services/fluent-bit/0.21.6/defaults/cm.yaml

apiVersion: v1
kind: ConfigMap
metadata:
  name: fluent-bit-0.21.6-d2iq-defaults
  namespace: ${releaseNamespace}
data:
  values.yaml: |
    ---
    # overriding the default image tag to be consistent with logging-operator
    image:
      tag: 2.0.6

    resources:
      limits:
        memory: 750Mi
      requests:
        cpu: 350m
        memory: 250Mi

    priorityClassName: system-node-critical

    securityContext:
      privileged: true

    tolerations:
    - operator: Exists
      effect: NoSchedule
    - operator: Exists
      effect: NoExecute
    - operator: Exists
      key: CriticalAddonsOnly

    serviceMonitor:
        # right now disabled, as we need another solution for proper dependency on kube-prometheus-stack
        enabled: false

    podAnnotations:
      prometheus.io/scrape: "true"
      prometheus.io/path: /api/v1/metrics/prometheus
      prometheus.io/port: "2020"

    env:
    - name: FLUENT_BIT_NODE_NAME
      valueFrom:
        fieldRef:
          fieldPath: spec.nodeName

    extraVolumes:
    # we create this to have a persistent tail-db directory an all nodes
    # otherwise a restarted fluent-bit would rescrape all tails
    - name: tail-db
      hostPath:
        path: /var/log/tail-db
        type: DirectoryOrCreate
    # we create this to get rid of error messages that would appear on non control-plane nodes
    - name: kubernetes-audit
      hostPath:
        path: /var/log/kubernetes/audit
        type: DirectoryOrCreate
    # needed for kmsg input plugin
    - name: uptime
      hostPath:
        path: /proc/uptime
        type: File
    - name: kmsg
      hostPath:
        path: /dev/kmsg
        type: CharDevice
    extraVolumeMounts:
    - name: tail-db
      mountPath: /tail-db
    - name: kubernetes-audit
      mountPath: /var/log/kubernetes/audit
    - name: uptime
      mountPath: /proc/uptime
    - name: kmsg
      mountPath: /dev/kmsg

    config:
      ## https://docs.fluentbit.io/manual/service
      service: |
        [SERVICE]
            Flush 1
            Daemon Off
            Log_Level error
            Parsers_File parsers.conf
            Parsers_File custom_parsers.conf
            HTTP_Server On
            HTTP_Listen 0.0.0.0
            HTTP_Port 2020

      ## https://docs.fluentbit.io/manual/pipeline/inputs
      inputs: |
        # Collect audit logs, systemd logs, and kernel logs.
        # Pod logs are collected by the fluent-bit deployment managed by logging-operator.
        [INPUT]
            Name tail
            Alias kubernetes_audit
            Path /var/log/kubernetes/audit/*.log
            Parser kubernetes-audit
            DB /tail-db/audit.db
            Tag audit.*
            Refresh_Interval 10
            Rotate_Wait 5
            Mem_Buf_Limit 135MB
            Buffer_Chunk_Size 5MB
            Buffer_Max_Size 20MB
            Skip_Long_Lines Off
        [INPUT]
            Name systemd
            Alias kubernetes_host
            DB /tail-db/journal.db
            Tag host.*
            Max_Entries 1000
            Read_From_Tail On
            Strip_Underscores On
        [INPUT]
            Name kmsg
            Alias kubernetes_host_kernel
            Tag kernel

      ## https://docs.fluentbit.io/manual/pipeline/filters
      filters: |
        [FILTER]
            Name record_modifier
            Match audit.*
            Record host $${FLUENT_BIT_NODE_NAME}
        [FILTER]
            Name record_modifier
            Match kernel
            Record host $${FLUENT_BIT_NODE_NAME}

      ## https://docs.fluentbit.io/manual/pipeline/outputs
      outputs: |
        [OUTPUT]
            Name loki
            Match audit.*
            Alias kubernetes_audit
            Labels log_source=kubernetes_audit
            label_keys $verb,$user['username'],$objectRef['namespace'],$objectRef['resource']
            Host grafana-loki-loki-distributed-gateway.${releaseNamespace}.svc
            Port 80
            Retry_Limit 10
        [OUTPUT]
            Name loki
            Match host.*
            Alias kubernetes_host
            Labels log_source=kubernetes_host
            Host grafana-loki-loki-distributed-gateway.${releaseNamespace}.svc
            Port 80
            Retry_Limit 10
        [OUTPUT]
            Name loki
            Match kernel
            Alias kubernetes_host_kernel
            Labels log_source=kubernetes_host_kernel
            Host grafana-loki-loki-distributed-gateway.${releaseNamespace}.svc
            Port 80
            Retry_Limit 10

      ## https://docs.fluentbit.io/manual/pipeline/parsers
      customParsers: |
        [PARSER]
            Name kubernetes-audit
            Format json
            Time_Keep On
            Time_Key requestReceivedTimestamp
            Time_Format %Y-%m-%dT%H:%M:%S.%L

    testFramework:
      enabled: false