Explore documentation
  1. Welcome to Telemetry👋
  2. Quick start guide
  3. Ingesting data
    1. Vector (Recommended)
    2. OpenTelemetry
    3. Ingesting via HTTP API
    4. Ingesting metrics
    5. Ingesting logs
      1. Docker & Kubernetes
        1. Docker
        2. Kubernetes
        3. Amazon ECS
        4. Dokku
      2. Operating systems
      3. Log forwarders
      4. Programming languages
      5. Cloud platforms
      6. Web servers & Load balancers
      7. Databases & queues
      8. Storage
    6. Migrating to Better Stack
  4. Telemetry API
    1. Getting an API token
    2. Sources API
    3. Metrics API
    4. Query API
  5. Using the product
    1. Wide-events vs. time series
    2. Transforming ingested data
    3. Querying data
    4. Alerts

Better Stack Kubernetes logging

Start logging in 2 minutes

How do you want to integrate Better Stack with your Kubernetes cluster?

Helm

1. Add Helm repository

Add Better Stack Helm repository:

Add Helm repo
helm repo add betterstack-logs https://betterstackhq.github.io/logs-helm-chart
helm repo update

2. Set up Helm chart

Create values.yaml config file with the following contents:

Default Disabled TLS GKE Autopilot 
vector:
  customConfig:
    sinks:
      better_stack_http_sink:
        uri: "https://$INGESTING_HOST/"
        auth:
          strategy: "bearer"
          token: "$SOURCE_TOKEN"
      better_stack_http_metrics_sink:
        uri: "https://$INGESTING_HOST/metrics"
        auth:
          strategy: "bearer"
          token: "$SOURCE_TOKEN"
# config with disabled TLS (e.g. for Minikube)
vector:
  customConfig:
    sinks:
      better_stack_http_sink:
        uri: "https://$INGESTING_HOST/"
        auth:
          strategy: "bearer"
          token: "$SOURCE_TOKEN"
      better_stack_http_metrics_sink:
        uri: "https://$INGESTING_HOST/metrics"
        auth:
          strategy: "bearer"
          token: "$SOURCE_TOKEN"
    sources:
      better_stack_kubernetes_metrics_nodes:
        tls:
          verify_certificate: false
          verify_hostname: false
      better_stack_kubernetes_metrics_pods:
        tls:
          verify_certificate: false
          verify_hostname: false

metrics-server:
  args:
    - --kubelet-insecure-tls
# config for GKE Autopilot cluster
vector:
  customConfig:
    sinks:
      better_stack_http_sink:
        uri: "https://$INGESTING_HOST/"
        auth:
          strategy: "bearer"
          token: "$SOURCE_TOKEN"
      better_stack_http_metrics_sink:
        uri: "https://$INGESTING_HOST/metrics"
        auth:
          strategy: "bearer"
          token: "$SOURCE_TOKEN"
    sources:
      better_stack_kubernetes_metrics_nodes:
        endpoint: "https://metrics-server.kube-system/apis/metrics.k8s.io/v1beta1/nodes"
        tls:
          verify_certificate: false
          verify_hostname: false
      better_stack_kubernetes_metrics_pods:
        endpoint: "https://metrics-server.kube-system/apis/metrics.k8s.io/v1beta1/pods"
        tls:
          verify_certificate: false
          verify_hostname: false

  # Disable persistence using a volume mount
  persistence:
    hostPath:
      enabled: false

  # Override default volumes and mounts to ensure only /var/log is mounted
  defaultVolumes:
    - name: var-log
      hostPath:
        path: /var/log
        type: DirectoryOrCreate
  defaultVolumeMounts:
    - name: var-log
      mountPath: /var/log
      readOnly: true

# Metrics server is already installed
metrics-server:
  enabled: false

3. Deploy the chart

Install the Better Stack chart:

Install Install without metrics server 
helm install betterstack-logs betterstack-logs/betterstack-logs -f values.yaml
helm install betterstack-logs betterstack-logs/betterstack-logs -f values.yaml \
  --set metrics-server.enabled=false

Already have metrics server installed?

Install Better Stack chart without metrics server using code block above.
Alternatively, set metrics-server.enabled=false in values.yaml.

You should see your logs in Better Stack → Live tail.

Check out your metrics in the Kubernetes dashboard.

Kubernetes version 1.15 or higher is required.

Need help?

