From 9722e15a622f56217d57a78f2a9630e239515549 Mon Sep 17 00:00:00 2001 From: mborne Date: Wed, 11 Oct 2023 01:23:24 +0200 Subject: [PATCH] feat(fluent): add sample fluent-bit deploy --- fluent/k8s-deploy.sh | 31 ++ fluent/values.dist.yaml | 725 ++++++++++++++++++++++++++++++++++++++++ fluent/values.yaml | 94 ++++++ 3 files changed, 850 insertions(+) create mode 100644 fluent/k8s-deploy.sh create mode 100644 fluent/values.dist.yaml create mode 100644 fluent/values.yaml diff --git a/fluent/k8s-deploy.sh b/fluent/k8s-deploy.sh new file mode 100644 index 0000000..b4a3051 --- /dev/null +++ b/fluent/k8s-deploy.sh @@ -0,0 +1,31 @@ +#/bin/bash + +SCRIPT_DIR=$( cd -- "$( dirname -- "${BASH_SOURCE[0]}" )" &> /dev/null && pwd ) + +# Create namespace fluent if not exists +kubectl create namespace fluent --dry-run=client -o yaml | kubectl apply -f - + +# Deploy fluent-bit with helm +helm -n fluent upgrade --install fluent-bit oci://registry-1.docker.io/bitnamicharts/fluent-bit -f ${SCRIPT_DIR}/values.yaml + +# Allow fluent-bit sa to retreive infos about containers +cat < dnsPolicy is set to ClusterFirstWithHostNet +## +hostNetwork: false +## @param command Command for running the container (set to default if not set). Use array form +## +command: [] +## @param args Args for running the container (set to default if not set). Use array form +## +args: [] +## @param lifecycleHooks [object] Override default etcd container hooks +## +lifecycleHooks: {} +## @param extraEnvVars Extra environment variables to be set on fluent-bit container +## For example: +## - name: FOO +## value: BAR +## +extraEnvVars: [] +## @param extraEnvVarsCM Name of existing ConfigMap containing extra env vars +## +extraEnvVarsCM: "" +## @param extraEnvVarsSecret Name of existing Secret containing extra env vars +## +extraEnvVarsSecret: "" +## @param existingConfigMap Name of an existing ConfigMap with the Fluent Bit config file +## +existingConfigMap: "" +## @param hostAliases Deployment pod host aliases +## https://kubernetes.io/docs/concepts/services-networking/add-entries-to-pod-etc-hosts-with-host-aliases/ +## +hostAliases: [] +## @param replicaCount Number of Fluent Bit replicas +## +replicaCount: 1 +## Configure extra options for container's liveness, readiness and startup probes +## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes/#configure-probes +## @param livenessProbe.enabled Enable livenessProbe on nodes +## @param livenessProbe.initialDelaySeconds Initial delay seconds for livenessProbe +## @param livenessProbe.periodSeconds Period seconds for livenessProbe +## @param livenessProbe.timeoutSeconds Timeout seconds for livenessProbe +## @param livenessProbe.failureThreshold Failure threshold for livenessProbe +## @param livenessProbe.successThreshold Success threshold for livenessProbe +## +livenessProbe: + enabled: true + failureThreshold: 3 + initialDelaySeconds: 10 + periodSeconds: 10 + successThreshold: 1 + timeoutSeconds: 1 +## @param startupProbe.enabled Enable startupProbe on containers +## @param startupProbe.initialDelaySeconds Initial delay seconds for startupProbe +## @param startupProbe.periodSeconds Period seconds for startupProbe +## @param startupProbe.timeoutSeconds Timeout seconds for startupProbe +## @param startupProbe.failureThreshold Failure threshold for startupProbe +## @param startupProbe.successThreshold Success threshold for startupProbe +## +startupProbe: + enabled: true + initialDelaySeconds: 10 + periodSeconds: 10 + timeoutSeconds: 1 + failureThreshold: 15 + successThreshold: 1 +## @param readinessProbe.enabled Enable readinessProbe +## @param readinessProbe.initialDelaySeconds Initial delay seconds for readinessProbe +## @param readinessProbe.periodSeconds Period seconds for readinessProbe +## @param readinessProbe.timeoutSeconds Timeout seconds for readinessProbe +## @param readinessProbe.failureThreshold Failure threshold for readinessProbe +## @param readinessProbe.successThreshold Success threshold for readinessProbe +## +readinessProbe: + enabled: true + initialDelaySeconds: 10 + periodSeconds: 10 + timeoutSeconds: 1 + failureThreshold: 15 + successThreshold: 1 +## @param customLivenessProbe Custom livenessProbe that overrides the default one +## +customLivenessProbe: {} +## @param