kubernetes: Collect and parse the Kubernetes CRI (Container Runtime Interface) format

The kubernetes() source collects container logs managed by the Kubelet. It reads plain-text and JSON-formatted container logs (as described in the Container Runtime Interface (CRI) design proposal), for example, from the /var/log/containers or /var/log/pods files, and enriches them with various metadata retrieved from the Kubernetes API.

The kubernetes() source is available in AxoSyslog version 3.37 and later.

By default, it reads the /var/log/containers folder and extracts:

the log content, and
Kubernetes metadata, for example, namespace, pod, and container information.

The Kubernetes-related metadata is available in name-value pairs with the .k8s. prefix. The following table shows the retrieved metadata and their source:

`syslog-ng` name-value pair	source
`.k8s.namespace_name`	Container log file name.
`.k8s.pod_name`	Container log file name.
`.k8s.pod_uuid`	Container log file name or python kubernetes.client.CoreV1Api.
`.k8s.container_name`	Container log file name or python kubernetes.client.CoreV1Api.
`.k8s.container_id`	Container log file name.
`.k8s.container_image`	python kubernetes.client.CoreV1Api.
`.k8s.container_hash`	python kubernetes.client.CoreV1Api.
`.k8s.docker_id`	python kubernetes.client.CoreV1Api.
`.k8s.labels.*`	python kubernetes.client.CoreV1Api.
`.k8s.annotations.*`	python kubernetes.client.CoreV1Api.

Declaration

   kubernetes(
        base-dir("<pathname>")
    );

kubernetes() source options

Last modified December 18, 2024: Merge pull request #90 from axoflow/minor-fixes-241218 (68cd7df)