Kubernetes: Install Fluentd to a namespace only

Asked 27/8, 2020 at 3:53 Answered 30/12, 2021 at 11:52

I got the fluentd-kubernetes-daemonset charts from https://github.com/fluent/fluentd-kubernetes-daemonset, and deployed fluentd into kube-system namespace as daemonset. It sends entire cluster logs to elasticsearch. We deploy our csc application in the csc namespace. Instead of installing fluentd as daemonset to collect entire cluster logs, we would like to deploy fluentd in the csc namespace only, and only send csc logs (logs in csc namespace) to elasticsearch. Is there a way to do it?

Particulate answered 27/8, 2020 at 3:53 Comment(3)

I think you will need to edit the chart and templates to do this. There is a reason why Fluentd is running as daemonset. It makes sure at least one copy runs on each node always. You can achieve your requirement by configuring Fluentd to forward only specfic logs from specific application like csc in your case. – Expiry 27/8, 2020 at 4:21

I use github.com/fluent/fluentd-kubernetes-daemonset/blob/master/… to install fluentd as daemonset in kube-system. To only send csc namespace logs, I have no clue how to edit chart and templates to make it happen. Can you please share some clues? – Particulate 27/8, 2020 at 5:14

@MelissaJenner did you manage to find a solution or workaround for this issue ? – Fredric 1/2, 2021 at 21:54

The link you shared here which has namespace: kube-system so that's why it got created in kube-system namespace. so to use your namespace please edit the yaml file and replace namepsace: csc in all the places of the yaml file and apply it to kubernetes.

and you deployed as daemonsets so it will run fluentd pod on every node.

Aquamarine answered 27/8, 2020 at 7:22 Comment(1)

I deployed fluentd as daemonset in the csc namespace. But it sends entire cluster logs including datadog to elasticsearch. I have several third-party logs. I do not want those logs to be sent to elasticsearch. I do not want logs of kube-system, kube-public, prometheus etc. be sent to elasticsearch either. I only want csc log be sent to elasticsearch. Deploy fluentd as daemonsed in csc namespace does not work. How to achieve it? – Particulate 28/8, 2020 at 22:26

It`s typical solution for logging architecture to run DaemonSet on every node and collect logs:

Because the logging agent must run on every node, it's common to implement it as either a DaemonSet replica, a manifest pod, or a dedicated native process on the node. However the latter two approaches are deprecated and highly discouraged.

Instead of you may want to shape and parse the log message to your need using parser and filter plugins.

This and this document shows an examples of parsing logs.

Americana answered 27/8, 2020 at 7:36 Comment(1)

Thanks for these info. We figured that we still would like install fluentd as daemonset in the namespace, kube-system. We have multiple applications deployed in our Kubernetes cluster in different namespaces. For example, we have csc, infra, msnm, etc. To install fluentd as daemonset into each of these namespaces is too much. We have third party agent installed in our cluster too. Datadog is an example. We would like to install fluentd as deamonset in kube-system namespace to collect cluster logs, but completely filter out Datadog logs. How to do it? – Particulate 28/8, 2020 at 17:54

You need to fix filter conf in https://github.com/fluent/helm-charts/blob/main/charts/fluentd/values.yaml To collect logs from specific namespace you can just prohibit all others namespaces in section 02_filters.conf:

  <match kubernetes.var.log.containers.**_kube-system_**>
    @type null
    @id ignore_kube_system_logs
  </match>
  ......
  <match kubernetes.var.log.containers.**NAMESPACE**>
    @type null
    @id ignore_NAMESPACE_logs
  </match>

I did this and seems like it's ok

Quadrant answered 30/12, 2021 at 11:52 Comment(0)

Recommended topics

Hot tags