customStartupProbe [object] Override default startup probe +## +customStartupProbe: {} +## @param customReadinessProbe [object] Override default readiness probe +## +customReadinessProbe: {} +## Fluent Bit pods' resource requests and limits +## ref: https://kubernetes.io/docs/user-guide/compute-resources/ +## Minimum memory for development is 4GB and 2 CPU cores +## Minimum memory for production is 8GB and 4 CPU cores +## ref: http://docs.datastax.com/en/archived/fluent-bit/2.0/fluent-bit/architecture/architecturePlanningHardware_c.html +## +## We usually recommend not to specify default resources and to leave this as a conscious +## choice for the user. This also increases chances charts run on environments with little +## resources, such as Minikube. If you do want to specify resources, uncomment the following +## lines, adjust them as necessary, and remove the curly braces after 'resources:'. +## @param resources.limits The resources limits for Fluent Bit containers +## @param resources.requests The requested resources for Fluent Bit containers +## +resources: + ## Example: + ## limits: + ## cpu: 2 + ## memory: 4Gi + ## + limits: {} + ## Examples: + ## requests: + ## cpu: 2 + ## memory: 4Gi + ## + requests: {} +## @param extraVolumeMounts Optionally specify extra list of additional volumeMounts for fluent-bit container +## +extraVolumeMounts: [] +## Container ports to expose +## ref: https://kubernetes.io/docs/concepts/services-networking/service/#type-nodeport +containerPorts: + ## @param containerPorts.http Port for HTTP port + ## + http: 2020 +## Fluent Bit service parameters +## +service: + ## @param service.type Fluent Bit service type + ## + type: ClusterIP + ## Ports to expose + ## ref: https://kubernetes.io/docs/concepts/services-networking/service/#type-nodeport + ports: + ## @param service.ports.http Port for HTTP port + ## + http: 2020 + ## Node ports to expose + ## ref: https://kubernetes.io/docs/concepts/services-networking/service/#type-nodeport + nodePorts: + ## @param service.nodePorts.http Node port for HTTP port + ## + http: "" + ## @param service.extraPorts Extra ports to expose in the service (normally used with the `sidecar` value) + ## + extraPorts: [] + ## @param service.loadBalancerIP LoadBalancerIP if service type is `LoadBalancer` + ## ref: https://kubernetes.io/docs/concepts/services-networking/service/#internal-load-balancer + ## + loadBalancerIP: "" + ## @param service.loadBalancerSourceRanges Service Load Balancer sources + ## ref: https://kubernetes.io/docs/tasks/access-application-cluster/configure-cloud-provider-firewall/#restrict-access-for-loadbalancer-service + ## e.g: + ## loadBalancerSourceRanges: + ## - 10.10.10.0/24 + ## + loadBalancerSourceRanges: [] + ## @param service.clusterIP Service Cluster IP + ## e.g.: + ## clusterIP: None + ## + clusterIP: "" + ## @param service.externalTrafficPolicy Service external traffic policy + ## ref https://kubernetes.io/docs/tasks/access-application-cluster/create-external-load-balancer/#preserving-the-client-source-ip + ## + externalTrafficPolicy: Cluster + ## @param service.annotations Provide any additional annotations which may be required. + ## This can be used to set the LoadBalancer service type to internal only. + ## ref: https://kubernetes.io/docs/concepts/services-networking/service/#internal-load-balancer + ## + annotations: {} + ## @param service.sessionAffinity Session Affinity for Kubernetes service, can be "None" or "ClientIP" + ## If "ClientIP", consecutive client requests will be directed to the same Pod + ## ref: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies + ## + sessionAffinity: None + ## @param service.sessionAffinityConfig Additional settings for the sessionAffinity + ## sessionAffinityConfig: + ## clientIP: + ## timeoutSeconds: 300 + ## + sessionAffinityConfig: {} +## Fluent Bit serviceAccount parameters +## +serviceAccount: + ## @param serviceAccount.create Enables ServiceAccount + ## + create: true + ## @param serviceAccount.name ServiceAccount name + ## + name: "" + ## @param serviceAccount.annotations Annotations to add to all deployed objects + ## + annotations: {} + ## @param serviceAccount.automountServiceAccountToken Automount API credentials for a service