--- apiVersion: v1 kind: ServiceAccount metadata: name: fluent-bit --- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: name: fluent-bit-read rules: - apiGroups: [""] resources: - namespaces - pods verbs: ["get", "list", "watch"] --- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding metadata: name: fluent-bit-read roleRef: apiGroup: rbac.authorization.k8s.io kind: ClusterRole name: fluent-bit-read subjects: - kind: ServiceAccount name: fluent-bit namespace: logging --- apiVersion: v1 kind: ConfigMap metadata: name: fluent-bit-config namespace: logging labels: app: fluent-bit annotations: reloader.stakater.com/match: "true" data: fluent-bit.conf: | [SERVICE] Flush 1 Log_Level warn Daemon off Parsers_File parsers.conf HTTP_Server On HTTP_Listen 0.0.0.0 HTTP_Port 2020 @INCLUDE input-kubernetes.conf @INCLUDE filter-kubernetes.conf @INCLUDE output-graylog.conf input-kubernetes.conf: | # Following assembles the log fragments of the Kubernetes runtime # https://github.com/fluent/fluent-bit/blob/d3c71f2ed4ff3625b85715aaefe6bc76b2ac3c2e/src/multiline/flb_ml_parser_docker.c#L57 [INPUT] name tail tag kube.* path /var/log/containers/*.log multiline.parser cri db /var/log/flb_kube.db mem_buf_limit 5MB skip_long_lines on refresh_interval 10 filter-kubernetes.conf: | # Following reassembles stack traces [FILTER] name multiline match * multiline.key_content log multiline.parser go,python,java # Following annotates the Kubernetes logs using Kubernetes API-s [FILTER] Name kubernetes Match kube.* Kube_URL https://kubernetes.default.svc:443 Kube_CA_File /var/run/secrets/kubernetes.io/serviceaccount/ca.crt Kube_Token_File /var/run/secrets/kubernetes.io/serviceaccount/token Kube_Tag_Prefix kube.var.log.containers. Merge_Log On K8S-Logging.Parser On K8S-Logging.Exclude Off # Following unnests the kubernetes map [FILTER] Name nest Match kube.* Operation lift Nested_under kubernetes Add_prefix kubernetes_ output-graylog.conf: | [OUTPUT] Name gelf Match * Host graylog-gelf-tcp Port 12201 Mode tcp Gelf_Host_Key kubernetes_host Gelf_Short_Message_Key log Retry_Limit no_limits parsers.conf: | # http://rubular.com/r/tjUt3Awgg4 [PARSER] Name cri Format regex Regex ^(?