Skip to content

cluster-level-logging architecture

Cluster-level-logging architecture refers to the design approach in Kubernetes where the logging system is completely independent of the lifecycle of containers, Pods, and Nodes^[400-devops__06-Kubernetes__k8s-paas__原理及源码解析__Kubernetes相关生态.md]。

This architecture decouples log collection from application execution. By ensuring the logging system does not depend on the state of the cluster components, it guarantees that application logs remain accessible even if a container crashes, a Pod is deleted, or a Node fails^[400-devops__06-Kubernetes__k8s-paas__原理及源码解析__Kubernetes相关生态.md]。

Node-Level Logging Agent

The first and most common architecture involves deploying a centralized logging agent on each Node^[400-devops__06-Kubernetes__k8s-paas__原理及源码解析__Kubernetes相关生态.md]。

In this model, the logging agent runs as a DaemonSet, ensuring one instance runs per node. It mounts the host's container log directory (where logs are written to stdout and stderr) and forwards these logs to a backend storage system^[400-devops__06-Kubernetes__k8s-paas__原理及源码解析__Kubernetes相关生态.md]。

The primary advantages of this approach are resource efficiency—one agent per node—and non-intrusiveness, as it requires no changes to the application or Pods^[400-devops__06-Kubernetes__k8s-paas__原理及源码解析__Kubernetes相关生态.md]。

However, a significant limitation is that applications must output logs to stdout and stderr. High-volume logging can exhaust system log quotas, potentially causing logs to be dropped unless quotas are increased or storage is mounted^[400-devops__06-Kubernetes__k8s-paas__原理及源码解析__Kubernetes相关生态.md]。

Sidecar with Logging Re-direction

If an application cannot write logs to standard output (e.g., it writes to specific files), a sidecar container can be introduced^[400-devops__06-Kubernetes__k8s-paas__原理及源码解析__Kubernetes相关生态.md]。

In this architecture, the sidecar container mounts the application's log volume and continuously tails the log files, re-emitting their contents to its own stdout and stderr streams^[400-devops__06-Kubernetes__k8s-paas__原理及源码解析__Kubernetes相关生态.md]。 This allows the standard Node-level logging agent (the DaemonSet) to capture the logs as if they came directly from the application.

The major disadvantage of this method is resource waste. It results in duplicate log files on the host: the original file written by the application and the JSON file corresponding to the sidecar's output^[400-devops__06-Kubernetes__k8s-paas__原理及源码解析__Kubernetes相关生态.md]。 This approach is generally discouraged unless the application container cannot be modified^[400-devops__06-Kubernetes__k8s-paas__原理及源码解析__Kubernetes相关生态.md]。

Sidecar with Remote Shipping

A third architecture bypasses the Node-level agent entirely by using a sidecar container specifically configured to send logs directly to a remote backend^[400-devops__06-Kubernetes__k8s-paas__原理及源码解析__Kubernetes相关生态.md]。

Here, the sidecar reads the application's log files and streams them to a backend (such as Elasticsearch) using a logging driver like Fluentd^[400-devops__06-Kubernetes__k8s-paas__原理及源码解析__Kubernetes相关生态.md]。

This method is simple to deploy and host-friendly. However, the sidecar may consume significant resources, potentially impacting the performance of the main application container^[400-devops__06-Kubernetes__k8s-paas__原理及源码解析__Kubernetes相关生态.md]。 Additionally, because logs are not written to stdout, they will not be visible via kubectl logs^[400-devops__06-Kubernetes__k8s-paas__原理及源码解析__Kubernetes相关生态.md]。

Operational Considerations

Regardless of the specific architecture chosen, log rotation and storage management are critical^[400-devops__06-Kubernetes__k8s-paas__原理及源码解析__Kubernetes相关生态.md]。

Log files must be cleaned from the host machine promptly, or the log directory must be mounted to a remote storage volume with sufficient capacity^[400-devops__06-Kubernetes__k8s-paas__原理及源码解析__Kubernetes相关生态.md]。 Failure to do so can fill the main disk partition, potentially leading to system crashes^[400-devops__06-Kubernetes__k8s-paas__原理及源码解析__Kubernetes相关生态.md]。

Sources

^[400-devops__06-Kubernetes__k8s-paas__原理及源码解析__Kubernetes相关生态.md]