Skip to content
Branch: master
Find file History
masahiro331 and k8s-ci-robot Add secuirty context for fluentd-cloudwatch (#11152)
Signed-off-by: masahiro331 <>
Latest commit c0c0d6a Mar 4, 2019
Type Name Latest commit message Commit time
Failed to load latest commit information.
values.yaml Add secuirty context for fluentd-cloudwatch (#11152) Mar 4, 2019

Fluentd CloudWatch


$ helm install incubator/fluentd-cloudwatch


This chart bootstraps a Fluentd Cloudwatch deployment on a Kubernetes cluster using the Helm package manager.


  • Kubernetes 1.4+ with Beta APIs enabled
  • kube2iam installed to used the awsRole config option

Installing the Chart

To install the chart with the release name my-release:

$ # use ec2 instance role credential
$ helm install --name my-release incubator/fluentd-cloudwatch
$ # or add aws_access_key_id and aws_access_key_id with the key/password of a AWS user with a policy to access  Cloudwatch
$ helm install --name my-release incubator/fluentd-cloudwatch --set awsAccessKeyId=aws_access_key_id_here --set awsSecretAccessKey=aws_secret_access_key_here
$ # or add a role to aws with the correct policy to add to cloud watch
$ helm install --name my-release incubator/fluentd-cloudwatch --set awsRole=roll_name_here

The command deploys Fluentd Cloudwatch on the Kubernetes cluster in the default configuration. The configuration section lists the parameters that can be configured during installation.

Uninstalling the Chart

To uninstall/delete the my-release deployment:

$ helm delete my-release

The command removes all the Kubernetes components associated with the chart and deletes the release.


The following table lists the configurable parameters of the Fluentd Cloudwatch chart and their default values.

Parameter Description Default
image.repository Image repository fluent/fluentd-kubernetes-daemonset
image.tag Image tag v0.12.43-cloudwatch
image.pullPolicy Image pull policy IfNotPresent
resources.limits.cpu CPU limit 100m
resources.limits.memory Memory limit 200Mi
resources.requests.cpu CPU request 100m
resources.requests.memory Memory request 200Mi
hostNetwork Host network false
podAnnotations Annotations {}
podSecurityContext Security Context {}
awsRegion AWS Cloudwatch region us-east-1
awsRole AWS IAM Role To Use nil
awsAccessKeyId AWS Access Key Id of a AWS user with a policy to access Cloudwatch nil
awsSecretAccessKey AWS Secret Access Key of a AWS user with a policy to access Cloudwatch nil
fluentdConfig Fluentd configuration example configuration
logGroupName AWS Cloudwatch log group kubernetes
rbac.create If true, create & use RBAC resources false
rbac.serviceAccountName existing ServiceAccount to use (ignored if rbac.create=true) default
tolerations Add tolerations []
extraVars Add pod environment variables (must be specified as a single line object) []
updateStrategy Define daemonset update strategy OnDelete
nodeSelector Node labels for pod assignment {}
affinity Node affinity for pod assignment {}

Starting with fluentd-kubernetes-daemonset v0.12.43-cloudwatch, the container runs as user fluentd. To be able to write pos files to the host system, you'll need to run fluentd as root. Add the following extraVars value to run as root.

"{ name: FLUENT_UID, value: '0' }"

Specify each parameter using the --set key=value[,key=value] argument to helm install. For example,

$ helm install --name my-release \
  --set awsRegion=us-east-1 \

Alternatively, a YAML file that specifies the values for the above parameters can be provided while installing the chart. For example,

$ helm install --name my-release -f values.yaml incubator/fluentd-cloudwatch
You can’t perform that action at this time.