Install cluster logging operator on OpenShift/OKD 4.x

You can download this article in PDF format via the link below to support us.Download the guide in PDF formatClose

The cluster logging operator creates and manages the components of the logging stack in your OpenShift or OKD 4.x cluster. Cluster logging is used to aggregate all logs from the OpenShift Container Platform cluster, such as application container logs, node system logs, audit logs, etc.

In this article, we will install the Logging Operator and create a Cluster Logging Custom Resource (CR) to schedule cluster logging pods and other resources necessary to support cluster logging. By using the operator, the initial deployment, upgrade and maintenance of the cluster log is the responsibility of the operator, not the job of SysAdmin.

Install cluster logging operator on OpenShift/OKD 4.x

The default cluster logging custom resource (CR) is named Instance. This CR can be modified to define a complete cluster logging deployment, which includes all components of the logging stack to collect, store, and visualize logs. The cluster logging operator monitors the ClusterLogging custom resource and adjusts the logging deployment accordingly.

We will perform the deployment from the command line interface. The focus of this article is the log collection part. We will also have other articles explaining log storage and visualization.

Step 1: Create an operator namespace

We will create a namespace called openshift-logging for the Logging operator.

Create a new object YAML file for namespace creation:

cat << EOF >ocp_cluster_logging_namespace.yaml
apiVersion: v1
kind: Namespace
metadata:
  name: openshift-logging
  annotations:
    openshift.io/node-selector: ""
  labels:
    openshift.io/cluster-logging: "true"
    openshift.io/cluster-monitoring: "true"
EOF

Apply the file to actually create the namespace.

oc apply -f ocp_cluster_logging_namespace.yaml

Step 2: Create an OperatorGroup object

Next is to install the cluster logger. Create the OperatorGroup object YAML by running the following command.

cat << EOF >cluster-logging-operatorgroup.yaml
apiVersion: operators.coreos.com/v1
kind: OperatorGroup
metadata:
  name: cluster-logging
  namespace: openshift-logging 
spec:
  targetNamespaces:
  - openshift-logging
EOF

Create an OperatorGroup object:

oc apply -f cluster-logging-operatorgroup.yaml

Step 3: Subscribe to the namespace for the cluster logging operator.

We need to reserve the namespace for the cluster logging operator. But first create a YAML file of the Subscription object.

cat << EOF >cluster-logging-sub.yaml
apiVersion: operators.coreos.com/v1alpha1
kind: Subscription
metadata:
  name: cluster-logging
  namespace: openshift-logging
spec:
  channel: "4.4" # Set Channel
  name: cluster-logging
  source: redhat-operators
  sourceNamespace: openshift-marketplace
EOF

Create a subscription object for deploying cluster logging operators to the openshift-logging namespace:

oc apply -f cluster-logging-sub.yaml

Verify the installation:

$ oc get csv -n openshift-logging
NAME                                           DISPLAY                          VERSION                 REPLACES                                       PHASE
clusterlogging.4.4.0-202009161309.p0           Cluster Logging                  4.4.0-202009161309.p0                                                  Succeeded
elasticsearch-operator.4.4.0-202009161309.p0   Elasticsearch Operator           4.4.0-202009161309.p0   elasticsearch-operator.4.4.0-202009041255.p0   Succeeded

Step 4: Create a cluster logging instance

Create an instance object YAML file for the cluster logging operator:

cat << EOF >cluster-logging-instance.yaml
apiVersion: "logging.openshift.io/v1"
kind: "ClusterLogging"
metadata:
  name: "instance" 
  namespace: "openshift-logging"
spec:
  managementState: "Managed"  
  curation:
    type: "curator"  
    curator:
      schedule: "30 3 * * *"
  collection:
    logs:
      type: "fluentd"  
      fluentd: {}
EOF

Create a logging instance:

oc apply -f cluster-logging-instance.yaml

Check the running Pod after a few minutes.

$ oc get pods -n openshift-logging
NAME                                       READY   STATUS    RESTARTS   AGE
cluster-logging-operator-f7574655b-mjj9x   1/1     Running   0          73m
fluentd-57d6h                              1/1     Running   0          36s
fluentd-dfvdc                              1/1     Running   0          36s
fluentd-j7xs8                              1/1     Running   0          36s
fluentd-ss5wr                              1/1     Running   0          36s
fluentd-tbg4c                              1/1     Running   0          36s
fluentd-tzjtg                              1/1     Running   0          36s
fluentd-v9xz9                              1/1     Running   0          36s
fluentd-vjpqp                              1/1     Running   0          36s
fluentd-z7vzf                              1/1     Running   0          36s

In our next article, we will introduce how to send logs on OpenShift Cluster to external Splunk and ElasticSearch Logging settings.

In the meantime, check out other articles about OpenShift.

Expose the OpenShift internal registry from the outside and log in with Docker/Podman CLI

How to run telnet/tcpdump in OpenShift v4 CoreOS node

Grant users access to projects/namespaces in OpenShift

Configure Chrony NTP service on OpenShift 4.x / OKD 4.x

You can download this article in PDF format via the link below to support us.Download the guide in PDF formatClose

Sidebar