Kubernetes
The Watchlog Agent can monitor log files from other pods/containers in Kubernetes using ConfigMap and volume mounts.
Configuration Methods
The agent supports two methods for configuring log watchlist in Kubernetes:
- ConfigMap (Recommended): Mount
log-watchlist.jsonas a ConfigMap - Environment Variable: Use
LOG_WATCHLIST_JSONenvironment variable (backward compatibility)
Method 1: Using ConfigMap (Recommended)
Step 1: Create log-watchlist.json
Create a file named log-watchlist.json:
[
{
"name": "app-logs",
"path": "/shared-logs/app.log",
"service": "application",
"format": "auto"
},
{
"name": "nginx-access",
"path": "/shared-logs/nginx/access.log",
"service": "nginx",
"format": "auto"
}
]
Step 2: Create ConfigMap
kubectl create configmap watchlog-log-watchlist \
--from-file=log-watchlist.json=/path/to/log-watchlist.json \
-n monitoring
Step 3: Mount ConfigMap in Deployment
Add the ConfigMap as a volume mount in your deployment:
apiVersion: apps/v1
kind: DaemonSet
metadata:
name: watchlog-node-agent
namespace: monitoring
spec:
template:
spec:
containers:
- name: agent
image: watchlog/watchlog-node-agent:latest
volumeMounts:
- name: config
mountPath: /app/app/config
readOnly: true
- name: log-watchlist
mountPath: /app/app/config/log-watchlist.json
subPath: log-watchlist.json
readOnly: true
# Mount shared volume for logs from other pods
- name: shared-logs
mountPath: /shared-logs
readOnly: true
volumes:
- name: config
configMap:
name: watchlog-config
- name: log-watchlist
configMap:
name: watchlog-log-watchlist
- name: shared-logs
persistentVolumeClaim:
claimName: shared-logs-pvc
Method 2: Using Environment Variable
You can also pass the configuration via environment variable:
env:
- name: LOG_WATCHLIST_JSON
value: '[{"name":"app-logs","path":"/shared-logs/app.log","service":"application","format":"auto"}]'
Accessing Logs from Other Pods
To access logs from other pods/containers, you need to use shared volumes:
Using PersistentVolumeClaim (Recommended)
- Create a PersistentVolumeClaim:
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: shared-logs-pvc
namespace: default
spec:
accessModes:
- ReadWriteMany
resources:
requests:
storage: 10Gi
- Mount the PVC in your application pod:
apiVersion: v1
kind: Pod
metadata:
name: my-app
spec:
containers:
- name: app
image: my-app-image
volumeMounts:
- name: logs
mountPath: /app/logs
volumes:
- name: logs
persistentVolumeClaim:
claimName: shared-logs-pvc
- Mount the same PVC in watchlog-agent:
volumeMounts:
- name: shared-logs
mountPath: /shared-logs
readOnly: true
volumes:
- name: shared-logs
persistentVolumeClaim:
claimName: shared-logs-pvc
- Configure log-watchlist.json:
[
{
"name": "app-logs",
"path": "/shared-logs/app.log",
"service": "application",
"format": "auto"
}
]
Using HostPath (For Node-level Logs)
If your application writes logs to the node filesystem, you can use HostPath:
volumeMounts:
- name: host-logs
mountPath: /host-logs
readOnly: true
volumes:
- name: host-logs
hostPath:
path: /var/log/my-app
type: Directory
Then in log-watchlist.json:
[
{
"name": "app-logs",
"path": "/host-logs/app.log",
"service": "application",
"format": "auto"
}
]
Log Format Options
"format": "auto"- Automatically detect log format (nginx, pm2, redis, mysql, docker, postgresql, mongodb)"format": "custom"- Use a custom regex pattern:
{
"name": "custom-logs",
"path": "/shared-logs/custom.log",
"service": "custom",
"format": "custom",
"pattern": "^(?<date>\\d{4}-\\d{2}-\\d{2}) \\[(?<level>\\w+)\\] (?<message>.*)$"
}
Important Notes
- The path in
log-watchlist.jsonmust be relative to the mount point in the container - Use
ReadWriteManyaccess mode for PVCs that need to be shared across multiple pods - For security, mount volumes as
readOnly: truewhen possible - The agent automatically reloads the configuration when
log-watchlist.jsonchanges (if mounted as a file)