Skip to content

Latest commit

 

History

History
78 lines (62 loc) · 9.58 KB

README.md

File metadata and controls

78 lines (62 loc) · 9.58 KB

FluentBit installation on Amazon EKS

This module installs FluentBit on Amazon EKS and create the necessary resources to send logs to CloudWatch.

It also opinionatedly configures FluentBit to send logs to CloudWatch and to exclude some log files from the application log group and include some log files in the platform log group. You can customize this behavior by using the dedicated variables.

Providers

Name Version
helm >= 2.0
kubernetes >= 2.23

Requirements

Name Version
terraform >= 1.0
helm >= 2.0
kubernetes >= 2.23

Inputs

Name Description Type Default Required
additional_exclude_from_application_log_group List of additional log files to exclude from the application log group. The element of this list will be prefixed with /var/log/containers/ and suffixed with *.log. list(string) [] no
additional_filters Filter block(s) to add to the FluentBit configuration. The filter block(s) must be in the format of a string. string "" no
additional_include_in_platform_log_group List of additional log files to include in the platform log group. The element of this list will be prefixed with /var/log/containers/ and suffixed with *.log. list(string) [] no
application_log_retention_days The retention period for the application log group. Remember to check the valid values for the retention period in the AWS CloudWatch documentation. number 30 no
aws_fluentbit_role_name The name of the IAM role for FluentBit. string "fluentbit" no
aws_region The AWS region used to send logs to CloudWatch. string n/a yes
cluster_name The name of the EKS cluster. string n/a yes
cluster_oidc_issuer_host The OIDC issuer host for the EKS cluster. string n/a yes
default_additional_include_in_platform_log_group List of log files to include in the platform log group. This list is intended for the log files of the system AWS EKS applications, use the variable additional_include_in_platform_log_group to include custom log files. The element of this list will be prefixed with /var/log/containers/ and suffixed with *.log. list(string) 
[
  "ebs-csi-controller",
  "ebs-csi-node",
  "efs-csi-controller",
  "efs-csi-node"
]
 no
default_exclude_from_application_log_group List of log files to exclude from the application log group. This list is intended for the log files of the system AWS EKS applications, use the variable additional_exclude_from_application_log_group to exclude custom log files. The element of this list will be prefixed with /var/log/containers/ and suffixed with *.log. list(string) 
[
  "aws-load-balancer-controller",
  "aws-node",
  "cluster-autoscaler-aws-cluster-autoscaler",
  "coredns",
  "ebs-csi-controller",
  "ebs-csi-node",
  "efs-csi-controller",
  "efs-csi-node",
  "kube-proxy",
  "metric-server-metrics-server"
]
 no
fluentbit_flush_seconds The interval in seconds to flush the logs to CloudWatch. number 15 no
fluentbit_http_server_enabled Enable the HTTP server for fluentbit. bool false no
fluentbit_http_server_port Port for the HTTP server. number 2020 no
fluentbit_log_retention_days The retention period for the FluentBit log group. Remember to check the valid values for the retention period in the AWS CloudWatch documentation. number 3 no
fluentbit_read_from_head Start reading from the beginning of the log stream. Keep also the entries already stored. string "Off" no
fluentbit_read_from_tail Start reading new entries. Skip entries already stored. string "On" no
fluentbit_send_fluentbit_logs_to_cloudwatch Send FluentBit logs to CloudWatch. bool true no
helm_additional_values Additional values to be passed to the Helm chart. list(string) [] no
helm_chart_version The version of the aws-for-fluent-bit Helm chart. string "0.1.34" no
helm_release_name The name of the Helm release. string "fluentbit" no
k8s_additional_labels Additional labels to apply to the kubernetes resources. map(string) {} no
k8s_default_labels Labels to apply to the kubernetes resources. These are opinionated labels, you can add more labels using the variable additional_k8s_labels. If you want to remove a label, you can override it with an empty map(string). map(string) 
{
  "managed-by": "terraform",
  "scope": "fluentbit"
}
 no
k8s_fluentbit_service_account_name The name of the Kubernetes service account for FluentBit. string "fluentbit" no
namespace The namespace in which the Fluent Bit resources will be created. string "amazon-cloudwatch" no
platform_log_retention_days The retention period for the platform log group. Remember to check the valid values for the retention period in the AWS CloudWatch documentation. number 14 no
role_policy_arns The ARNs of the policies to attach to the IAM role. list(string) 
[
  "arn:aws:iam::aws:policy/AWSXrayWriteOnlyAccess",
  "arn:aws:iam::aws:policy/CloudWatchAgentServerPolicy"
]
 no

Outputs

Name Description
final_exclude_from_application_log_group The final list of log files to exclude from the application log group.
final_include_in_platform_log_group The final list of log files to include in the platform log group.
final_k8s_common_labels The final list of common labels to apply to the Kubernetes resources.

Resources

Name Type
helm_release.this resource
kubernetes_namespace_v1.this resource
kubernetes_secret_v1.this resource
kubernetes_service_account_v1.this resource

Modules

Name Source Version
iam_assumable_role_with_oidc_for_fluent_bit terraform-aws-modules/iam/aws//modules/iam-assumable-role-with-oidc ~> 5.0