Hello Sergio,
Thank you for your reply.
here are my yaml files =
1)
apiVersion: v1
kind: ConfigMap
metadata:
name: rsyslog-agent-config
namespace: poc
data:
rsyslog.conf: |
module(load="imtcp") # For TCP reception
module(load="imudp") # For UDP reception
module(load="imfile") # Module to read log files
module(load="omfwd") # Module to forward logs
# *.* action(type="omfwd" target="syslog" port="514" protocol="tcp")
*.* @@syslog:514
2)
apiVersion: v1
kind: ConfigMap
metadata:
name: rsyslog-config
namespace: poc
data:
rsyslog.conf: |
# Rsyslog configuration
module(load="imuxsock") # For listening to the system log socket
module(load="imklog") # For kernel logging
module(load="imtcp") # For TCP reception
module(load="imudp") # For UDP reception
*.* action(type="omfile" file="/var/log/containers/nginx-proxy-*.log")
input(type="imfile"
File="/var/log/containers/nginx-proxy-*.log" # Watch all container logs
)
3)
apiVersion: apps/v1
kind: Deployment
metadata:
name: rsyslog
namespace: poc
spec:
replicas: 1
selector:
matchLabels:
app: rsyslog
template:
metadata:
labels:
app: rsyslog
spec:
containers:
- name: rsyslog
image: rsyslog/syslog_appliance_alpine
volumeMounts:
- name: config-volume
mountPath: /etc/rsyslog.conf
subPath: rsyslog.conf
- name: log-volume
mountPath: /var/log
volumes:
- name: config-volume
configMap:
name: rsyslog-config
- name: log-volume
emptyDir: {}
4)
apiVersion: apps/v1
kind: DaemonSet
metadata:
name: rsyslog-agent
namespace: poc
spec:
selector:
matchLabels:
app: rsyslog-agent
template:
metadata:
labels:
app: rsyslog-agent
spec:
containers:
- name: rsyslog-agent
image: rsyslog/syslog_appliance_alpine
volumeMounts:
- name: log-volume
mountPath: /var/log/containers
volumes:
- name: log-volume
hostPath:
path: /var/log/containers
5)
apiVersion: v1
kind: Service
metadata:
name: rsyslog
namespace: poc
spec:
selector:
app: rsyslog
ports:
- protocol: TCP
port: 514
targetPort: 514
I did a few more variants by editing the rsyslog.conf in both the
configmaps but ran in to multiple issues.
On Thu, 26 Sept 2024 at 14:04, Sergio Arroutbi via rsyslog
<rsyslog@lists.adiscon.com> wrote:
>
> Hello Amey. Some questions:
>
> 1 - May I ask you to please share your k8s service configuration yaml or
> share the output of "kubectl get service -o yaml" and "kubectl get service"?
> 2 - Are you testing this in some kind of special cluster (bare metal,
> whatever), or through minikube?
I am using the IONOS cloud where my k8s cluster is running. [k8s version 1.28.8]
>
> If you could provide some public information about the configuration, I am
> glad to help.
>
> Kind regards
>
>
>
> On Thu, Sep 26, 2024 at 1:56 PM Amey via rsyslog <rsyslog@lists.adiscon.com>
> wrote:
>
> > Hello,
> >
> > I am trying to use rsyslog appliance docker image
> > [rsyslog/syslog_appliance_alpine] to deploy rsyslog server and rsyslog
> > agent in k8s.
> >
> > With configmaps, service, daemonsets and deployment all pods are up
> > and running but, the rsyslog server is not receiving logs from the
> > agent pods [DaemonSet] from /var/log/containers/*.log [base node]
> >
> > I am using default ports i.e. 514 for UDP & TCP & ClusterIP for service.
> > When I ping the server's service name from the agent pods, it is
> > resolving to the correct IP.
> > Port 514 is also open on server side. Same is tested from agent pods.
> >
> > I also tried to create a Docker image with Ubuntu 24.10 with following
> > parameters =
> >
> > FROM ubuntu:24.10
> > RUN apt update && apt install rsyslog -y
> > RUN echo '$ModLoad imudp \n\
> > $UDPServerRun 514 \n\
> > $ModLoad imtcp \n\
> > $InputTCPServerRun 514 \n\
> > $template RemoteStore,
> > "/var/log/remote/%$year%/%$Month%/%$Day%/%$Hour%.log" \n\
> > :source, !isequal, "localhost" -?RemoteStore \n\
> > :source, isequal, "last" ~ ' > /etc/rsyslog.conf
> > ENTRYPOINT ["rsyslogd", "-n"]
> >
> > But for this setup also, the server is unable to get logs from remote
> > agents.
> >
> > Any thoughts on how to configure rsyslog server and agent in k8s
> > cluster? I am not on famous cloud providers like AWS,GCP,Azure etc.
> >
> > I also tried with the images prepared by jumanjiman which are pretty
> > outdated but those also didn't work. The logs of the nodes are not
> > being sent from /var/log/container folder to the rsyslog server pod.
> >
> > Thanks & Regards,
> > Amey.
> > _______________________________________________
> > rsyslog mailing list
> > https://lists.adiscon.net/mailman/listinfo/rsyslog
> > http://www.rsyslog.com/professional-services/
> > What's up with rsyslog? Follow https://twitter.com/rgerhards
> > NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad
> > of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you
> > DON'T LIKE THAT.
> >
> >
>
> --
> Sergio Arroutbi Braojos
> Senior Software Engineer at Red Hat - Special Projects (SECENGSP)
> Red Hat <http://redhat.com>
> _______________________________________________
> rsyslog mailing list
> https://lists.adiscon.net/mailman/listinfo/rsyslog
> http://www.rsyslog.com/professional-services/
> What's up with rsyslog? Follow https://twitter.com/rgerhards
> NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of
> sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T
> LIKE THAT.
Regards,
Amey.
_______________________________________________
rsyslog mailing list
https://lists.adiscon.net/mailman/listinfo/rsyslog
http://www.rsyslog.com/professional-services/
What's up with rsyslog? Follow https://twitter.com/rgerhards
NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of
sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE
THAT.