Please let us know at hello@betterstack.com.
We're happy to help! 🙏

Kustomize

1. Install Kubernetes Metrics Server

Install Kubernetes Metrics Server into your cluster:

Install Metrics Server
kubectl apply -f https://github.com/kubernetes-sigs/metrics-server/releases/download/v0.6.4/components.yaml

2. Create namespace

Create namespace configuration file:

Create namespace
kubectl create namespace --dry-run=client -o yaml vector > namespace.yaml

3. Set up Kustomization

Save the following config as kustomization.yaml:

Kustomization config
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization

# Override the namespace of all of the resources we manage.
namespace: vector

images:
  # Override the Vector image to pin the version used.
  - name: timberio/vector
    newName: timberio/vector
    newTag: 0.33.0-distroless-libc

resources:
  # The namespace previously created to keep the resources in.
  - namespace.yaml
  # RBAC config allowing Vector access to metrics and creating a Secret with the service account.
  - rbac.yaml
  # Include Vector recommended base (from git).
  - github.com/vectordotdev/vector/distribution/kubernetes/vector-agent

configMapGenerator:
  # ConfigMap with Vector config.
  - name: vector
    behavior: replace
    files:
      - vector-agent.yaml

patches:
  # Prevent data dir read-only volume mount issue: https://github.com/vectordotdev/helm-charts/issues/226
  # Set volumeMount readOnly: false
  # Also, add vector SA token into an ENV variable, Vector will use it to connect to metrics-server
  - patch: |-
      - op: replace
        path: /spec/template/spec/containers/0/volumeMounts/3/readOnly
        value: false
      - op: add
        path: /spec/template/spec/containers/0/env/-
        value:
          name: SERVICE_ACCOUNT_TOKEN
          valueFrom:
            secretKeyRef:
              name: vector-service-account
              key: token
    target:
      group: apps
      version: v1
      kind: DaemonSet
      name: vector

4. Set up RBAC configuration

Save the following config as rbac.yaml to allow Vector to access the Metrics Server:

RBAC config
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
  name: vector-metrics
  labels:
    app.kubernetes.io/name: vector
    app.kubernetes.io/instance: vector
    app.kubernetes.io/component: Agent
rules:
  - apiGroups:
      - "metrics.k8s.io"
    resources:
      - nodes
      - pods
    verbs:
      - list
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
  name: vector-metrics
  labels:
    app.kubernetes.io/name: vector
    app.kubernetes.io/instance: vector
    app.kubernetes.io/component: Agent
roleRef:
  apiGroup: rbac.authorization.k8s.io
  kind: ClusterRole
  name: vector-metrics
subjects:
  - kind: ServiceAccount
    name: vector
    namespace: vector
---
apiVersion: v1
kind: Secret
metadata:
  name: vector-service-account
  annotations:
    kubernetes.io/service-account.name: "vector"
type: kubernetes.io/service-account-token

5. Set up Vector

Download Vector configuration for your source:

Download Vector config
curl -o vector-agent.yaml \
    https://telemetry.betterstack.com/vector-yaml/kubernetes/$SOURCE_TOKEN

6. Reload & restart

Reload Vector configuration and restart it:

Reload and restart
kubectl apply -k .
kubectl rollout restart -n vector daemonset/vector

You should see your logs in Better Stack → Live tail.

Check out your metrics in the Kubernetes dashboard.

Kubernetes version 1.15 or higher is required.

Using Minikube to test the setup?

Disable certificate validation to prevent TLS errors:

  • Add --kubelet-insecure-tls to args config of metrics-server DaemonSet
  • Add tls.verify_certificate = false and tls.verify_hostname = false to all http_client sources in vector-agent.yaml

Need help?

Please let us know at hello@betterstack.com.
We're happy to help! 🙏

Additional information

Interested in reading about installing and configuring Vector in more detail?
Check out the official Vector Kubernetes installation guide.

Want an overview of different tools for monitoring Kubernetes?
Head to comparison of best Kubernetes monitoring tools.

Filtering logs sent to Better Stack

Customize your Vector configuration by adding a Vector filter transform between the better_stack_http_sink sink and its original inputs:

values.yaml (Helm) vector-agent.yaml (Kustomize) 
vector:
  customConfig:
    sinks:
      better_stack_http_sink:
        uri: "https://$INGESTING_HOST/"

        inputs: [better_stack_http_filter]

        auth:
          strategy: "bearer"
          token: "$SOURCE_TOKEN"
      better_stack_http_metrics_sink:
        uri: "https://$INGESTING_HOST/metrics"
        auth:
          strategy: "bearer"
          token: "$SOURCE_TOKEN"

    transforms:


      better_stack_http_filter:


        type: "filter"


        inputs: [better_stack_kubernetes_parser]


        condition: .kubernetes.container_name == "my_important_container"


sources:
  # ...

transforms:
  better_stack_kubernetes_parser_$SOURCE_TOKEN:
    # ...


  better_stack_http_filter_$SOURCE_TOKEN:


    type: "filter"


    inputs: [better_stack_kubernetes_parser_$SOURCE_TOKEN]


    condition: .kubernetes.container_name == "my_important_container"


sinks:
  better_stack_http_sink_$SOURCE_TOKEN:
    type: "http"
    method: "post"
    uri: "https://$INGESTING_HOST/"
    encoding:
      codec: "json"
    compression: "gzip"
    auth:
      strategy: "bearer"
      token: "$SOURCE_TOKEN"

    inputs: ["better_stack_http_filter_$SOURCE_TOKEN"]


  better_stack_http_metrics_sink_$SOURCE_TOKEN:
    # ...

Previous article

Better Stack Docker logging

Next article

Better Stack Amazon ECS logging