Permission issue when reading container logs with fluentd in Kubernetes
This is not a permission issue but broken symlinks.Kubernetes is using symbolic links from /var/log/containers
to /var/log/pods
to /var/lib/docker/containers
. You can confirm this from any node of your cluster using ls -la
Your DaemonSet configuration should include something like:
volumeMounts:- name: varlog mountPath: /var/log/ readOnly: true - name: varlibdockercontainers mountPath: /var/lib/docker/containers readOnly: true[...]volumes:- name: varlog hostPath: path: /var/log/- name: varlibdockercontainers hostPath: path: /var/lib/docker/containers
This way, you are mounting both the logs files directory and the symlinks of symlinks so your fluentd can read everything.