splunk-connect-for-kubernetes icon indicating copy to clipboard operation
splunk-connect-for-kubernetes copied to clipboard
verified publisher icon splunk

Splunk connect for kubernetes support for containerd

Open bhargavmg opened this issue 2 years ago • 2 comments

Hello, we are upgrading k8s from 1.23 to 1.24 and since containerd is supported, I have created a dummy setup of the same in k8s 1.24 version. I was facing some issues initially in shipping the logs to splunk but changing the logformatType to cri fixed the errors and I was able to see the logs.

Raising this issue to understand if there are any other changes which are needed to use containerd runtime.

bhargavmg avatar Jul 04 '23 12:07 bhargavmg

We have recently made this transition as well, we successfully deployed multiple chart releases with node selectors to handle the transition of some workers migrating to containerd. We are noticing that we are not getting appropriate log data being forwarded. We uninstalled docker and only have containerd.io packages installed (Centos7). It would appear we also need to make a change to pathDest since /var/lib/docker/containers is no longer valid. We have yet to figure out the correct updates to values.yaml to successfully capture containerd log paths (/var/log/pods/ and /var/log/containers, no symlinks)

nisc-acooper avatar Jul 26 '23 03:07 nisc-acooper

@bhargavmg this worked for me. We are using EKS. But don't know what else I need to configure.

sabinayakc avatar Sep 26 '23 16:09 sabinayakc