Closed lottspot closed 7 years ago
I've been looking into this one extensively, and it's actually a little bit tricky because the obvious solution is not suitable for multitenant access.
Right now, I think Grafana is the best hope of putting together per-project log collections from the elasticsearch database where container logs are being shipped. Won't know more until I've had a chance to mess around with it though.
So after additional research and experimentation, I've more or less concluded that this problem is going to be more time consuming to solve than I wanted it to be. In order to set up quality multitenant access to container logs, I think we basically need to tear down the logging infrastructure which is deployed with the cluster addons and stand up something slightly different in its place. I wrote up a bit on how I would like this to be architected in the alpha cluster deployment wiki page.
Defining the stanzas need to ingest logs and then allowing them to be seen per tenant can be achieved many ways. Setting up a consistent logging structure that is either:
With these two, especially the HEC method, we can tokenize the logs allowing someone to view logs that way.
For example:
Amazon uses SNS and SQS to allow the data to be logged and reviewed. While the pipelines need to be made, this still allows for you to use Object Storage for logging. Therefore setting up the consumers might be an easier method for logging structured data.
This one turned out to be a doozy. I had to trash the entire architecture I can up with, for so many reasons, the most important of which were:
Instead, I opted to deploy a graylog virtual appliance, and all logs are being shipped to it. We can easily give people access to graylog by creating accounts for them, and creating and granting access to data streams which contain their logs. Good stuff.
The fluentd part of this pipeline was deployed in ce335c4. Unfortunately, nothing for the graylog instance is in git yet.
Docker container logs are being shipped into an elasticsearch backend by default. Project owners need to be able to view and search these logs.