account. + ## + automountServiceAccountToken: true +## Pod security context +## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod +## @param podSecurityContext.enabled Enabled Fluent Bit pods' Security Context +## @param podSecurityContext.fsGroup Set Fluent Bit pod's Security Context fsGroup +## +podSecurityContext: + enabled: true + fsGroup: 1001 +## Configure Container Security Context (only main container) +## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container +## @param containerSecurityContext.enabled Enabled Fluent Bit containers' Security Context +## @param containerSecurityContext.runAsUser Set Fluent Bit container's Security Context runAsUser +## @param containerSecurityContext.runAsNonRoot Force the container to be run as non root +## +containerSecurityContext: + enabled: true + runAsUser: 1001 + runAsNonRoot: true +## @param podAnnotations Additional pod annotations +## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/ +## +podAnnotations: {} +## @param podLabels Additional pod labels +## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/ +## +podLabels: {} +## @param podAffinityPreset Pod affinity preset. Ignored if `affinity` is set. Allowed values: `soft` or `hard` +## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity +## +podAffinityPreset: "" +## @param podAntiAffinityPreset Pod anti-affinity preset. Ignored if `affinity` is set. Allowed values: `soft` or `hard` +## Ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity +## +podAntiAffinityPreset: soft +## Node affinity preset +## Ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#node-affinity +## +nodeAffinityPreset: + ## @param nodeAffinityPreset.type Node affinity preset type. Ignored if `affinity` is set. Allowed values: `soft` or `hard` + ## + type: "" + ## @param nodeAffinityPreset.key Node label key to match. Ignored if `affinity` is set + ## + key: "" + ## @param nodeAffinityPreset.values Node label values to match. Ignored if `affinity` is set + ## E.g. + ## values: + ## - e2e-az1 + ## - e2e-az2 + ## + values: [] +## @param priorityClassName Server priorityClassName +## Ref: https://kubernetes.io/docs/concepts/configuration/pod-priority-preemption/ +## +priorityClassName: "" +## @param affinity Affinity for pod assignment +## Ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity +## NOTE: podAffinityPreset, podAntiAffinityPreset, and nodeAffinityPreset will be ignored when it's set +## +affinity: {} +## @param nodeSelector Node labels for pod assignment +## ref: https://kubernetes.io/docs/user-guide/node-selection/ +## +nodeSelector: {} +## @param tolerations Tolerations for pod assignment +## ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/ +## +tolerations: [] +## @param topologySpreadConstraints Topology Spread Constraints for pod assignment +## https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/ +## The value is evaluated as a template +## +topologySpreadConstraints: [] +## @param schedulerName Alternative scheduler +## ref: https://kubernetes.io/docs/tasks/administer-cluster/configure-multiple-schedulers/ +## +schedulerName: "" +## @param updateStrategy.type Fluent Bit deployment strategy type +## @param updateStrategy.rollingUpdate Fluent Bit deployment rolling update configuration parameters +## ref: https://kubernetes.io/docs/concepts/workloads/controllers/deployment/#strategy +## +updateStrategy: + type: RollingUpdate + rollingUpdate: {} +## @param extraVolumes Optionally specify extra list of additional volumes for fluent-bit container +## +extraVolumes: [] +## @param initContainers Add additional init containers to the fluent-bit pods +## +initContainers: [] +## @param sidecars Add additional sidecar containers to the fluent-bit pods +## +sidecars: [] + +## @section Fluent Bit configuration +## +config: + ## @param config.flush Interval to flush output (seconds) + ## + flush: 1 + ## @param config.logLevel Diagnostic level (error/warning/info/debug/trace) + ## + logLevel: info + ## @param config.service [string] Defines the global behaviour of the Fluent Bit engine. + ## + service: | + [SERVICE] + Flush {{ .Values.config.flush }} + Daemon Off + LogLevel {{ .Values.config.logLevel }} + Config_Watch On + HTTP_Server On + HTTP_Listen 0.0.0.0 + HTTP_Port {{ .Values.containerPorts.http }} + ## @param config.inputs [string] Defines the source from where Fluent Bit can collect data + ## https://docs.fluentbit.io/manual/pipeline/inputs + ## + inputs: | + [INPUT] + Name cpu + + ## @param config.filters [string] Set of plugins that can be used to filter, modify, or enrich log data that is processed by Fluent Bit. + ## https://docs.fluentbit.io/manual/pipeline/filters + ## Example: + ## filters: | + ## [FILTER] + ## Name kubernetes + ## Match kube.