기본 샘플이라 생각하고 여기서 더 효율적으로 수정 반영이 가능합니다.
- 구성
- helm chart fluent-bit -> AWS Opensearch 전송
- Opensearch user, password 대신 IAM 권한으로 오픈서치에 연결
- helm chart fluent-bit -> AWS Opensearch 전송
# fluent-bit configmap
apiVersion: v1
data:
custom_parsers.conf: |
[PARSER]
Name custom-tag
Format regex
Regex ^(?<namespace_name>[^_]+)\.(?<pod_name>[a-z0-9](?:[-a-z0-9]*[a-z0-9])?(?:\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*)\.(?<container_name>.+)\.(?<container_id>[a-z0-9]{64})
[MULTILINE_PARSER]
Name multiline_regex
Type regex
Flush_Timeout 1000
Rule "start_state" "/^(\d+\-\d+\-\d+) (.*)/" "cont"
Rule "cont" "/^(?!\d+\-\d+\-\d+).*/" "cont"
fluent-bit.conf: |
[SERVICE]
Daemon Off
Flush 1
Log_Level info
Parsers_File custom_parsers.conf
HTTP_Server On
HTTP_Listen 0.0.0.0
HTTP_Port 2020
Health_Check On
[INPUT]
Name tail
Path /var/log/containers/*my-service*.log
Exclude_Path /var/log/containers/kube-*.log,/var/log/containers/eks-*.log,/var/log/containers/*-csi-*.log,/var/log/containers/aws-*.log,/var/log/containers/argocd-*.log,/var/log/containers/metrics-*.log,/var/log/containers/fluent-*.log
multiline.parser docker, cri
Tag my-service.<namespace_name>.<pod_name>.<container_name>.<container_id>
Tag_Regex (?<pod_name>[a-z0-9](?:[-a-z0-9]*[a-z0-9])?(?:\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*)_(?<namespace_name>[^_]+)_(?<container_name>.+)-(?<container_id>[a-z0-9]{64})\.log$
Mem_Buf_Limit 64MB
Skip_Long_Lines On
Skip_Empty_Lines On
Buffer_Chunk_Size 64KB
Buffer_Max_Size 256KB
[FILTER]
Name kubernetes
Match my-service.*
Kube_Tag_Prefix my-service.
Regex_Parser custom-tag
Kube_URL https://kubernetes.default.svc:443
Kube_CA_File /var/run/secrets/kubernetes.io/serviceaccount/ca.crt
Kube_Token_File /var/run/secrets/kubernetes.io/serviceaccount/token
Keep_Log Off
Merge_Log On
Merge_Log_Key log
K8S-Logging.Parser On
K8S-Logging.Exclude On
[FILTER]
Name multiline
Match my-service.*
Multiline.Parser multiline_regex
Multiline.key_content log
Buffer off
[OUTPUT]
Name opensearch
Match my-service.*
Host ${OPENSEARCH_ENDPOINT}
Port 443
#HTTP_User ${OPENSEARCH_USER}
#HTTP_Passwd ${OPENSEARCH_PASSWORD}
TLS On
AWS_Auth On
AWS_Region ${AWS_REGION}
Index ${INDEX_NAME}-%Y%m%d
Type _doc
Replace_Dots On
Suppress_Type_Name On
kind: ConfigMap
metadata:
annotations:
meta.helm.sh/release-name: fluent-bit
meta.helm.sh/release-namespace: logging
labels:
app.kubernetes.io/instance: fluent-bit
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: fluent-bit
app.kubernetes.io/version: 3.0.4
helm.sh/chart: fluent-bit-0.46.7
name: fluent-bit
namespace: logging
${} 로 감싸진 부분은 daemonset env 에서 넘겨줘야 합니다.
my-service 부분은 서비스 이름에 맞게 커스터마이징 할 수 있습니다.
env:
- name: TZ
value: Asia/Seoul
- name: OPENSEARCH_ENDPOINT
value: yourdomain.com
- name: AWS_REGION
value: ap-northeast-2
- name: INDEX_NAME
value: my-service-logs
오픈 서치 (OpenSearch) 에서 확인되는 모습
