Send logs from Kubernetes to Loki

A simple guide to send logs from Kubernetes to Loki in just a few minutes.
type: tutorialdomain: platformsdomain: sinksplatform: kubernetessource: kubernetes_logssink: loki

Logs are an essential part of observing any service; without them you'll have significant blind spots. But collecting and analyzing them can be a real challenge -- especially at scale. Not only do you need to solve the basic task of collecting your logs, but you must do it in a reliable, performant, and robust manner. Nothing is more frustrating than having your logs pipeline fall on it's face during an outage, or even worse, cause the outage!

Fear not! In this guide we'll build an observability pipeline that will send logs from Kubernetes to Loki.

Background

What is Kubernetes?

Kubernetes, also known as k8s, is an open-source container-orchestration system for automating application deployment, scaling, and management.

What is Loki?

Loki is a horizontally-scalable, highly-available, multi-tenant log aggregation system inspired by Prometheus. It is designed to be very cost effective and easy to operate. It does not index the contents of the logs, but rather a set of labels for each log stream.

Strategy

How This Guide Works

We'll be using Vector to accomplish this task. Vector is a popular open-source observability data platform. It's written in Rust, making it lightweight, ultra-fast and highly reliable. And we'll be deploying Vector as a agent.

Vector daemon deployment strategyVector daemon deployment strategy
1. Your service logs to STDOUT
STDOUT follows the 12 factor principles.
2. STDOUT is captured
STDOUT is captured and sent to a Kubernetes cluster.
3. Vector collects & fans-out data
Vector will sends logs to [Loki](https://grafana.com/oss/loki/).

What We'll Accomplish

We'll build an observability data platform that:

  • Collects all log data for Kubernetes Nodes, automatically enriching data with Kubernetes metadata via the Kubernetes API.
    • Enriches data with useful Kubernetes context.
    • Efficiently collects data and checkpoints read positions to ensure data is not lost between restarts.
  • Sends logs to Loki.
    • Buffers data in-memory or on-disk for performance and durability.
    • Compresses data to optimize bandwidth.
    • Automatically retries failed requests, with backoff.
    • Securely transmits data via Transport Layer Security (TLS).
    • Batches data to maximize throughput.

All in just a few minutes!

Tutorial

Helm 3
  1. Add the Vector repo

    helm repo add timberio https://packages.timber.io/helm/latest
  2. Check available Helm chart configuration options

    helm show values timberio/vector-agent
  3. Configure Vector

    cat <<-'VALUES' > values.yaml
    # The Vector Kubernetes integration automatically defines a
    # kubernetes_logs source that is made available to you.
    # You do not need to define a log source.
    sinks:
    # Adjust as necessary. By default we use the console sink
    # to print all data. This allows you to see Vector working.
    # https://vector.dev/docs/reference/sinks/
    stdout:
    type: console
    inputs: ["kubernetes_logs"]
    rawConfig: |
    target = "stdout"
    encoding = "json"
    VALUES
  4. Install Vector

    helm install --namespace vector --create-namespace vector timberio/vector-agent --values values.yaml
  5. Observe Vector

    kubectl logs --namespace vector daemonset/vector-agent
    explain this command

Next Steps

Vector is powerful tool and we're just scratching the surface in this guide. Here are a few pages we recommend that demonstrate the power and flexibility of Vector:

Vector Github repo 4k
Vector is free and open-source!
Vector getting started series
Get setup in just a few minutes
Vector documentation
Everything you need to know about Vector