Cloud Application Management Cloud Management Platform Cloud Operations Kubernetes Log Analytics Log Insight Technical Vmware vRealize vRealize Log Insight Cloud

Configure Log forwarding from Openshift Container Platform to vRealize Log Insight Cloud


Red Hat OpenShift is an open-source container application platform based on the Kubernetes container orchestrator for enterprise application development and deployment. In this blog, I will be showing procedure on how to forward logs from Openshift Container Platform  to vRealize Log Insight Cloud (vRLIC)

Once the logs are flowing you can create Dashboard to visualize your open shift environment like below I have created a sample dashboard



This procedure is applicable for 4.x and it has been tested with Version 4.3 

The following section includes steps for running  vRealize Log Insight Cloud Fluentd plugin as a Daemon set

Step 1

Generate vRealize Log Insight Cloud API Key from here

Step 2

Update the fluent.conf file with given configuration

<source>  @id in_tail_container_logs  @type tail  path <kubernetes_log_path>  pos_file <kubernetes_log_path>/fluentd-containers.log.pos  tag raw.kubernetes.*  read_from_head true  <parse>  @type multi_format  <pattern>  format json  time_key time  time_format %Y-%m-%dT%H:%M:%S.%NZ  </pattern>  <pattern>  format /^(?<time>.+) (?<stream>stdout|stderr) [^ ]* (?<log>.*)$/  time_format %Y-%m-%dT%H:%M:%S.%N%:z  </pattern>  </parse>  </source>    # Detect exceptions in the log output and forward them as one log entry.  <match raw.kubernetes.**>  @id raw.kubernetes  @type detect_exceptions  remove_tag_prefix raw  message log  stream stream  multiline_flush_interval 5  max_bytes 500000  max_lines 1000  </match>    # Concatenate multi-line logs  <filter **>  @id filter_concat  @type concat  key message  multiline_end_regexp /\n$/  separator ""  </filter>  <filter *.**>  @type record_transformer  <record>  fluentdhost ${hostname}  environment openshift  log_type kubernetes  </record>  </filter>  # Enriches records with Kubernetes metadata  <filter kubernetes.**>  @id filter_kubernetes_metadata  @type kubernetes_metadata  watch false  </filter>    <match **>  @type vmware_log_intelligence  endpoint_url  verify_ssl false  <headers>  Content-Type application/json  Authorization Bearer <Access Key>  structure simple  </headers>  <buffer>  chunk_limit_records 300  flush_interval 3s  retry_max_times 3  </buffer>  <format>  @type json  tag_key text  </format>  </match>

<kubernetes_log_path> : Complete path to Kubernetes access log file. The default path is /var/log/containers/*.log
<Access Key> : generated in Step 1
<pos_file> : Ensure the path have write access

Step 3

Create a configMap in Kubernetes for fluent.conf

kubectl --kubeconfig=<config-name> create configmap <configmap-name> --from-file=fluent.conf -n openshift-logging

Step 4

Create Daemon set vRLIC Fluentd YAML with following configuration

apiVersion: apps/v1  kind: DaemonSet  metadata:  name: fluentd-lint-logging  namespace: kube-system  labels:  k8s-app: fluentd-lint-logging  app: fluentd-lint-logging  version: v1 "true"  spec:  selector:  matchLabels:  name: fluentd-lint-logging  template:  metadata:  labels:  name: fluentd-lint-logging  app: fluentd-lint-logging  version: v1 "true"  spec:  serviceAccount: logcollector  serviceAccountName: logcollector  tolerations:  - key:  effect: NoSchedule  containers:  - name: fluentd-lint  image:  command: ["fluentd"]  env:  - name: FLUENTD_ARGS  value: --no-supervisor -q  resources:  limits:  memory: 500Mi  requests:  cpu: 100m  memory: 200Mi  securityContext:  privileged: true  volumeMounts:  - name: varlog  mountPath: /var/log  - name: varlogcontainers  mountPath: /var/log/containers  - name: varlibdockercontainers  mountPath: /var/lib/docker/containers  readOnly: true  - name: config-volume  mountPath: /etc/fluent  volumes:  - name: varlog  hostPath:  path: /var/log  - name: varlogcontainers  hostPath:  path: /var/log/containers  - name: varlibdockercontainers  hostPath:  path: /var/lib/docker/containers  - name: config-volume  configMap:  name: lint-fluent-config  - name: lint-fluent-volume  emptyDir: {}  - name: var-logs  emptyDir: {}

<serviceAccount> : Yaml uses logcollector service account which gets created when the cluster-logging operator is installed. If you plan to use any other service account then ensure it has rights to mount host path of /var/log/containers/*.log

Step 5

Apply the creation/changes of new daemon set configuration to the cluster.

kubectl --kubeconfig=<config-name> apply -f lint-fluent.yml -n openshift-logging

If everything is successful you can search for logs using filter environment contains openshift


Getting Started with vRealize LogInsight Cloud

For a free trial, you can click here or reach out to your account team

To learn more about vRealize Log Insight Cloud please visit here



Leave a Reply

Your email address will not be published. Required fields are marked *