* + ## Merge_Log On + ## Keep_Log Off + ## K8S-Logging.Parser On + ## K8S-Logging.Exclude On + ## + filters: "" + ## @param config.outputs [string] Outputs to send the collected data to different destinations + ## https://docs.fluentbit.io/manual/pipeline/outputs + ## + outputs: | + [OUTPUT] + Name stdout + Match * + ## @param config.upstream This configuration is deprecated, please use `extraFiles` instead. + ## https://docs.fluentbit.io/manual/administration/configuring-fluent-bit/classic-mode/upstream-servers + ## + upstream: {} + ## @param config.customParsers [string] Custom parsers + ## https://docs.fluentbit.io/manual/pipeline/parsers + ## + customParsers: | + [PARSER] + Name docker_no_time + Format json + Time_Keep Off + Time_Key time + Time_Format %Y-%m-%dT%H:%M:%S.%L + ## @param config.extraFiles Extra config files + ## This allows adding more files with arbitary filenames to /fluent-bit/etc by providing key/value pairs. + ## The key becomes the filename, the value becomes the file content. + ## + extraFiles: {} +## Role Based Access +## Ref: https://kubernetes.io/docs/admin/authorization/rbac/ +## @param rbac.create Create Role and RoleBinding +## @param rbac.nodeAccess RBAC node access +## +rbac: + create: false + nodeAccess: false + ## @param rbac.rules Custom RBAC rules to set + ## e.g: + ## rules: + ## - apiGroups: + ## - "" + ## resources: + ## - pods + ## verbs: + ## - get + ## - list + ## + rules: [] + +## @section Autoscaling +## +autoscaling: + vpa: + ## @param autoscaling.vpa.enabled Enable VPA + ## + enabled: false + ## @param autoscaling.vpa.annotations Annotations for VPA resource + ## + annotations: {} + ## @param autoscaling.vpa.controlledResources VPA List of resources that the vertical pod autoscaler can control. Defaults to cpu and memory + ## + controlledResources: [] + ## @param autoscaling.vpa.maxAllowed VPA Max allowed resources for the pod + ## cpu: 200m + ## memory: 100Mi + maxAllowed: {} + ## @param autoscaling.vpa.minAllowed VPA Min allowed resources for the pod + ## cpu: 200m + ## memory: 100Mi + minAllowed: {} + ## @section VPA update policy + ## + updatePolicy: + ## @param autoscaling.vpa.updatePolicy.updateMode Autoscaling update policy Specifies whether recommended updates are applied when a Pod is started and whether recommended updates are applied during the life of a Pod + ## Possible values are "Off", "Initial", "Recreate", and "Auto". + ## + updateMode: Auto + hpa: + ## @param autoscaling.hpa.annotations Annotations for HPA resource + ## + annotations: {} + ## @param autoscaling.hpa.enabled Enable HPA + ## + enabled: false + ## @param autoscaling.hpa.minReplicas Min replicas + ## + minReplicas: 1 + ## @param autoscaling.hpa.maxReplicas Max replicas + ## + maxReplicas: 3 + ## @param autoscaling.hpa.targetCPUUtilizationPercentage Target CPU utilization percentage + ## + targetCPUUtilizationPercentage: 75 + ## @param autoscaling.hpa.targetMemoryUtilizationPercentage Target Memory utilization percentage + ## + targetMemoryUtilizationPercentage: "" + ## @param autoscaling.hpa.customRules Custom rules + ## + customRules: [] + ## @param autoscaling.hpa.behavior HPA Behavior + ## + behavior: {} + +## Configure the ingress resource that allows you to access the +## fluent-bit Console. Set up the URL +## ref: https://kubernetes.io/docs/user-guide/ingress/ +## +ingress: + ## @param ingress.enabled Enable ingress controller resource for fluentBit Console + ## + enabled: false + ## @param ingress.apiVersion Force Ingress API version (automatically detected if not set) + ## + apiVersion: "" + ## @param ingress.ingressClassName IngressClass that will be be used to implement the Ingress (Kubernetes 1.18+) + ## This is supported in Kubernetes 1.18+ and required if you have