Fluentd configuration in OpenShift to log to an external aggregator

Solution Verified - Updated 14 Jun 2024

Environment

OpenShift Container Platform 3.3 and later

Issue

We have an external EFK stack with fluentd agent sitting out of OpenShift. If we would like to use secure forward in fluentd shipped by OpenShift, do we need to install the full stack of EFK in OpenShift or we could just use the logging-fluentd image in OpenShift?
Is the internal fluentd in OpenShift supported by Red Hat?

Resolution

The best supported way with 3.4 and later is to use fluentd secure_forward to forward the logs off the cluster to another fluentd operated by the client, which can then submit logs to ElasticSearch or elsewhere. Refer 3.x Configuring Fluentd to Send Logs to an External Log Aggregator or 4.1 Sending Logs to an External Elasticsearch Instance

The ability exists to send logs in the following manner:

[1]       [2]           [3]
OpenShift fluentd ----> your elastic search or
OpenShift fluentd ----> your fluentd

Note: Red Hat only supports components [1] & [2]. Anything outside the platform [3] is not supported.

Additionally, a Request for Feature Enhancement (RFE) has been filed to add Kafka as an endpoint for fluentd logs in a future release of OpenShift. The RFE is being tracked in Red Hat Bug This content is not included.1456976. For more information or to also request this feature, please This content is not included.open a case with Red Hat Support.

SBR

Shift

Product(s)

Red Hat OpenShift Container Platform

Category

Learn more

Tags

openshift

This solution is part of Red Hat’s fast-track publication program, providing a huge library of solutions that Red Hat engineers have created while supporting our customers. To give you the knowledge you need the instant it becomes available, these articles may be presented in a raw and unedited form.