Search code examples
kubernetesgoogle-cloud-platformgoogle-kubernetes-enginefluentdstackdriver

How to change fluentd config for GKE-managed logging agent?


I have a container cluster in Google Container Engine with Stackdriver logging agent enabled. It is correctly pulling stdout logs from my containers. Now I would like to change the fluentd config to specify a log parser so that the logs shown in the GCP Logging view will have the correct severity and component.

Following this Stackdriver logging guide from kubernetes.io, I have attempted to:

  1. Get the fluentd ConfigMap as a yml file
  2. Added a new <filter> according to my log4js log format
  3. Created a new ConfigMap named fluentd-cm-2 in kube-system namespace
  4. Edited the DaemonSet for fluentd and set its ConfigMap to fluentd-cm-2. I did this using kubectl edit ds instead of kubectl replace -f because the latter failed with an error message: "the object has been modified", even after getting a fresh copy of the DaemonSet yaml.

Unexpected result: The DaemonSet is restarted, but its configuration is reverted back to the original ConfigMap, so my changes did not take effect.

I have also tried editing the ConfigMap directly (kubectl edit cm fluentd-gcp-config-v1.1 --namespace kube-system) and saved it, but it was also reverted.

I noticed that the DaemonSet and ConfigMap for fluentd are tagged with addonmanager.kubernetes.io/mode: Reconcile. I would conclude that GKE has overwritten my settings because of this "reconcile" mode.

So, my question is: how can I change the fluentd configuration in a Google Container Engine cluster, when the logging agent was installed by GKE on cluster provisioning?


Solution

  • Please take a look at the Prerequisites section on the documentation page you mentioned. It's mentioned there, that on GKE you cannot change the default Stackdriver Logging integration. The reason is that GKE maintains this configuration: updates the agent, watches its health and so on. It's not possible to provide the same level of support for all possible configurations.

    However, you can always disable the default integration and deploy your own, patched version of DaemonSet. You can find out how to disable the default integration in the GKE documentation:

    gcloud beta container clusters update [CLUSTER-NAME] \ --logging-service=none

    Note, that after you disabled the default integration, you have to maintain the new deployment yourself: update the agent, set the resources, watch its health.