Hello there, a quick question, we have an app that is using filebeat to ship logs, currently we're installing the filebeat package on the container itself, but due to a redesign we're toying with the idea of removing the package and using the filebeat container itself.
The simple case is a single node deploy where the app and filebeat containers would share a logs volume, the app writes and filebeat reads. In order to get this working we had to tweak the GID from the app to make it equal to the filebeat GID (1000). So far so good the trick works.
The trouble would be with a cluster deployment (our app in cluster), which would require a filebeat container for every one of the workers. I know the Pod concept would solve this for k8s but Docker based deployments would be way more verbose.
The current approach of shipping our Docker image with the filebeat package works fine for single and cluster deployments.
I read this post about using the filebeat container for shipping logs from the host itself through a mounted log file but my use case is a little more complex.
Is it a good practice to use the filebeat container like this to ship logs from another container or we should just keep using filebeat in our container?