Skip to content

fluentbit values.yaml📜

elasticsearch📜

Type: object

Default value
name: ''

Description: Configuration for Elasticsearch interaction

elasticsearch.name📜

Type: string

Default value
""

Description: Name is only used at the BB level for host templating

istio📜

Type: object

Default value
enabled: false
hardened:
  customAuthorizationPolicies: []
  customServiceEntries: []
  enabled: false
  outboundTrafficPolicyMode: REGISTRY_ONLY
mtls:
  mode: STRICT

Description: Configuration for Istio interaction

istio.enabled📜

Type: bool

Default value
false

Description: Toggle currently only controls NetworkPolicies

istio.mtls📜

Type: object

Default value
mode: STRICT

Description: Default peer authentication setting

istio.mtls.mode📜

Type: string

Default value
"STRICT"

Description: STRICT = Allow only mutual TLS traffic PERMISSIVE = Allow both plain text and mutual TLS traffic

networkPolicies.enabled📜

Type: bool

Default value
false

networkPolicies.controlPlaneCidr📜

Type: string

Default value
"0.0.0.0/0"

networkPolicies.additionalPolicies📜

Type: list

Default value
[]

additionalOutputs📜

Type: object

Default value
disableDefault: false
elasticsearch:
  additionalConfig: {}
  caCert: ''
  host: ''
  match:
  - kube.*
  - host.*
  password: ''
  port: 9200
  tls: true
  tlsVerify: false
  user: elastic
fluentd:
  additionalConfig: {}
  caCert: ''
  host: ''
  match:
  - kube.*
  - host.*
  password: ''
  port: 24224
  sharedKey: ''
  tls: true
  tlsVerify: false
  user: ''
loki:
  additionalConfig: {}
  caCert: ''
  host: ''
  match:
  - kube.*
  - host.*
  password: ''
  port: 3100
  tls: false
  tlsVerify: false
  user: ''
s3:
  additionalConfig:
    total_file_size: 1M
    upload_timeout: 1m
    use_put_object: 'On'
  aws_access_key_id: ''
  aws_secret_access_key: ''
  bucket: ''
  existingSecret: ''
  match:
  - kube.*
  - host.*
  region: us-east-1

Description: Additional Outputs for Big Bang, these are wrappers to simplify the config of outputs and extend whatever is specified under the outputs values

additionalOutputs.disableDefault📜

Type: bool

Default value
false

Description: Option to disable the default elastic output configured under outputs, this only works at the Big Bang chart level

additionalOutputs.elasticsearch📜

Type: object

Default value
additionalConfig: {}
caCert: ''
host: ''
match:
- kube.*
- host.*
password: ''
port: 9200
tls: true
tlsVerify: false
user: elastic

Description: Options to enable an additional elastic output

additionalOutputs.elasticsearch.tls📜

Type: bool

Default value
true

Description: Toggle on TLS

additionalOutputs.elasticsearch.tlsVerify📜

Type: bool

Default value
false

Description: Verify TLS certificates, requires a caCert to be specified

additionalOutputs.elasticsearch.caCert📜

Type: string

Default value
""

Description: Full ca.crt specified as multiline string, see example

additionalOutputs.elasticsearch.additionalConfig📜

Type: object

Default value
{}

Description: Reference configuration parameters provided by Fluentbit - https://docs.fluentbit.io/manual/pipeline/outputs/elasticsearch

additionalOutputs.fluentd📜

Type: object

Default value
additionalConfig: {}
caCert: ''
host: ''
match:
- kube.*
- host.*
password: ''
port: 24224
sharedKey: ''
tls: true
tlsVerify: false
user: ''

Description: Options to enable a fluentd output

additionalOutputs.fluentd.sharedKey📜

Type: string

Default value
""

Description: Overridden by username and password

additionalOutputs.fluentd.tls📜

Type: bool

Default value
true

Description: Toggle on TLS

additionalOutputs.fluentd.tlsVerify📜

Type: bool

Default value
false

Description: Verify TLS certificates, requires a caCert to be specified

additionalOutputs.fluentd.caCert📜

Type: string

Default value
""

Description: Full ca.crt specified as multiline string, see example

additionalOutputs.fluentd.additionalConfig📜

Type: object

Default value
{}

Description: Reference configuration parameters provided by Fluentbit - https://docs.fluentbit.io/manual/pipeline/outputs/forward

additionalOutputs.loki📜

Type: object

Default value
additionalConfig: {}
caCert: ''
host: ''
match:
- kube.*
- host.*
password: ''
port: 3100
tls: false
tlsVerify: false
user: ''

Description: Options to enable a loki output

additionalOutputs.loki.user📜

Type: string

Default value
""

