. databases).
  2. Sidecar container with embedded logging agent that collect application traces and send them to a store (again database for example).
  3. Cluster-wide centralized logging (eg. ELK stack)

I'd recommend you to use sidecar container for log collection. This is probably most widely used solution.

  • Related