Fluentd YAML Files

title: “Fluentd YAML Files”
date: 2020-11-27T08:38:15
slug: fluentd-yaml-files

apiVersion: v1
kind: ServiceAccount
metadata:
 name: fluentd
 namespace: elasticsearch-azure
---

apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
 name: fluentd-role
 namespace: elastisearch-azure
rules:
 - apiGroups: [""]
 resources:
 - namespaces
 - pods
 - pods/logs
 verbs: ["get", "list", "watch"]
---

apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
 name: fluentd-role-binding
roleRef:
 apiGroup: rbac.authorization.k8s.io
 kind: ClusterRole
 name: fluentd-role
subjects:
 - kind: ServiceAccount
 name: fluentd
 namespace: elasticsearch-azure
---

apiVersion: extensions/v1beta1
kind: DaemonSet
metadata:
 name: fluentd
 namespace: elasticsearch-azure
 labels:
 k8s-app: fluentd-logging
 version: v1
spec:
 template:
 metadata:
 labels:
 k8s-app: fluentd-logging
 version: v1
 spec:
 serviceAccountName: fluentd
 tolerations:
 - key: node-role.kubernetes.io/master
 effect: NoSchedule
 containers:
 - name: fluentd
 image: fluent/fluentd-kubernetes-daemonset:v1-debian-elasticsearch
 envFrom:
 - secretRef:
 name: fluent-tls
 env:
 - name: FLUENT\_ELASTICSEARCH\_HOST
 value: "{{server\_namne}}"
 - name: FLUENT\_ELASTICSEARCH\_PORT
 value: "{port}"
 - name: FLUENT\_ELASTICSEARCH\_SCHEME
 value: "https"
 # Option to configure elasticsearch plugin with self signed certs
 # ================================================================
 - name: FLUENT\_ELASTICSEARCH\_SSL\_VERIFY
 value: "true"
 # Option to configure elasticsearch plugin with tls
 # ================================================================
 - name: FLUENT\_ELASTICSEARCH\_SSL\_VERSION
 value: "TLSv1\_2"
 resources:
 limits:
 memory: 200Mi
 requests:
 cpu: 100m
 memory: 200Mi
 volumeMounts:
 - name: varlog
 mountPath: /var/log
 - name: varlibdockercontainers
 mountPath: /var/lib/docker/containers
 readOnly: true
 - name: ssl
 mountPath: /fluent-tls/ssl
 readOnly: true
 terminationGracePeriodSeconds: 30
 volumes:
 - name: varlog
 hostPath:
 path: /var/log
 - name: varlibdockercontainers
 hostPath:
 path: /var/lib/docker/containers
 # certificates folder for filebeat
 - name: ssl
 secret:
 secretName: fluent-tls

kubectl create secret generic fluent-tls \
--from-file=ca\_file=./chain.pem \
--from-file=cert\_pem=./cert.pem \
--from-file=cert\_key=./cert.key
Print Friendly, PDF & Email