I have deployed my application image into Kubernetes.
Trying to send application logs to Splunk. One option would be to use DeamonSet. But, due to some restrictions, I would like to use sidecar.
Is there any sidecar for sending logs from kubernets docker to Splunk?
Or else, any direction will be appreciated.
Thanks
As you say, you could add a docker container to your pod with a shared volume, for example
apiVersion: v1
kind: Pod
metadata:
name: app-with-sidecar-logs
spec:
volumes:
- name: logs
emptyDir: {}
containers:
- name: app
image: nginx
volumeMounts:
- name: logs
mountPath: /var/logs
- name: fluentd
image: fluent/fluentd
volumeMounts:
- name: logs
mountPath: /var/logsYou could use the splunk plugin for fluentd configuring and running the docker container properly.
<match pattern>
type splunk
host <splunk_host>
port <splunk_port>
</match>
More info:
https://www.fluentd.org/plugins
https://github.com/parolkar/fluent-plugin-splunk
https://www.loggly.com/blog/how-to-implement-logging-in-docker-with-a-sidecar-approach/ . Notice this is for loggly, but the idea is the same.