more than one IngressClass marked as the default for your cluster. + ## ref: https://kubernetes.io/blog/2020/04/02/improvements-to-the-ingress-api-in-kubernetes-1.18/ + ## + ingressClassName: "" + ## @param ingress.hostname Default host for the ingress resource + ## + hostname: fluent-bit.local + ## @param ingress.path The Path to fluentBit®. You may need to set this to '/*' in order to use this with ALB ingress controllers. + ## + path: / + ## @param ingress.pathType Ingress path type + ## + pathType: ImplementationSpecific + ## @param ingress.annotations Additional annotations for the Ingress resource. To enable certificate autogeneration, place here your cert-manager annotations. + ## For a full list of possible ingress annotations, please see + ## ref: https://github.com/kubernetes/ingress-nginx/blob/master/docs/user-guide/nginx-configuration/annotations.md + ## Use this parameter to set the required annotations for cert-manager, see + ## ref: https://cert-manager.io/docs/usage/ingress/#supported-annotations + ## + ## e.g: + ## annotations: + ## kubernetes.io/ingress.class: nginx + ## cert-manager.io/cluster-issuer: cluster-issuer-name + ## + annotations: {} + ## @param ingress.tls Enable TLS configuration for the hostname defined at `ingress.hostname` parameter + ## TLS certificates will be retrieved from a TLS secret with name: `{{- printf "%s-tls" .Values.ingress.hostname }}` + ## You can: + ## - Use the `ingress.secrets` parameter to create this TLS secret + ## - Rely on cert-manager to create it by setting the corresponding annotations + ## - Rely on Helm to create self-signed certificates by setting `ingress.selfSigned=true` + ## + tls: false + ## @param ingress.selfSigned Create a TLS secret for this ingress record using self-signed certificates generated by Helm + ## + selfSigned: false + ## @param ingress.extraHosts The list of additional hostnames to be covered with this ingress record. + ## Most likely the hostname above will be enough, but in the event more hosts are needed, this is an array + ## e.g: + ## extraHosts: + ## - name: fluent-bit.local + ## path: / + ## + extraHosts: [] + ## @param ingress.extraPaths Any additional paths that may need to be added to the ingress under the main host + ## For example: The ALB ingress controller requires a special rule for handling SSL redirection. + ## extraPaths: + ## - path: /* + ## backend: + ## serviceName: ssl-redirect + ## servicePort: use-annotation + ## + extraPaths: [] + ## @param ingress.extraTls The tls configuration for additional hostnames to be covered with this ingress record. + ## see: https://kubernetes.io/docs/concepts/services-networking/ingress/#tls + ## e.g: + ## extraTls: + ## - hosts: + ## - fluent-bit.local + ## secretName: fluent-bit.local-tls + ## + extraTls: [] + ## @param ingress.secrets If you're providing your own certificates, please use this to add the certificates as secrets + ## key and certificate are expected in PEM format + ## name should line up with a secretName set further up + ## + ## If it is not set and you're using cert-manager, this is unneeded, as it will create a secret for you with valid certificates + ## If it is not set and you're NOT using cert-manager either, self-signed certificates will be created valid for 365 days + ## It is also possible to create and manage the certificates outside of this helm chart + ## Please see README.md for more information + ## + ## Example + ## secrets: + ## - name: fluent-bit.local-tls + ## key: "" + ## certificate: "" + ## + secrets: [] + ## @param ingress.extraRules Additional rules to be covered with this ingress record + ## ref: https://kubernetes.io/docs/concepts/services-networking/ingress/#ingress-rules + ## e.g: + ## extraRules: + ## - host: example.local + ## http: + ## path: / + ## backend: + ## service: + ## name: example-svc + ## port: + ## name: http + ## + extraRules: [] + +## Fluent Bit Pod Disruption Budget +## ref: https://kubernetes.io/docs/concepts/workloads/pods/disruptions/ +## @param pdb.create Deploy a PodDisruptionBudget object for Fluent Bit deployment +## @param pdb.minAvailable Minimum available Fluent Bit replicas (expressed in percentage) +## @param pdb.maxUnavailable Maximum unavailable Fluent Bit replicas (expressed