/kubernetes-logging

Output adapters for Kubernetes, powered by Fluent Bit, for New Relic Logs.

Primary LanguageMustacheApache License 2.0Apache-2.0

New Relic Kubernetes Logging

Welcome to the New Relic Fluent Bit Output Plugin for Kubernetes! There are only a few quick steps to getting this working in your cluster.

Usage

Deploying as Helm chart (Recommended)

  • Clone this repo
  • Deploy the chart using your New Relic license key: helm install --set licenseKey=(your-license-key) ./helm/newrelic-logging
  • If you are in the EU, make sure that the license key you are using is an EU key. You will not need to specify the EU logging endpoint -- it will be inferred from the license key
  • Check the Logging product for your logs

Applying k8s manifests manually

  • Clone this repo
  • Configure the plugin. In new-relic-fluent-plugin.yml:
    • Specify your New Relic license key in the value for LICENSE_KEY
    • If you are in the EU:
      • Override the ENDPOINT environment variable to https://log-api.eu.newrelic.com/log/v1
      • Make sure that the license key you are using is an EU key
  • From this directory, run kubectl apply -f . on your cluster
  • Check the Logging product for your logs

Configuration notes

We default to tailing /var/log/containers/*.log. If you want to change what's tailed, just update the PATH value in new-relic-fluent-plugin.yml.

Parsing

We currently support parsing json and docker logs. If you want more parsing, feel free to add more parsers in fluent-conf.yml.

Here are some parsers for your parsing pleasure.

[PARSER]
    Name   apache
    Format regex
    Regex  ^(?<host>[^ ]*) [^ ]* (?<user>[^ ]*) \[(?<time>[^\]]*)\] "(?<method>\S+)(?: +(?<path>[^\"]*?)(?: +\S*)?)?" (?<code>[^ ]*) (?<size>[^ ]*)(?: "(?<referer>[^\"]*)" "(?<agent>[^\"]*)")?$
    Time_Key time
    Time_Format %d/%b/%Y:%H:%M:%S %z

[PARSER]
    Name   apache2
    Format regex
    Regex  ^(?<host>[^ ]*) [^ ]* (?<user>[^ ]*) \[(?<time>[^\]]*)\] "(?<method>\S+)(?: +(?<path>[^ ]*) +\S*)?" (?<code>[^ ]*) (?<size>[^ ]*)(?: "(?<referer>[^\"]*)" "(?<agent>[^\"]*)")?$
    Time_Key time
    Time_Format %d/%b/%Y:%H:%M:%S %z

[PARSER]
    Name   apache_error
    Format regex
    Regex  ^\[[^ ]* (?<time>[^\]]*)\] \[(?<level>[^\]]*)\](?: \[pid (?<pid>[^\]]*)\])?( \[client (?<client>[^\]]*)\])? (?<message>.*)$

[PARSER]
    Name   nginx
    Format regex
    Regex ^(?<remote>[^ ]*) (?<host>[^ ]*) (?<user>[^ ]*) \[(?<time>[^\]]*)\] "(?<method>\S+)(?: +(?<path>[^\"]*?)(?: +\S*)?)?" (?<code>[^ ]*) (?<size>[^ ]*)(?: "(?<referer>[^\"]*)" "(?<agent>[^\"]*)")?$
    Time_Key time
    Time_Format %d/%b/%Y:%H:%M:%S %z

Legal

This project is provided AS-IS WITHOUT WARRANTY OR SUPPORT, although you can report issues and contribute to the project here on GitHub.

RipSecrets

We implement pipeline secret scanning on all pull request events to prevent credentials from being merged. If the pipeline scanner detects a secret in your changed files it will gate the pull request and you will need to purge the found credential from your code and re-open the PR. To prevent getting gated by this tool and as best practice you should install the secret scanner locally in a pre-commit hook to prevent the secret from ever being committed to the repo in the first place. You can find documentation on how to set it up locally here
Ripsecrets has ways to bypass secret scanning although we should not be ignoring secrets that turn up in the scans. If something is out of your control and blocking the pipeline you can bypass it in one of the following ways

  1. Adding "# pragma: allowlist secret" to the end of the line with the secret.
  2. Adding the specific secret underneath the "[secrets]" block in .secretsignore
  3. Adding the filepath to ignore the whole file aboove the "[secrets]" block in .secretsignore