Channels
academy
amazon
arm
azure
cabpr
chinese
ci-cd
danish
deutsch
developer
elemental
epinio
espanol
events
extensions
fleet
français
gcp
general
harvester
harvester-dev
hobbyfarm
hypper
japanese
k3d
k3os
k3s
k3s-contributor
kim
kubernetes
kubewarden
lima
logging
longhorn-dev
longhorn-storage
masterclass
mesos
mexico
nederlands
neuvector-security
office-hours
one-point-x
onlinemeetup
onlinetraining
opni
os
ozt
phillydotnet
portugues
rancher-desktop
rancher-extensions
rancher-setup
rancher-wrangler
random
rfed_ara
rio
rke
rke2
russian
s3gw
service-mesh
storage
submariner
supermicro-sixsq
swarm
terraform-controller
terraform-provider-rancher2
terraform-provider-rke
theranchcast
training-0110
training-0124
training-0131
training-0207
training-0214
training-1220
ukranian
v16-v21-migration
vsphere
windows
Title
h
hallowed-breakfast-56871
05/08/2022, 11:12 PMHey folks - Anyone got filebeat working with collecting pod logs with RKE2? I see logs are placed / setup differently on RKE2 so this means filebeat gets confused with this logs belongs to which pod.
https://www.elastic.co/guide/en/beats/filebeat/current/running-on-kubernetes.html
c
creamy-pencil-82913
05/08/2022, 11:15 PMThe pod logs should all be in the normal place that the kubelet puts them... /var/log/pods and /var/log/containers ?
h
hallowed-breakfast-56871
05/08/2022, 11:16 PMYes, the issue is the naming conventions and extra subfolders used I think
for example
/var/log/pods/mysql_mysql-7885d65449-w45jv_c4fd04a8-6cde-4245-8f92-ced215521c48/mysql/0.logIts not using the container ID, so I think filebeat gets confused.
I can of course change the pathings, and that does work, but then the logs are not correctly associated with the pod the generated them... as there is no ID to match to.
/var/log/containersc
creamy-pencil-82913
05/08/2022, 11:36 PMThat's the standard location for the kubelet as far as I know, it's not custom to k3s or rke2 but it may be different than when the kubelet uses the legacy dockershim?