Fluentbit to CloudWatch

EKS_CLUSTER_NAME="<CLUSTER_NAME>" REGION_CODE="<AWS_REGION>" EKS_NODE_GROUP_NAME="<NODE_GROUP_NAME>" AWS_ACCOUNT_ID="$(aws sts get-caller-identity --query Account --output text)"

cat << EOF > fluent-bit-cloudwatch-policy.json { "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": [ "logs:CreateLogGroup", "logs:CreateLogStream", "logs:PutLogEvents", "logs:DescribeLogStreams", "logs:DescribeLogGroups" ], "Resource": [ "arn:aws:logs:*:*:log-group:finance-ns/app:*", "arn:aws:logs:*:*:log-group:finance-ns/app" ] } ] } EOF

aws iam create-policy --policy-name FluentBitCloudWatchLogsPolicy --policy-document file://fluent-bit-cloudwatch-policy.json

eksctl create iamserviceaccount \ --cluster=$EKS_CLUSTER_NAME\ --namespace=fluent-bit \ --name=fluent-bit-app \ --role-name FluentBitIAMRole \ --attach-policy-arn=arn:aws:iam::$AWS_ACCOUNT_ID:policy/FluentBitCloudWatchLogsPolicy \ --approve

apiVersion: v1 kind: Namespace metadata: name: fluent-bit labels: name: amazon-cloudwatch

kubectl apply -f ns.yaml

FluentBitHttpPort='2020' FluentBitReadFromHead='Off' [[ ${FluentBitReadFromHead} = 'On' ]] && FluentBitReadFromTail='Off'|| FluentBitReadFromTail='On' [[ -z ${FluentBitHttpPort} ]] && FluentBitHttpServer='Off' || FluentBitHttpServer='On' kubectl create configmap fluent-bit-cluster-info-app \ --from-literal=cluster.name=${EKS_CLUISTER_NAME} \ --from-literal=http.server=${FluentBitHttpServer} \ --from-literal=http.port=${FluentBitHttpPort} \ --from-literal=read.head=${FluentBitReadFromHead} \ --from-literal=read.tail=${FluentBitReadFromTail} \ --from-literal=logs.region=${REGION_CODE} -n fluent-bit

apiVersion: v1 kind: ConfigMap metadata: name: fluent-bit-app-config namespace: fluent-bit labels: k8s-app: fluent-bit data: fluent-bit.conf: | [SERVICE] Flush 5 Grace 30 Log_Level error Daemon off HTTP_Server ${HTTP_SERVER} HTTP_Listen 0.0.0.0 HTTP_Port ${HTTP_PORT} storage.path /var/fluent-bit/state/flb-storage/ storage.sync normal storage.checksum off storage.backlog.mem_limit 5M [INPUT] Name tail Tag kube.* Path /var/log/containers/finance-user-dpm*.log multiline.parser docker, cri DB /var/fluent-bit/state/flb_container.db Mem_Buf_Limit 50MB Skip_Long_Lines On Refresh_Interval 10 Rotate_Wait 30 storage.type filesystem Read_from_Head ${READ_FROM_HEAD} [OUTPUT] Name cloudwatch_logs Match kube.* region ${AWS_REGION} log_group_name finance-ns/app log_stream_prefix ${HOST_NAME}- auto_create_group true

kubectl apply -f configmap.yaml

apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: name: fluent-bit-app-role rules: - nonResourceURLs: - /metrics verbs: - get - apiGroups: [""] resources: - namespaces - pods - pods/logs - nodes - nodes/proxy verbs: ["get", "list", "watch"] --- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding metadata: name: fluent-bit-app-role-binding roleRef: apiGroup: rbac.authorization.k8s.io kind: ClusterRole name: fluent-bit-app-role subjects: - kind: ServiceAccount name: fluent-bit-app namespace: fluent-bit

kubectl apply -f rbac.yaml

apiVersion: apps/v1 kind: DaemonSet metadata: name: fluent-bit namespace: fluent-bit labels: k8s-app: fluent-bit version: v1 kubernetes.io/cluster-service: "true" spec: selector: matchLabels: k8s-app: fluent-bit template: metadata: labels: k8s-app: fluent-bit version: v1 kubernetes.io/cluster-service: "true" spec: containers: - name: fluent-bit image: public.ecr.aws/aws-observability/aws-for-fluent-bit:stable imagePullPolicy: Always env: - name: AWS_REGION valueFrom: configMapKeyRef: name: fluent-bit-cluster-info-app key: logs.region - name: CLUSTER_NAME valueFrom: configMapKeyRef: name: fluent-bit-cluster-info-app key: cluster.name - name: HTTP_SERVER valueFrom: configMapKeyRef: name: fluent-bit-cluster-info-app key: http.server - name: HTTP_PORT valueFrom: configMapKeyRef: name: fluent-bit-cluster-info-app key: http.port - name: READ_FROM_HEAD valueFrom: configMapKeyRef: name: fluent-bit-cluster-info-app key: read.head - name: READ_FROM_TAIL valueFrom: configMapKeyRef: name: fluent-bit-cluster-info-app key: read.tail - name: HOST_NAME valueFrom: fieldRef: fieldPath: spec.nodeName - name: HOSTNAME valueFrom: fieldRef: apiVersion: v1 fieldPath: metadata.name - name: CI_VERSION value: "k8s/1.3.23" resources: limits: memory: 200Mi requests: cpu: 500m memory: 100Mi volumeMounts: - name: fluentbitstate mountPath: /var/fluent-bit/state - name: varlog mountPath: /var/log readOnly: true - name: varlibdockercontainers mountPath: /var/lib/docker/containers readOnly: true - name: fluent-bit-app-config mountPath: /fluent-bit/etc/ - name: runlogjournal mountPath: /run/log/journal readOnly: true - name: dmesg mountPath: /var/log/dmesg readOnly: true terminationGracePeriodSeconds: 10 hostNetwork: true dnsPolicy: ClusterFirstWithHostNet volumes: - name: fluentbitstate hostPath: path: /var/fluent-bit/state - name: varlog hostPath: path: /var/log - name: varlibdockercontainers hostPath: path: /var/lib/docker/containers - name: fluent-bit-app-config configMap: name: fluent-bit-app-config - name: runlogjournal hostPath: path: /run/log/journal - name: dmesg hostPath: path: /var/log/dmesg serviceAccountName: fluent-bit-app nodeSelector: kubernetes.io/os: linux

kubectl apply -f daemonset.yaml