Forward pod logs from namespace if I have only namespace-scope access

is there any tool to forward pod logs from a namespace if i have only namespace-scope access to the namespace via a user role (openshift) i looked into grafana-agent. but it seems to be cluster-scope only

I think that collecting logs is a cluster (if not company)-wide task.

yes, but there is no logging operator in place

in these cases, usually, the solution is a large meeting with a lot of people :sweat_smile:

jokes aside, you could use a sidecar container with a tool (like fluentd) forwarding logs to your preferred infrastructure (ELK, Splunk, …)

i have. but i can only forward file based logs, but not container outputs. i’d like to forward those

Logs from the stdout/stderr of all pods can be accessed either via kubectl or directly from the designated log folder (var/log) on the Node.

for events i’ve found eventrouter. but there seems to be nothing for logs

for instance:
https://kodekloud.com/blog/kubernetes-sidecar-container/

is there a way a sidecar could read the output from a container - like redirecting it to a file or something

article says “either via ‘kubectl’ or accessing log folder of node sandbox”.
Example uses kubectl.

oh, you mean the socat thingy. i’ll try that

Another says:

“A solution, which from a security and portability perspective you would definitely NOT implement, is to add a hostPath mount in your container mounting the /var/log/containers directory of your node and to access the container log directly”

i can’t, don’t have permissions in the cluster other than for my namespace

then try the kubectl hack

i was hoping for this here: but it seems, its cluster scope only
https://grafana.com/docs/agent/latest/flow/reference/components/loki.source.podlogs/

‘kubectl logs’ uses the APIserver endpoint, that perhaphs you could also access directly

i can, but i don’t know how to handle events, so that i only stream logs entries once

I think that mixing different log formats in same stream is not a good practice

here:
https://github.com/fluent/fluent-bit/issues/5059
an interesting thread