FluentBit installation on Amazon EKS

This module installs FluentBit on Amazon EKS and create the necessary resources to send logs to CloudWatch.

It also opinionatedly configures FluentBit to send logs to CloudWatch and to exclude some log files from the application log group and include some log files in the platform log group. You can customize this behavior by using the dedicated variables.

Providers

Name	Version
helm	>= 2.0
kubernetes	>= 2.23

Requirements

Name	Version
terraform	>= 1.0
helm	>= 2.0
kubernetes	>= 2.23

Inputs

Name	Description	Type	Default	Required
additional_exclude_from_application_log_group	List of additional log files to exclude from the application log group. The element of this list will be prefixed with /var/log/containers/ and suffixed with *.log.	list(string)	[]	no
additional_filters	Filter block(s) to add to the FluentBit configuration. The filter block(s) must be in the format of a string.	string	""	no
additional_include_in_platform_log_group	List of additional log files to include in the platform log group. The element of this list will be prefixed with /var/log/containers/ and suffixed with *.log.	list(string)	[]	no
application_log_retention_days	The retention period for the application log group. Remember to check the valid values for the retention period in the AWS CloudWatch documentation.	number	30	no
aws_fluentbit_role_name	The name of the IAM role for FluentBit.	string	"fluentbit"	no
aws_region	The AWS region used to send logs to CloudWatch.	string	n/a	yes
cluster_name	The name of the EKS cluster.	string	n/a	yes
cluster_oidc_issuer_host	The OIDC issuer host for the EKS cluster.	string	n/a	yes
default_additional_include_in_platform_log_group	List of log files to include in the platform log group. This list is intended for the log files of the system AWS EKS applications, use the variable additional_include_in_platform_log_group to include custom log files. The element of this list will be prefixed with /var/log/containers/ and suffixed with *.log.	list(string)	[ "ebs-csi-controller", "ebs-csi-node", "efs-csi-controller", "efs-csi-node" ]	no
default_exclude_from_application_log_group	List of log files to exclude from the application log group. This list is intended for the log files of the system AWS EKS applications, use the variable additional_exclude_from_application_log_group to exclude custom log files. The element of this list will be prefixed with /var/log/containers/ and suffixed with *.log.	list(string)	[ "aws-load-balancer-controller", "aws-node", "cluster-autoscaler-aws-cluster-autoscaler", "coredns", "ebs-csi-controller", "ebs-csi-node", "efs-csi-controller", "efs-csi-node", "kube-proxy", "metric-server-metrics-server" ]	no
fluentbit_flush_seconds	The interval in seconds to flush the logs to CloudWatch.	number	15	no
fluentbit_http_server_enabled	Enable the HTTP server for fluentbit.	bool	false	no
fluentbit_http_server_port	Port for the HTTP server.	number	2020	no
fluentbit_log_retention_days	The retention period for the FluentBit log group. Remember to check the valid values for the retention period in the AWS CloudWatch documentation.	number	3	no
fluentbit_read_from_head	Start reading from the beginning of the log stream. Keep also the entries already stored.	string	"Off"	no
fluentbit_read_from_tail	Start reading new entries. Skip entries already stored.	string	"On"	no
fluentbit_send_fluentbit_logs_to_cloudwatch	Send FluentBit logs to CloudWatch.	bool	true	no
helm_additional_values	Additional values to be passed to the Helm chart.	list(string)	[]	no
helm_chart_version	The version of the aws-for-fluent-bit Helm chart.	string	"0.1.32"	no
helm_release_name	The name of the Helm release.	string	"fluentbit"	no
k8s_additional_labels	Additional labels to apply to the kubernetes resources.	map(string)	{}	no
k8s_default_labels	Labels to apply to the kubernetes resources. These are opinionated labels, you can add more labels using the variable additional_k8s_labels. If you want to remove a label, you can override it with an empty map(string).	map(string)	{ "managed-by": "terraform", "scope": "fluentbit" }	no
k8s_fluentbit_service_account_name	The name of the Kubernetes service account for FluentBit.	string	"fluentbit"	no
namespace	The namespace in which the Fluent Bit resources will be created.	string	"amazon-cloudwatch"	no
platform_log_retention_days	The retention period for the platform log group. Remember to check the valid values for the retention period in the AWS CloudWatch documentation.	number	14	no
role_policy_arns	The ARNs of the policies to attach to the IAM role.	list(string)	[ "arn:aws:iam::aws:policy/AWSXrayWriteOnlyAccess", "arn:aws:iam::aws:policy/CloudWatchAgentServerPolicy" ]	no

Outputs

Name	Description
final_exclude_from_application_log_group	The final list of log files to exclude from the application log group.
final_include_in_platform_log_group	The final list of log files to include in the platform log group.
finale_k8s_common_labels	The final list of common labels to apply to the Kubernetes resources.

Resources

Name	Type
helm_release.this	resource
kubernetes_namespace_v1.this	resource
kubernetes_secret_v1.this	resource
kubernetes_service_account_v1.this	resource

Modules

Name	Source	Version
iam_assumable_role_with_oidc_for_fluent_bit	terraform-aws-modules/iam/aws//modules/iam-assumable-role-with-oidc	~> 5.0