===============================
A simple demo showcasing a sidecar pattern to consume log files.
DISCLAIMER: This is just a proof of concept and not meant to be used as is in production
In OpenShift there exists an option of deploying a logging aggeration solution that utilizes the EFK stack. The stack can aggregate both host logs and applications logs. Making them accessible for developers and cluster administrators on a cluster level.
This is the recommended way to aggregate logs in OpenShift but sometimes there is a need for option that is not included in the default logging flow at all.
Some of the options to realize this could be:
- Configure a logging framework to send logs directly to an external destination.
- Add logging logic to the actual application container.
- Add a sidecar container with the logging logic to the pod.
In this demo the sidecar pattern is used. It will behave the same regardless of what logging framework is available to the application and it does not disrupt the application container lifecycle.
The sidecar container will run fluentbit and will use the tail plugin to consume a specific log file. This log file exists on a emptyDir volume that is shared in the pod between the containers.
The following instruction assumes an existing OpenShift environment.
This demo was build using the Red Hat Container Development Kit. The version of OpenShift included in the CDK used was 3.6.173.0.21.
The template will deploy one pod with the two relevant containers. As endpoint for the log a simple elasticsearch/kibana deployment will be done in the same project. The output plugin can be configured in the configurationMap.
The elasticsearch and kibana containers used in this demo are not specific to OpenShift and hence needs some extra privileged's to be able to run.
-
Create a project in OpenShift
$ oc new-project sidecar-demo -
Add the default service account to the SCC anyuid. This is needed as both the elasticsearch and kibana container images sets user id.
$ oc adm policy add-scc-to-user anyuid system:serviceaccount:sidecar-demo:default -
Create an ElasticSearch instance
$ oc new-app docker.io/elasticsearch -
Create an Kibana instance
$ oc new-app docker.io/kibana -
Expose kibana service
$ oc expose svc/kibana Wait for both elasticsearch and kibana to finish deploying before continue with the next step. -
Process the template
$ oc process -f https://raw.githubusercontent.com/jnordell/sidecar-demo/master/openshift/sidecar-demo.yaml | oc create -f-This will create a deploymentConfig describing the pod with two containers. The container named "log-producer" will write a date entry to /mnt/logdir/logfile.txt every five seconds. The second container named "fluentbit-sidecar" will run fluentbit and use the tail plugin to read the contents of the file logfile.txt. Both containers shares the volume called "logdir" of the type emptyDir and while the first container is able to write to the file the second will mount it read-only.
The included configuration will send logs to the local elasticsearch installation.
-
Access the kibana.
When accessing kibana with a browser for the first time it will ask to create an index pattern. Keep the suggested defaults and click the "Create" button. This will create an index pattern called logstash-*.
Once the index pattern has been created select "Discover" in the left menu to display the logs.
