In Kubernetes clusters, applications and system services generate a large number of logs. To facilitate analysis and storage of these logs, they can be collected in systems such as Elasticsearch, Loki, Kafka, Prometheus, and others.
Fluent Bit and Fluentd are tools for log collection and processing. However, configuring them in Kubernetes can be complex:
Fluent Operator simplifies this process by:
Instead of manually configuring Fluent Bit and Fluentd, you install Fluent Operator and describe the settings. The operator brings the cluster to the desired state and automatically updates the agents when the configuration changes.
Main Components
You can install Fluent Operator via the Hostman control panel:
The operator
section:
containerRuntime
: Defines the container runtime used. In our managed Kubernetes, containerd is used. This value does not need to be changed.logPath
: Log file path. For containerd, it is /var/log
.disableComponentControllers
: A list of Fluent Operator components to disable. Possible values: fluent-bit
and fluentd
. By default, both components are installed.The input
section:
enable: true
— Enables log collection from files located at /var/log/containers/*.log
.path: "/var/log/containers/*.log"
— Defines the path to container log files.refreshIntervalSeconds: 10
— The frequency (in seconds) for refreshing the log file list.memBufLimit: 100MB
— Memory limit for buffering.storageType: memory
— Storage type for the buffer. An alternative is filesystem, but a volume must be prepared in advance.readFromHead: false
— Starts reading logs from the end.skipLongLines: true
— Skips excessively long lines.enable: true
— Enables log collection from journald
.includeKubelet: true
— Includes kubelet logs from journald
.storageType: memory
— Sets the storage type for journald
log buffers.The output
section:
Lists the main output options. To enable each one, set enable: true
and specify the parameters:
es:
enable: false
host: "<Elasticsearch url>"
port: 9200
logstashPrefix: ks-logstash-log
bufferSize: 20MB
traceError: true
httpUser: "<username>"
httpPassword: "<password>"
Configuration for sending logs to Elasticsearch. Specify the service URL, port, and authentication credentials.
kafka:
enable: false
brokers: "<kafka broker list>"
topics: ks-log
bufferSize: 20MB
retryLimit: "10"
Configuration for sending logs to Kafka. Specify a comma-separated list of brokers and the topic for logs.
loki:
enable: false
retryLimit: "no_limits"
host: 127.0.0.1
port: 3100
httpUser: myuser
httpPassword: mypass
tenantId: "<tenant>"
Allows sending logs to Loki. Specify the host, port, credentials, and tenant ID.
stdout:
enable: true
Useful for testing, as it outputs logs to standard output (stdout).
The filter
section:
enable: false
— By default, multiline is disabled.go
, python
, java
, etc.) or add custom ones.enable: true
— Enables the Kubernetes filter to add pod metadata, such as namespace
, pod
, labels
, and annotations
.labels: false
, annotations: false
— By default, these fields are not added.enable: true
— Enables the filter for parsing Containerd logs.enable: true
— Enables the filter for parsing journald
logs.collector
— Deploys as a StatefulSet.agent
— Deploys as a DaemonSet (like Fluent Bit), meaning one agent per node.port: 24224
— The default Fluentd input for forwarding.es
, kafka
, opensearch
, etc.Uninstalling the add-on via the management panel is not supported, but it can be done manually. Follow these steps:
Delete the fluent-bit
object:
kubectl delete -n fluent-operator fluentbit/fluent-bit
Uninstall the fluent-operator
Helm release:
helm uninstall -n fluent-operator fluent-operator
Delete all CRDs related to fluent-operator
:
kubectl delete crd $(kubectl get crd | grep fluent | awk '{print $1}')
Check that all related resources and namespaces are removed:
kubectl get namespaces
After completing these steps, Fluent Operator will be completely removed from your cluster.