The Logging custom resource

The logging resource defines the logging infrastructure for your cluster that collects and transports your log messages, and also contains configurations for the Fluent Bit log collector and the Fluentd and syslog-ng log forwarders. It also establishes the controlNamespace, the administrative namespace of the Logging operator. The Fluentd and syslog-ng statefulsets and the Fluent Bit daemonset are deployed in this namespace, and global resources like ClusterOutput and ClusterFlow are evaluated only in this namespace by default - they are ignored in any other namespace unless allowClusterResourcesFromAllNamespaces is set to true.

You can define multiple logging resources if needed, for example, if you want to run multiple Fluentd instances with separate configurations.

You can customize the configuration of Fluentd, syslog-ng, and Fluent Bit in the logging resource. It also declares watchNamespaces if applicable to narrow down the namespaces in which the logging operator should evaluate and incorporate Flow and Output resources into fluentd’s configuration.

You can install a logging resource with built-in TLS generation using the logging Helm chart.

You can customize the following sections of the logging resource:

  • Generic parameters of the logging resource. For the list of available parameters, see LoggingSpec.
  • The fluentd statefulset that Logging operator deploys. For a list of parameters, see FluentdSpec. For examples on customizing the Fluentd configuration, see Configure Fluentd.
  • The syslogNG statefulset that Logging operator deploys. For a list of parameters, see SyslogNGSpec. For examples on customizing the Fluentd configuration, see Configure syslog-ng.
  • The fluent-bit that Logging operator deploys. For a list of parameters, see FluentbitSpec. For examples on customizing the Fluent-bit configuration, see Fluent Bit log collector.

The following example snippets use the logging namespace. To create this namespace if it does not already exist, run:

kubectl create ns logging

A simple logging example

apiVersion: logging.banzaicloud.io/v1beta1
kind: Logging
metadata:
  name: default-logging-simple
  namespace: logging
spec:
  fluentd: {}
  fluentbit: {}
  controlNamespace: logging

Filter namespaces

In the following example, the watchNamespaces option is set, so logs are collected only from the prod and test namespaces.

apiVersion: logging.banzaicloud.io/v1beta1
kind: Logging
metadata:
  name: default-logging-namespaced
  namespace: logging
spec:
  fluentd: {}
  fluentbit: {}
  controlNamespace: logging
  watchNamespaces: ["prod", "test"]