Kubernetes Logs
Introduction
When deploying your workload on a Kubernetes platform, your applications will invariably produce log output. This output is visible using the Kubernetes APIs, but gets lost when the workload is changed or restarted. To avoid this, logs can be shipped to Observe by Cyso, for longer storage and easy querying.
There are two easy options to achieve this: the promtail Helm chart, and the Vector Helm chart.
Promtail
Promtail is an essential tool for log shipping to Loki. You can conveniently use the Helm chart to deploy Promtail in your Kubernetes cluster. Promtail will automatically discover all pods and send their logs to the Observe by Cyso stack.
Refer to our Promtail configuration guide to help you configure the helm chart.
Vector
Vector is another way to ship Kubernetes logs. Apart from the ability to read Kubernetes Pod Logs, it can also function as a central logging target for your applications, and can gather logs and metrics from many sources that are not specific to Kubernetes.
It can also scrape Prometheus metrics, but does not use the operator pattern that promtail uses, and requires manually specifying the endpoints to scrape.
Vector is deployed as a DaemonSet, and thus only deploys one Pod per node in your Kubernetes cluster.