In this tutorial we will cover how to set up Fluent bit as a daemonSet to send logs from EKS cluster to CloudWatch logs
Prerequisites
- An existing AWS Identity and Access Management (IAM) OpenID Connect (OIDC) provider for your cluster
-
The
eksctl
command line tool installed on your computer. To install or update eksctl, see The eksctl command line utility. - The
kubectl
command line tool installed on your computer. The version must be the same, or up to two versions later than your cluster version. To install or upgradekubectl
, see Installing kubectl.
1./ Set up Fluent Bit as a DaemonSet
0. Change the below variables to yours.
ACCOUNT_ID=$(aws sts get-caller-identity --query Account --output text) AWS_REGION=YOUR_AWS_REGION EKS_CLUSTER_NAME=YOUR_EKS_CLUSTER_NAME
1. Create an IAM Policy to grant Fluent Bit Pod to ship logs to Cloudwatch:
curl -fsSL -o fluentbit_policy.json https://raw.githubusercontent.com/faudeltn/Kubernetes/master/EKS-FluentbitCloudWatch/policy.json aws iam create-policy \ --policy-name EKSFluentbitCloudwatchPolicy \ --policy-document file://fluentbit_policy.json
2. Create namespace named logging
by following command
kubectl create namespace logging
3. Create ServiceAccount for Fluent bit Pod.
eksctl create iamserviceaccount \ --name fluent-bit \ --namespace logging \ --cluster ${EKS_CLUSTER_NAME} \ --attach-policy-arn arn:aws:iam::${ACCOUNT_ID}:policy/EKSFluentbitCloudwatchPolicy \ --approve \ --override-existing-serviceaccounts
4. Run the following command to create a ConfigMap named fluent-bit-cluster-info
with the cluster name and the Region to send logs
FluentBitHttpPort='2020' FluentBitReadFromHead='Off' [[ ${FluentBitReadFromHead} = 'On' ]] && FluentBitReadFromTail='Off'|| FluentBitReadFromTail='On' [[ -z ${FluentBitHttpPort} ]] && FluentBitHttpServer='Off' || FluentBitHttpServer='On' kubectl create configmap fluent-bit-cluster-info \ --from-literal=cluster.name=${EKS_CLUSTER_NAME} \ --from-literal=http.server=${FluentBitHttpServer} \ --from-literal=http.port=${FluentBitHttpPort} \ --from-literal=read.head=${FluentBitReadFromHead} \ --from-literal=read.tail=${FluentBitReadFromTail} \ --from-literal=logs.region=${AWS_REGION} -n logging
5. Deploy Fluent bit as daemonset by the following command.
kubectl create -f https://raw.githubusercontent.com/faudeltn/Kubernetes/master/EKS-FluentbitCloudWatch/fluentbit.yaml \ -n logging
6. Validate the deployment by entering the following command. Each node should have one pod named fluent-bit-*
.
kubectl get pods -n logging NAME READY STATUS RESTARTS AGE fluent-bit-98j2p 1/1 Running 0 8m59s fluent-bit-mcrq5 1/1 Running 0 8m59s
2./ Verify the Fluent bit setup
1. Open the CloudWatch console at this Link. Make sure that you’re in the Region where you deployed Fluent Bit.
2. In the navigation pane, choose Logs.
3. Check the list of log groups in the Region. You should see the following:
4. Navigate to one of these log groups and check the Last Event Time for the log streams.
Conclusion
In this tutorial, you have learned how to send the containers logs fron your cluster EKS to Amazon CloudWatch using Fluentbit agent. For more details you can check the Amazon official documentation.