--- apiVersion: v1 kind: Namespace metadata: name: fluent-bit --- apiVersion: v1 kind: Secret metadata: name: fluent-bit-auth namespace: fluent-bit type: Opaque data: username: dXNlcg== password: eHh4LXh4eC14eHgteHh4LXh4eA== --- apiVersion: v1 kind: ServiceAccount metadata: name: fluent-bit namespace: fluent-bit --- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: name: fluent-bit-read rules: - apiGroups: [""] resources: ["pods"] verbs: ["get", "list", "watch"] --- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding metadata: name: fluent-bit-read roleRef: apiGroup: rbac.authorization.k8s.io kind: ClusterRole name: fluent-bit-read subjects: - kind: ServiceAccount name: fluent-bit namespace: fluent-bit --- apiVersion: v1 kind: ConfigMap metadata: name: fluent-bit-config namespace: fluent-bit data: fluent-bit.conf: | [SERVICE] Flush 1 Log_Level error Parsers_File parsers.conf [INPUT] Name tail Path /var/log/containers/*.log Parser docker Tag kube.* Mem_Buf_Limit 5MB Skip_Long_Lines On [INPUT] Name systemd Tag host.journald Path /run/log/journal DB /var/log/flb_journald.db Read_From_Tail On [FILTER] Name kubernetes Match kube.* Kube_URL https://kubernetes.default.svc:443 Merge_Log On K8S-Logging.Exclude Off Labels On Annotations On [FILTER] Name grep Match kube.* Exclude container_name ingress-nginx [FILTER] Name modify Match * Add node ${NODE_NAME} [FILTER] Name modify Match host.journald Add log_type host Add environment production [OUTPUT] Name http Match * Host logs.clearwater.20c.dev Port 443 URI /insert/jsonline?_stream_fields=stream,node&_msg_field=log&_time_field=date Format json_lines json_date_format iso8601 HTTP_User ${FLUENTBIT_USER} HTTP_Passwd ${FLUENTBIT_PASSWORD} tls On parsers.conf: | [PARSER] Name docker Format json Time_Key time Time_Format %Y-%m-%dT%H:%M:%S.%L Time_Keep On --- apiVersion: apps/v1 kind: DaemonSet metadata: name: fluent-bit namespace: fluent-bit labels: k8s-app: fluent-bit spec: selector: matchLabels: k8s-app: fluent-bit template: metadata: labels: k8s-app: fluent-bit spec: serviceAccountName: fluent-bit tolerations: - key: "CriticalAddonsOnly" operator: "Exists" effect: "NoExecute" - key: "node-role.kubernetes.io/control-plane" operator: "Exists" effect: "NoSchedule" containers: - name: fluent-bit image: fluent/fluent-bit:latest volumeMounts: - name: varlog mountPath: /var/log - name: journal mountPath: /run/log/journal - name: config mountPath: /fluent-bit/etc/ env: - name: FLUENTBIT_USER valueFrom: secretKeyRef: name: fluent-bit-auth key: username - name: FLUENTBIT_PASSWORD valueFrom: secretKeyRef: name: fluent-bit-auth key: password - name: NODE_NAME valueFrom: fieldRef: fieldPath: spec.nodeName hostAliases: - ip: "10.31.101" hostnames: - "logs.somehost" terminationGracePeriodSeconds: 10 volumes: - name: varlog hostPath: path: /var/log - name: journal hostPath: path: /run/log/journal - name: config configMap: name: fluent-bit-config