Description: User and Password are optional - only required if running proxy in front of Loki, see https://grafana.com/docs/loki/latest/operations/authentication/

additionalOutputs.loki.tls📜

Type: bool

Default value
false

Description: Toggle on TLS - disabled by default to support in cluster Loki

additionalOutputs.loki.tlsVerify📜

Type: bool

Default value
false

Description: Verify TLS certificates, requires a caCert to be specified

additionalOutputs.loki.caCert📜

Type: string

Default value
""

Description: Full ca.crt specified as multiline string, see example

additionalOutputs.loki.additionalConfig📜

Type: object

Default value
{}

Description: Reference configuration parameters provided by Fluentbit - https://docs.fluentbit.io/manual/pipeline/outputs/loki

additionalOutputs.s3📜

Type: object

Default value
additionalConfig:
  total_file_size: 1M
  upload_timeout: 1m
  use_put_object: 'On'
aws_access_key_id: ''
aws_secret_access_key: ''
bucket: ''
existingSecret: ''
match:
- kube.*
- host.*
region: us-east-1

Description: Options to enable a S3 output

additionalOutputs.s3.existingSecret📜

Type: string

Default value
""

Description: Reference an existing secret with your access and secret key, must contain key values pairs for AWS_ACCESS_KEY_ID and AWS_SECRET_ACCESS_KEY

additionalOutputs.s3.additionalConfig📜

Type: object

Default value
total_file_size: 1M
upload_timeout: 1m
use_put_object: 'On'

Description: Reference configuration parameters provided by Fluentbit - https://docs.fluentbit.io/manual/pipeline/outputs/s3

storage📜

Type: object

Default value
total_limit_size: 10G

Description: Limits the number of Chunks that exists in the file system for a certain logical output destination. If one destination reaches the storage.total_limit_size limit, the oldest Chunk from the queue for that logical output destination will be discarded. see https://docs.fluentbit.io/manual/administration/buffering-and-storage

openshift📜

Type: bool

Default value
false

Description: Toggle for Openshift, currently only controls NetworkPolicy changes

loki📜

Type: object

Default value
enabled: false

Description: List of enabled Big Bang log storage package(s), used to control networkPolicies and auth only

elasticsearchKibana.enabled📜

Type: bool

Default value
false

bbtests📜

Type: object

Default value
enabled: false
scripts:
  envs:
    desired_version: '{{ .Values.upstream.image.tag }}'
    fluent_host: http://{{ include "fluent-bit.fullname" . }}.{{ .Release.Namespace
      }}.svc.cluster.local:{{ .Values.upstream.service.port }}
  image: registry1.dso.mil/ironbank/big-bang/base:2.1.0

Description: Values used for Big Bang CI testing

bbtests.enabled📜

Type: bool

Default value
false

Description: Toggles test manifests

bbtests.scripts.image📜

Type: string

Default value
"registry1.dso.mil/ironbank/big-bang/base:2.1.0"

Description: Image used to run script tests, must include curl and jq

bbtests.scripts.envs📜

Type: object

Default value
desired_version: '{{ .Values.upstream.image.tag }}'
fluent_host: http://{{ include "fluent-bit.fullname" . }}.{{ .Release.Namespace }}.svc.cluster.local:{{
  .Values.upstream.service.port }}

Description: Envs that are passed into the script runner pod

bbtests.scripts.envs.fluent_host📜

Type: string

Default value
"http://{{ include \"fluent-bit.fullname\" . }}.{{ .Release.Namespace }}.svc.cluster.local:{{ .Values.upstream.service.port }}"

Description: Hostname/port to contact Fluentbit

bbtests.scripts.envs.desired_version📜

Type: string

Default value
"{{ .Values.upstream.image.tag }}"

Description: Version that should be running

upstream.image.repository📜

Type: string

Default value
"registry1.dso.mil/ironbank/opensource/fluent/fluent-bit"

upstream.image.pullPolicy📜

Type: string

Default value
"Always"

upstream.image.tag📜

Type: string

Default value
"4.0.4"

upstream.testFramework.enabled📜

Type: bool

Default value
false

upstream.imagePullSecrets[0].name📜

Type: string

Default value
"private-registry"

upstream.nameOverride📜

Type: string

Default value
"fluent-bit"

upstream.securityContext.runAsUser📜

Type: int

Default value
0

upstream.securityContext.readOnlyRootFilesystem📜

Type: bool

Default value
true

upstream.securityContext.privileged📜

Type: bool

Default value
false

upstream.securityContext.seLinuxOptions.type📜

Type: string

Default value
"spc_t"

upstream.securityContext.capabilities.drop[0]📜

Type: string

Default value
"ALL"

upstream.prometheusRule.additionalLabels📜

Type: object

Default value
{}

upstream.prometheusRule.rules[0].alert📜

Type: string

Default value
"fluentbitJobAbsent"

