titan-iac/services/logging/fluent-bit-helmrelease.yaml

# services/logging/fluent-bit-helmrelease.yaml
apiVersion: helm.toolkit.fluxcd.io/v2
kind: HelmRelease
metadata:
  name: fluent-bit
  namespace: logging
spec:
  interval: 15m
  timeout: 10m
  chart:
    spec:
      chart: fluent-bit
      version: "~0.46.0"
      sourceRef:
        kind: HelmRepository
        name: fluent
        namespace: flux-system
  values:
    serviceAccount:
      create: true
    rbac:
      create: true
    tolerations:
      - key: node-role.kubernetes.io/control-plane
        operator: Exists
        effect: NoSchedule
      - key: node-role.kubernetes.io/master
        operator: Exists
        effect: NoSchedule
    extraVolumes:
      - name: runlogjournal
        hostPath:
          path: /run/log/journal
      - name: varlogjournal
        hostPath:
          path: /var/log/journal
      - name: fluentbit-state
        emptyDir:
          medium: Memory
          sizeLimit: 64Mi
    extraVolumeMounts:
      - name: runlogjournal
        mountPath: /run/log/journal
        readOnly: true
      - name: varlogjournal
        mountPath: /var/log/journal
        readOnly: true
      - name: fluentbit-state
        mountPath: /var/lib/fluent-bit
    config:
      service: |
        [SERVICE]
            Flush 1
            Log_Level info
            Daemon Off
            Parsers_File parsers.conf
            Parsers_File custom_parsers.conf
            HTTP_Server On
            HTTP_Listen 0.0.0.0
            HTTP_Port 2020
            storage.path /var/lib/fluent-bit/storage
            storage.sync normal
            storage.checksum on
            storage.backlog.mem_limit 50M
      inputs: |
        [INPUT]
            Name tail
            Tag kube.*
            Path /var/log/containers/*.log
            Exclude_Path /var/log/containers/*_POD_*.log
            Parser cri
            Mem_Buf_Limit 50MB
            Skip_Long_Lines On
            Refresh_Interval 10
            Rotate_Wait 30
            Inotify_Watcher false
            Read_from_Head On
            DB /var/lib/fluent-bit/kube.db
            storage.type filesystem

        [INPUT]
            Name systemd
            Tag journald.*
            Path /var/log/journal
            Read_From_Tail Off
            DB /var/lib/fluent-bit/systemd.db
            storage.type filesystem
      filters: |
        [FILTER]
            Name kubernetes
            Match kube.*
            Kube_URL https://kubernetes.default.svc:443
            Kube_CA_File /var/run/secrets/kubernetes.io/serviceaccount/ca.crt
            Kube_Token_File /var/run/secrets/kubernetes.io/serviceaccount/token
            Merge_Log On
            Keep_Log Off
            K8S-Logging.Parser On
            K8S-Logging.Exclude On
      outputs: |
        [OUTPUT]
            Name es
            Match kube.*
            Host opensearch-master.logging.svc.cluster.local
            Port 9200
            Workers 1
            Logstash_Format On
            Logstash_Prefix kube
            Replace_Dots On
            Suppress_Type_Name On
            Retry_Limit False

        [OUTPUT]
            Name es
            Match journald.*
            Host opensearch-master.logging.svc.cluster.local
            Port 9200
            Workers 1
            Logstash_Format On
            Logstash_Prefix journald
            Replace_Dots On
            Suppress_Type_Name On
            Retry_Limit False