If your organization uses Elasticsearch, either on premise or in the cloud, you can configure Rancher to send it Kubernetes logs. Afterwards, you can log into your Elasticsearch deployment to view logs for your cluster or container.

Configuring Elasticsearch Logging

You can configure Rancher to send logs from your cluster or project to your instance of Elasticsearch.

Prerequisites: Configure an Elasticsearch deployment.

  1. Browse to the cluster or project that you want to log.

    If you’re a cluster owner or member who works in operations or security, configure cluster logging.

    1. From the Global view, open the cluster that you want to configure logging for.

    2. From the main menu, select Tools > Logging.

    If you’re a project owner or member who works on an application, configure project logging.

    1. From the Global view, open the project that you want to configure logging for.

    2. From the main menu, select Resources > Logging.

  2. Select Elasticsearch.

  3. Complete the Elasticsearch Configuration form.

    1. From the Endpoint field, enter the IP address and port for your Elasticsearch instance. You can copy this information from the dashboard of your Elasticsearch deployment. Elasticsearch usually uses port 9243.

    2. If you are using X-Pack Security, enter your Elasticsearch Username and Password for authentication.

    3. Enter an Index Pattern.

  4. If your instance of Elasticsearch uses SSL, complete the SSL Configuration form.

    1. Enter a private key and client certificate. Either copy and paste them or browse to them using Read from a file. This certificate will be installed on your logging server.

      You can use either a self-signed certificate or one provided by a certificate authority.

      You can generate a self-signed certificate using an openssl command. For example:

      openssl req -x509 -newkey rsa:2048 -keyout myservice.key -out myservice.cert -days 365 -nodes -subj "/CN=myservice.example.com"
    2. Enter your private key password.

    3. If you are using a certificate from a certificate authority (and not a self-signed certificate), select the Enabled - Input trusted server certificate option and then enter your Trusted Server Certificate.

  5. Complete the Additional Logging Configuration form.

    1. Optional: Use the Add Field button to add custom log fields to your logging configuration. These fields are key value pairs (such as foo=bar) that you can use to filter the logs from another system.

    2. Enter a Flush Interval. This value determines how often Fluentd flushes data to the logging server. Intervals are measured in seconds.

  6. Click Save.

Result: Rancher is now configured to send cluster and container logs to Elasticsearch. Log into Elasticsearch or Kibana to view your cluster/project logs.