EKS Fargate Logging

Amazon EKS클러스터에 대한 AWS Fargate 로깅 시작하기 - Amazon EKS

Amazon Web ServicesFluent Bit for Amazon EKS on AWS Fargate is here | Amazon Web Services

ENV

EKS_CLUSTER_NAME="<CLUSTER_NAME>"
EKS_NODE_GROUP_NAME="<NODE_GROUP_NAME>"
ACCOUNT_ID=$(aws sts get-caller-identity --query "Account" --output text)
REGION_CODE=$(aws configure get default.region --output text)
Shell
복사

Namespace

kind: Namespace
apiVersion: v1
metadata:
  name: aws-observability
  labels:
    aws-observability: enabled
YAML
복사

kubectl apply -f aws-observability-namespace.yaml
Shell
복사

OIDC

eksctl utils associate-iam-oidc-provider --region=$REGION_CODE --cluster=$EKS_CLUSTER_NAME --approve
Shell
복사

IAM Role Attach Policy

curl -o permissions.json https://raw.githubusercontent.com/aws-samples/amazon-eks-fluent-logging-examples/mainline/examples/fargate/cloudwatchlogs/permissions.json
FARGATE_POLICY_ARN=$(aws --region "$REGION_CODE" --query Policy.Arn --output text iam create-policy --policy-name fargate-policy --policy-document file://permissions.json)
FARGATE_ROLE_NAME=$(aws iam list-roles --query "Roles[?contains(RoleName, 'eksctl-$EKS_CLUSTER_NAME-c-FargatePodExecutionRole')].RoleName" --output text)
NODE_GROUP=$(aws iam get-role --role-name $FARGATE_ROLE_NAME --query "Role.RoleName" --output text)
NODE_GROUP_ROLE_NAME=$(aws eks describe-nodegroup --cluster-name $EKS_CLUSTER_NAME --nodegroup-name $EKS_NODE_GROUP_NAME --query 'nodegroup.nodeRole' --output text | awk -F/ '{print $NF}')
Shell
복사

aws iam attach-role-policy --policy-arn $FARGATE_POLICY_ARN --role-name $NODE_GROUP
aws iam attach-role-policy --policy-arn arn:aws:iam::aws:policy/CloudWatchFullAccess --role-name $NODE_GROUP_ROLE_NAME
Shell
복사

eksctl list roles check

aws iam list-roles | grep 'eksctl-'
Shell
복사

ConfigMap

kind: ConfigMap
apiVersion: v1
metadata:
  name: aws-logging
  namespace: aws-observability
data:
  flb_log_cw: "false" # Set to true to ship Fluent Bit process logs to CloudWatch.
  filters.conf: |
    [FILTER]
        Name parser
        Match *
        Key_name log
        Parser crio
    [FILTER]
        Name kubernetes
        Match kube.*
        Merge_Log On
        Keep_Log Off
        Buffer_Size 0
        Kube_Meta_Cache_TTL 300s
  output.conf: |
    [OUTPUT]
        Name cloudwatch_logs
        Match   kube.*
        region ap-northeast-2
        log_group_name fluent-bit-cloudwatch
        log_stream_prefix from-fluent-bit-
        log_retention_days 60
        auto_create_group true
  parsers.conf: |
    [PARSER]
        Name crio
        Format Regex
        Regex ^(?<time>[^ ]+) (?<stream>stdout|stderr) (?<logtag>P|F) (?<log>.*)$
        Time_Key    time
        Time_Format %Y-%m-%dT%H:%M:%S.%L%z
YAML
복사

kubectl apply -f aws-logging-cloudwatch-configmap.yaml
Shell
복사

Add Log & Check Log

kubectl exec -it -n skills deployment.apps/skills-app-deployment -- curl localhost:8080/healthcheck > /dev/null 2>&1
kubectl logs -n skills deployment.apps/skills-app-deployment -c skills-app
Shell
복사