Create Rsyslog Service in Kubernetes

Zhimin Wen
2 min readFeb 14
Image by Pavlo from Pixabay

One of the biggest benefit of Kubernetes is that you can build some once difficult infra services quickly, and disposable for testing purpose. Let’s create a rsyslog service on OpenShift.

Create Rsyslog Container Image

Create the following Dockerfile,

FROM ubuntu
RUN apt-get update && apt-get install -y rsyslog && mkdir -p /logs
COPY rsyslog.conf /rsyslog.conf
ENTRYPOINT ["rsyslogd", "-n", "-f", "/rsyslog.conf"]

We run the rsyslog with the “-n” option to let it run foreground as a normal process. The “-f” option supply the configuration file, which is shown as below,

module (load="imudp" )
input (type="imudp" port="514")
module (load="imtcp")
input (type="imtcp" port="514")

template (

action(type="omfile" dynaFile="LogsByDate")

The first 4 lines load the TCP and UDP module. Our syslog service will listen on both UDP/514 and TCP/514. We then create a string template which will be the log file name based on current date. Finally we will recieve the log entries and write it into the log file created dynamically based on the date. The omfile type is the module for the output file.

Build the image and push it into the openshift internal registry.

Deploy and Expose Syslog Service

Create a namespace syslog. Create a pvc with type of RWO.

apiVersion: v1
kind: PersistentVolumeClaim
name: logs
namespace: rsyslog
- ReadWriteOnce
storage: 1Gi
storageClassName: rook-ceph-block

As we are going to listen on lower system ports, we will run the container with OpenShift’ anyuid Security Context Constraint (SCC). Create a service account, assign it with the scc of anyuid,

oc -n rsyslog create sa rsyslog
oc adm policy add-scc-to-user anyuid -z rsyslog -n rsyslog

Create the following deployment.

apiVersion: apps/v1
kind: Deployment
name: rsyslog
namespace: rsyslog
app: rsyslog
replicas: 1
Zhimin Wen