This is the second part in a series about handling logs on Kubernetes-On-ARM.
In the first part we installed ELK and started sending syslog events from our
logstash-forwarder. In this part we will start collecting logs
pods and Kubernetes components. If you wan’t to cache up here’s a
list of previous posts:
The plan was that this part would be about how
to start collecting logs from Kubernetes. But I wasn’t satisfied with how
logstash-forwarder worked. The thing is that, once the
daemon is started, the node can’t run much else.
One of the most important parts of running a cluster is to gain knowledge of
whats going on. Using tools like
kubectl logs or
docker logs is fine if you
run one or two nodes, but it soon gets impossible to get an overview of whats
going on, and you need to be able to view, query and monitor your logs from one