Best practices logging/Accessing container logs

[fritterhoff]

Hello,

actually this not a real issue more a question. Are thre any best practices, recommendations, ... how e.g. a ELK Stack or smth. comparable can be setup inside a vcluster?

From my point of view the standard setups require some sort of priviledge "escalation" and thus provide logging for all pods/containers running on a cluster regardless which vcluster.

[FabianKramm]

@fritterhoff thanks for creating this issue! Yes logging is actually quite difficult currently as most logging solutions like logstash and fluentd read the /var/lib/docker/containers folder on nodes, which obviously have the wrong pod names. This is sometimes also a problem for backup solutions like velero and restic. We are currently evaluating possible approaches how we could fake those folders to make it look like within the vcluster which then should allow you to use those tools without any modification. Other from that we usually recommend to use a logging solution in the host cluster if thats feasable.

[matskiv]

The technical blockers for logging that Fabian described in his comment have been recently resolved(#694) and documented. Expect them to be available in the next release (0.13.0). New docs describe what needs to be done in vcluster to allow logging solutions installed inside a vcluster to work. As for using one logging stack for multiple vcluster - that is certainly possible if it is installed in the host cluster. There is an obvious downside in the fact that pod names, namespaces and label keys don't match what a user sees inside the vcluster. I don't think we can address that from vcluster though.