I have set up openshift 3.11 cluster with EFK stack and I can see all the operation logs and project logs on kibana being forwarded by Fluentd.
I have application containers deployed in openshift which doesn't do the logging on stdout. There are suggestions to use fluentd as a side car but I do not want to go for this option because then I will end up with all my containers running with fluentd side car which is resource hungry and not reliable.
I want fluentd daemonset to be used for this purpose. To achieve this, I have mounted the log directory on hostpath. I can make fluentd read that volume as well.
Now the challenge is to get the POD and container metadata such as namespace name, pod name etc with the logs being forwarded by fluentd. To achieve that, I want to create the hostPath with all those information same as what is being done in /var/log/containers/ directory and then create a fluentd filter to get the required information.
I can see now that can be done at some level by using subPathExpr feature.