When you enable cluster logging, rancher will create log-aggregator daemon set. I believe, that /var/log/docker/containers… local path on each node is mounted just to fluentd pods. Does it not enough to gather cluster logs? Why we need log-aggregator?
The log aggregator captures the container’s stdout/err (docker logs <id>
). The volume allows you to capture arbitrary files that are being written in the container (e.g. /var/log/yourapp.log
).
Container’s stdout/err is written down to /var/log/docker/containers/*.log by docker log driver, isn’t it? Docker logs command shows this log files. This dir is mounted to fluentd container, so container’s stdout can be parsed just by fluentd, i believe.
But capturing arbitrary files from container with log-aggregator does make sense. Thank you to figure it out for me.