/fluentd-kubernetes-daemonset

Fluentd daemonset for Kubernetes and it Docker image

Primary LanguageRubyApache License 2.0Apache-2.0

Fluentd Daemonset for Kubernetes

Docker Stars Docker Pulls ImageLayers Size ImageLayers Layers

Supported tags and respective Dockerfile links

See also dockerhub tags page: https://hub.docker.com/r/fluent/fluentd-kubernetes-daemonset/tags

Debian

Current stable

x86_64 images
arm64 images

You can also use v1-debian-PLUGIN tag to refer latest v1 image, e.g. v1-debian-elasticsearch. On production, strict tag is better to avoid unexpected update.

See dockerhub's tags page for older tags.

Old stable

v0.12 development has been ended. These images are never updated.

Alpine Linux (This is deprecated. Use Debian images instead)

What is Fluentd?

Fluentd Logo

Fluentd is an open source data collector, which lets you unify the data collection and consumption for a better use and understanding of data.

www.fluentd.org

Image versions

Fluentd versioning is as follows:

Series Description
v1.x current stable
v0.12 Old stable, no longer updated

Settings

Default image version

Default YAML uses latest v1 images like fluent/fluentd-kubernetes-daemonset:v1-debian-kafka. If you want to avoid unexpected image update, specify exact version for image like fluent/fluentd-kubernetes-daemonset:v1.8.0-debian-kafka-1.0.

Run as root

This is for v0.12 images.

In Kubernetes and default setting, fluentd needs root permission to read logs in /var/log and write pos_file to /var/log. To avoid permission error, you need to set FLUENT_UID environment variable to 0 in your Kubernetes configuration.

Use your configuration

These images have default configuration and support some environment variables for parameters but it sometimes doesn't fit your case. If you want to use your configuration, use ConfigMap feature.

Each image has following configurations:

  • fluent.conf: Destination setting, Elaticsearch, kafka and etc.
  • kubernetes.conf: k8s specific setting. tail input for log files and kubernetes_metadata filter
  • prometheus.conf: prometheus plugin for fluentd monitoring
  • systemd.conf: systemd plugin for collecting systemd-journal log. See also "Disable systemd input" section.

Overwrite conf file via ConfigMap. See also several examples:

Use FLUENT_CONTAINER_TAIL_EXCLUDE_PATH to exclude specific container logs

Since v1.9.3 or later images.

You can exclude container logs from /var/log/containers/ with FLUENT_CONTAINER_TAIL_EXCLUDE_PATH. If you have a trouble with specific log, use this envvar, e.g. ["/var/log/containers/logname-*"].

Disable systemd input

If you don't setup systemd in the container, fluentd shows following messages by default configuration.

[warn]: #0 [in_systemd_bootkube] Systemd::JournalError: No such file or directory retrying in 1s
[warn]: #0 [in_systemd_kubelet] Systemd::JournalError: No such file or directory retrying in 1s
[warn]: #0 [in_systemd_docker] Systemd::JournalError: No such file or directory retrying in 1s

You can suppress these messages by setting disable to FLUENTD_SYSTEMD_CONF environment variable in your kubernetes configuration.

Disable prometheus input plugins

By default, latest images launch prometheus plugins to monitor fluentd. You can disable prometheus input plugin by setting disable to FLUENTD_PROMETHEUS_CONF environment variable in your kubernetes configuration.

Disable sed execution on elasticsearch image

This is for older images. Latest elasticsearch images don't use sed.

By historical reason, elasaticsearch image executes sed command during startup phase when FLUENT_ELASTICSEARCH_USER or FLUENT_ELASTICSEARCH_PASSWORD is specified. This sometimes causes a problem with read only mount. To avoid this problem, set "true" to FLUENT_ELASTICSEARCH_SED_DISABLE environment variable in your kubernetes configuration.

Running on OpenShift

This daemonset setting mounts /var/log as service account fluentd so you need to run containers as privileged container. Here is command example:

oc project kube-system
oc create -f https://raw.githubusercontent.com/fluent/fluentd-kubernetes-daemonset/master/fluentd-daemonset-elasticsearch-rbac.yaml
oc adm policy add-scc-to-user privileged -z fluentd
oc patch ds fluentd -p "spec:
  template:
    spec:
      containers:
      - name: fluentd
        securityContext:
          privileged: true"
oc delete pod -l k8s-app=fluentd-logging

This is from nekop's japanese article.

Note

kafka image doesn't support zookeeper parameters

zookeeper gem doesn't work on Debian 10, so kafka image doesn't include zookeeper gem.

Windows k8s daemonset not supported in this repository

Maintainers don't have k8s experience on Windows. Some users create k8s daemonset on Windows:

Please check them out.

kafka image suggestion

Using debian-kafka2/debian-kafka2-arm64 images are better than using debian-kafka/debian-kafka-arm64 images. Because debian-kafka2/debian-kafka2-arm64 images use out_kafka2 plugin but debina-kafka/debian-kafka-arm64 images use deprecated out_kafka_buffered plugin.

Maintainers

Some images are contributed by users. If you have a problem/question for following images, ask it to contributors.

  • azureblob : @elsesiy
  • papertrail : @alexouzounis
  • kafka : @erhudy
  • graylog : @rtnpro
  • gcs : @andor-pierdelacabeza
  • Amazon Kinesis : @shiftky
  • logz.io : @SaMnCo / @jamielennox
  • splunkhec: @FutureSharks

Currently, we don't accept new destination request without contribution. See fluent#293

References

Kubernetes Logging with Fluentd

Issues

We can't notice comments in the DockerHub so don't use them for reporting issues or asking question.

If you have any problems with or questions about this image, please contact us through a GitHub issue.

Pull Request

Update templates files instead of docker-image files. docker-image files are automatically generated from templates.

Note: This file is generated from templates/README.md.erb