I've got ELK stack up and running.
This project can change my view point about system administration and I am eager to learn it.
You can mount your logging directories outside your containers and then use filebeat on the parent host to feed the logs to Elasticsearch
We assume that you have read this Elastic tutorial?
yes I read it and other few blogs and configured ELK (elastic search, logstash, kibana). So, now I have also deployed spring boot application on kubernetes(k3s) following this blog.
Now I want to ship its logs.
Unfortunately this wasn't generating any logs.
Still any guidance?
You already received guidance from @Skrynesaver in their reply:
To achieve persistence, you need to mount files and filesystems as a shared volume, allowing them to be accessible both inside the container and on the host filesystem, as @Skrynesaver suggested.
How did you determine that spring boot application is not logging anything when deployed on k8s, isn't kubectl logs .. working or showing anything ?
Kubernetes should log pod traffic by default, and pods (containers inside) should log everything to STDOUT/STDERR
Try deploying some well known k8s service, instead of custom app for first attempts, since those probably have logging set in place.
Take a look at this for core concepts
Pay attention to versions you are using, and components - versions described in docs.
When you figure above out, then it a matter of shipping those logs to external system.
This can be done in multitude of ways.
Use k8s operator or specific deployments which create containers who sole intention is to read and forward logs (via network) generated by your pods, already mentioned in posts.
Keep it (log forwarding) in k8s as container runtime, avoid having 'agents' on compute hosts directly.
Is ELK stack external or internal to kubernetes ?
Hope that helps
Regards
Peasant.
ELK is installed independently in different server.
filebeat will connect to port 9200 and send the logs to ELK for indexing
