Kahibaro
Discord Login Register

12.3 Logging architecture

Key Goals of the Logging Architecture in OpenShift

OpenShift’s logging architecture is designed to:

This chapter focuses on how these goals are achieved structurally, not on how to use specific tools step-by-step.

Main Components of the OpenShift Logging Stack

While implementations evolve between OpenShift versions, the logical architecture typically includes:

Node-Level Log Collection

On every node, logs are generated from:

A log collector runs as a DaemonSet so that:

This metadata is critical for multi-tenant access control and for routing.

Log Types and Logical Separation

OpenShift conceptually separates logs into three categories:

This separation allows:

In the logging architecture, these categories are implemented as different pipelines or indices/tenants in the backend.

OpenShift Logging Stacks: Classic vs Modern

The concrete components differ by OpenShift release, but the architectural roles remain similar.

Classic EFK-Based Architecture (Elasticsearch, Fluentd/Fluent Bit, Kibana)

Older or “classic” OpenShift logging often uses an EFK pattern:

Architectural characteristics:

This architecture is resource-intensive (especially Elasticsearch) and often used together with Operator-based management.

Loki-Based Architecture and Logging with Operators

More recent OpenShift logging stacks commonly use:

Typical structure:

Architectural implications:

Log Routing and Pipelines

The routing logic is central to the logging architecture. It defines:

ClusterLogForwarder and Pipelines (Conceptual Model)

In recent OpenShift releases, log forwarding is configured via CRDs like ClusterLogForwarder:

Pipelines connect inputs to outputs, optionally with filters in between:

Multi-Tenancy and Isolation in Log Routing

The architecture must align with OpenShift’s multi-tenant model:

This is implemented via:

Storage, Retention, and Scalability

Storage Layout

In the backend (Elasticsearch or Loki), the architecture typically organizes logs by:

This layout supports:

Retention and Lifecycle Management

The logging architecture supports different retention policies, such as:

Actual implementation can involve:

Scaling Considerations

The architecture scales horizontally by:

Key architectural trade-offs:

Integration Points and Access Paths

Integration with the OpenShift Web Console

The logging architecture integrates with the console to provide:

From an architectural standpoint:

External Logging and SIEM Systems

Many environments integrate OpenShift logs into existing enterprise logging platforms. Architecturally, this is enabled by:

The internal logging stack may:

Security and Compliance Aspects of the Architecture

While detailed security topics belong to security chapters, the logging architecture structurally supports:

Architectural choices here are driven by:

High-Level Data Flow Summary

Bringing the pieces together, a typical OpenShift logging data flow looks like:

  1. Log generation
    • Containers, nodes, control-plane components, and APIs emit logs.
  2. Collection on nodes
    • A daemonset collector reads log files or streams and attaches metadata.
  3. Classification and routing
    • Logs are classified as application, infrastructure, or audit.
    • Routing pipelines decide destinations and apply transformations.
  4. Transmission
    • Logs are sent over secure channels to:
      • Internal logging backend(s).
      • External log receivers and SIEM tools.
  5. Storage and indexing
    • Backends store logs partitioned by time, category, and tenant.
    • Indices or streams are managed by lifecycle and retention policies.
  6. Access and analysis
    • Users and operators query logs via:
      • OpenShift web console.
      • CLI tools.
      • Backend-native interfaces like Kibana or Grafana.
    • RBAC and backend permissions govern visibility.

This logical architecture ensures that, as clusters and workloads scale, logs remain centralized, searchable, and governed according to organizational policies.

Views: 68

Comments

Please login to add a comment.

Don't have an account? Register now!