Using kubernetes fluentbit.fluent.io with nats
TypeScriptTo use Fluent Bit with NATS on a Kubernetes cluster, you would typically follow these steps:
-
Deploy a Fluent Bit DaemonSet to collect logs from all nodes in your cluster. Fluent Bit is a log processor and forwarder which allows you to collect data/logs from different sources, process/parse them, and send them to multiple destinations. When running in a Kubernetes cluster, Fluent Bit can be configured to automatically discover pods and enrich the logs with Kubernetes metadata.
-
Configure Fluent Bit to forward logs to a NATS cluster. NATS is a lightweight, high-performance messaging system for communication between distributed systems. It's fast and allows you to build robust, scalable messaging applications.
-
Deploy NATS on Kubernetes. You can run NATS on Kubernetes for scalability and ease of management. There are various deployment options available for NATS on Kubernetes, including using the NATS operator, Helm charts, or manual deployment.
Now let's consider the Pulumi program to achieve the above setup. The following program assumes that you have a running Kubernetes cluster managed by Pulumi and the
kubernetes
andfluentbit
providers are installed and configured.Here is a Pulumi program in TypeScript that demonstrates how to deploy Fluent Bit configured to forward logs to a NATS cluster. The program sets up the necessary service account, role, cluster role binding, configmap, and daemonset resources for Fluent Bit:
import * as k8s from "@pulumi/kubernetes"; // Create a Fluent Bit service account const fluentbitServiceAccount = new k8s.core.v1.ServiceAccount("fluentbit-service-account", { metadata: { name: "fluentbit-service-account", namespace: "logging", // Ensure the 'logging' namespace exists or pick a different one } }); // Create a role for the Fluent Bit pods to access necessary Kubernetes APIs const fluentbitRole = new k8s.rbac.v1.ClusterRole("fluentbit-role", { metadata: { name: "fluentbit-role", }, rules: [ // You may need to adjust permissions based on your specific requirements { apiGroups: [""], resources: ["pods", "namespaces"], verbs: ["get", "list", "watch"], }, ], }); // Bind the role to the Fluent Bit service account const fluentbitRoleBinding = new k8s.rbac.v1.ClusterRoleBinding("fluentbit-role-binding", { metadata: { name: "fluentbit-role-binding", }, subjects: [{ kind: "ServiceAccount", name: fluentbitServiceAccount.metadata.name, namespace: fluentbitServiceAccount.metadata.namespace, }], roleRef: { kind: "ClusterRole", name: fluentbitRole.metadata.name, apiGroup: "rbac.authorization.k8s.io", }, }); // Configure the Fluent Bit ConfigMap const fluentbitConfigMap = new k8s.core.v1.ConfigMap("fluentbit-config", { metadata: { name: "fluentbit-config", namespace: "logging", }, data: { // Example configuration for Fluent Bit output to NATS "fluent-bit.conf": ` [SERVICE] Flush 1 Log_Level info Daemon off Parsers_File parsers.conf [INPUT] Name tail Path /var/log/containers/*.log Parser docker Tag kube.* Refresh_Interval 5 # Adjust the configuration below to target your NATS deployment [OUTPUT] Name nats Match kube.* Host nats-cluster Port 4222 `, "parsers.conf": ` [PARSER] Name docker Format json Time_Key time Time_Format %Y-%m-%dT%H:%M:%S %z `, }, }); // Deploy Fluent Bit as a DaemonSet const fluentbitDaemonSet = new k8s.apps.v1.DaemonSet("fluentbit-daemonset", { metadata: { name: "fluentbit", namespace: "logging", }, spec: { selector: { matchLabels: { name: "fluentbit", } }, template: { metadata: { labels: { name: "fluentbit", }, }, spec: { serviceAccountName: fluentbitServiceAccount.metadata.name, containers: [ { name: "fluentbit", image: "fluent/fluent-bit:latest", volumeMounts: [ { name: "varlog", mountPath: "/var/log", }, { name: "config", mountPath: "/fluent-bit/etc/", }, ], }, ], volumes: [ { name: "varlog", hostPath: { path: "/var/log", }, }, { name: "config", configMap: { name: fluentbitConfigMap.metadata.name, }, }, ], }, }, }, });
This Pulumi program does the following:
- Defines a Kubernetes ServiceAccount for Fluent Bit (
fluentbitServiceAccount
). - Defines a ClusterRole with the necessary permissions for Fluent Bit to access pod and namespace resources (
fluentbitRole
). - Creates a ClusterRoleBinding to bind the ClusterRole to the Fluent Bit ServiceAccount (
fluentbitRoleBinding
). - Creates a ConfigMap with the Fluent Bit configuration, tailing container logs and specifying NATS as the output destination (
fluentbitConfigMap
). - Deploys Fluent Bit as a DaemonSet (
fluentbitDaemonSet
) to ensure that a Fluent Bit pod is running on each node of the Kubernetes cluster.
Please adapt the Fluent Bit configuration to your environment, specifically the
[OUTPUT]
section where you must replacenats-cluster
with the address of your NATS instance, and adjust the port if necessary. If you don't have a NATS cluster running yet, you'll need to deploy one and configure it accordingly.-