in percentage) +## +pdb: + create: false + minAvailable: "" + maxUnavailable: "50%" + +## Prometheus metrics +## +metrics: + ## @param metrics.enabled Enable the export of Prometheus metrics + ## + enabled: false + ## Prometheus Operator ServiceMonitor configuration + ## + serviceMonitor: + ## @param metrics.serviceMonitor.enabled if `true`, creates a Prometheus Operator ServiceMonitor (also requires `metrics.enabled` to be `true`) + ## + enabled: false + ## @param metrics.serviceMonitor.namespace Namespace in which Prometheus is running + ## + namespace: "" + ## @param metrics.serviceMonitor.annotations [object] Additional custom annotations for the ServiceMonitor + ## + annotations: + prometheus.io/scrape: "true" + prometheus.io/port: "{{ .Values.service.ports.http }}" + prometheus.io/path: "/metrics" + ## @param metrics.serviceMonitor.labels Extra labels for the ServiceMonitor + ## + labels: {} + ## @param metrics.serviceMonitor.jobLabel The name of the label on the target service to use as the job name in Prometheus + ## + jobLabel: "" + ## @param metrics.serviceMonitor.honorLabels honorLabels chooses the metric's labels on collisions with target labels + ## + honorLabels: false + ## @param metrics.serviceMonitor.interval Interval at which metrics should be scraped. + ## ref: https://github.com/coreos/prometheus-operator/blob/master/Documentation/api.md#endpoint + ## e.g: + ## interval: 10s + ## + interval: "" + ## @param metrics.serviceMonitor.scrapeTimeout Timeout after which the scrape is ended + ## ref: https://github.com/coreos/prometheus-operator/blob/master/Documentation/api.md#endpoint + ## e.g: + ## scrapeTimeout: 10s + ## + scrapeTimeout: "" + ## @param metrics.serviceMonitor.metricRelabelings Specify additional relabeling of metrics + ## + metricRelabelings: [] + ## @param metrics.serviceMonitor.relabelings Specify general relabeling + ## + relabelings: [] + ## @param metrics.serviceMonitor.selector Prometheus instance selector labels + ## ref: https://github.com/bitnami/charts/tree/main/bitnami/prometheus-operator#prometheus-configuration + ## selector: + ## prometheus: my-prometheus + ## + selector: {} + +## @param extraDeploy Array of extra objects to deploy with the release +## +extraDeploy: [] + diff --git a/fluent/values.yaml b/fluent/values.yaml new file mode 100644 index 0000000..0a1f799 --- /dev/null +++ b/fluent/values.yaml @@ -0,0 +1,94 @@ +daemonset: + enabled: true + +config: + ## https://docs.fluentbit.io/manual/pipeline/inputs + inputs: | + [INPUT] + Name tail + Path /var/log/containers/*.log + multiline.parser cri + Tag kube.* + Mem_Buf_Limit 5MB + Skip_Long_Lines On + + # [INPUT] + # Name systemd + # Tag host.* + # Systemd_Filter _SYSTEMD_UNIT=kubelet.service + # Read_From_Tail On + + ## https://docs.fluentbit.io/manual/pipeline/filters + filters: | + [FILTER] + Name kubernetes + Match kube.* + Merge_Log On + Keep_Log Off + Kube_Tag_Prefix kube.var.log.containers. + K8S-Logging.Parser On + K8S-Logging.Exclude On + [FILTER] + Name nest + Match kube.* + Wildcard pod_name + Operation lift + Nested_under kubernetes + Add_prefix kubernetes_ + [FILTER] + Name modify + Match kube.* + Copy kubernetes_pod_name host + [FILTER] + Name modify + Match kube.* + Rename message short_message + [FILTER] + Name modify + Match kube.* + Add log "none" + + outputs: | + [OUTPUT] + Name opensearch + Match kube.* + Host opensearch-cluster-master.opensearch + Port 9200 + Suppress_Type_Name On + Logstash_Format On + Logstash_Prefix logstash + HTTP_User admin + HTTP_Passwd admin + tls On + tls.verify Off + + +tolerations: + - key: node-role.kubernetes.io/master + operator: Exists + effect: NoSchedule + - operator: "Exists" + effect: "NoExecute" + - operator: "Exists" + effect: "NoSchedule" + +# volumeMounts: +# - name: varlog +# mountPath: /var/log +# - name: varlibdockercontainers +# mountPath: /var/lib/docker/containers +# readOnly: true +# - name: fluent-bit-config +# mountPath: /fluent-bit/etc/ +# terminationGracePeriodSeconds: 10 +# volumes: +# - name: varlog +# hostPath: +# path: /var/log +# - name: varlibdockercontainers +# hostPath: +# path: /var/lib/docker/containers +# - name: fluent-bit-config +# configMap: +# name: fluent-bit-config +# serviceAccountName: fluent-bit