Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

in_kubernetes_events: add k8s permission details #1396

Merged
merged 5 commits into from
Aug 16, 2024
Merged
Changes from 1 commit
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
11 changes: 9 additions & 2 deletions pipeline/inputs/kubernetes-events.md
Original file line number Diff line number Diff line change
Expand Up @@ -14,8 +14,8 @@ Kubernetes exports it events through the API server. This input plugin allows to
|---------------------|---------------------------------------------------------------------------------------|------------------------------------------------------|
| db | Set a database file to keep track of recorded Kubernetes events | |
| db.sync | Set a database sync method. values: extra, full, normal and off | normal |
| interval_sec | Set the polling interval for each channel. | 0 |
| interval_nsec | Set the polling interval for each channel (sub seconds: nanoseconds) | 500000000 |
| interval_sec | Set the reconnect interval (seconds)* | 0 |
| interval_nsec | Set the reconnect interval (sub seconds: nanoseconds)* | 500000000 |
| kube_url | API Server end-point | https://kubernetes.default.svc |
| kube_ca_file | Kubernetes TLS CA file | /var/run/secrets/kubernetes.io/serviceaccount/ca.crt |
| kube_ca_path | Kubernetes TLS ca path | |
Expand All @@ -28,8 +28,15 @@ Kubernetes exports it events through the API server. This input plugin allows to
| tls.verify | Enable or disable verification of TLS peer certificate. | On |
| tls.vhost | Set optional TLS virtual host. | |


- _* as of Fluent-Bit 3.1 this plugin uses a kubernetes watch stream instead of polling. The interval parameters in versions > 3.1 are used for reconnecting the kubernetes watch stream._
ryanohnemus marked this conversation as resolved.
Show resolved Hide resolved


## Getting Started

### Kubernetes Service Account
The kubernetes service account used by fluent-bit must have `get`, `list`, and `watch` permissions to `namespaces` and `pods` for the namespaces watched in the `kube_namespace` config parameter. If you are using the helm chart to set up fluent-bit, this role is included.

ryanohnemus marked this conversation as resolved.
Show resolved Hide resolved
### Simple Configuration File

In the following configuration file, the input plugin *kubernetes_events* collects events every 5 seconds (default for *interval_nsec*) and exposes them through the [standard output plugin](../outputs/standard-output.md) on the console.
Expand Down