upstream.prometheusRule.rules[0].annotations.message📜

Type: string

Default value
"Fluent Bit job not present for 10m"

upstream.prometheusRule.rules[0].expr📜

Type: string

Default value
"absent(up{job=\"fluentbit\", namespace=\"logging\"})"

upstream.prometheusRule.rules[0].for📜

Type: string

Default value
"10m"

upstream.prometheusRule.rules[0].labels.severity📜

Type: string

Default value
"critical"

upstream.prometheusRule.rules[1].alert📜

Type: string

Default value
"FluentdLowNumberOfPods"

upstream.prometheusRule.rules[1].expr📜

Type: string

Default value
"avg without (instance) (up{job=\"fluentbit\"}) < .20"

upstream.prometheusRule.rules[1].for📜

Type: string

Default value
"10m"

upstream.prometheusRule.rules[1].annotations📜

Type: string

Default value
nil

upstream.prometheusRule.rules[1].labels.severity📜

Type: string

Default value
"critical"

upstream.prometheusRule.rules[2].alert📜

Type: string

Default value
"LogsNotFlowing"

upstream.prometheusRule.rules[2].expr📜

Type: string

Default value
"sum(rate(fluentd_output_status_num_records_total{}[4h])) by (tag) < .001"

upstream.prometheusRule.rules[2].for📜

Type: string

Default value
"30m"

upstream.prometheusRule.rules[2].annotations📜

Type: string

Default value
nil

upstream.prometheusRule.rules[2].labels.severity📜

Type: string

Default value
"critical"

upstream.prometheusRule.rules[3].alert📜

Type: string

Default value
"NoOutputBytesProcessed"

upstream.prometheusRule.rules[3].expr📜

Type: string

Default value
"rate(fluentbit_output_proc_bytes_total[5m]) == 0"

upstream.prometheusRule.rules[3].annotations.message📜

Type: string

Default value
"Fluent Bit instance {{ $labels.instance }}'s output plugin {{ $labels.name }} has not processed any\nbytes for at least 15 minutes.\n"

upstream.prometheusRule.rules[3].for📜

Type: string

Default value
"15m"

upstream.prometheusRule.rules[3].labels.severity📜

Type: string

Default value
"critical"

upstream.extraVolumes[0]📜

Type: object

Default value
hostPath:
  path: /var/log/flb-storage/
  type: DirectoryOrCreate
name: flb-storage

Description: Mount /var/log/flb-storage/ for the storage buffer, recommended for production systems.

upstream.extraVolumeMounts[0]📜

Type: object

Default value
mountPath: /var/log/flb-storage/
name: flb-storage
readOnly: false

Description: Mount /var/log/flb-storage/ for the storage buffer, recommended for production systems.

upstream.config.service📜

Type: string

Default value
"[SERVICE]\n    Daemon Off\n    Flush {{ .Values.flush | default \"1\" }}\n    Log_Level {{ .Values.logLevel | default \"info\" }}\n    Parsers_File /fluent-bit/etc/parsers.conf\n    Parsers_File /fluent-bit/etc/conf/custom_parsers.conf\n    HTTP_Server On\n    HTTP_Listen 0.0.0.0\n    HTTP_Port {{ .Values.metricsPort | default \"2020\" }}\n    # -- Setting up storage buffer on filesystem and slightly upping backlog mem_limit value.\n    storage.path /var/log/flb-storage/\n    storage.sync normal\n    storage.backlog.mem_limit 15M\n    Health_Check On\n"

upstream.config.inputs📜

Type: string

Default value
"[INPUT]\n    Name tail\n    Path /var/log/containers/*.log\n    # -- Excluding fluentbit logs from sending to ECK, along with gatekeeper-audit logs which are shipped by clusterAuditor.\n    Exclude_Path /var/log/containers/*fluent*.log\n    Parser containerd\n    Tag kube.*\n    Mem_Buf_Limit 50MB\n    Skip_Long_Lines On\n    storage.type filesystem\n\n[INPUT]\n    Name systemd\n    Tag host.*\n    Systemd_Filter _SYSTEMD_UNIT=kubelet.service\n    Read_From_Tail On\n    storage.type filesystem\n"

upstream.config.filters📜

Type: string

Default value
""

upstream.config.outputs📜

Type: string

Default value
""

upstream.config.customParsers📜

Type: string

Default value
"[PARSER]\n    Name docker_no_time\n    Format json\n    Time_Keep Off\n    Time_Key time\n    Time_Format %Y-%m-%dT%H:%M:%S.%L\n\n[PARSER]\n    Name containerd\n    Format regex\n    Regex ^(?<time>[^ ]+) (?<stream>stdout|stderr) (?<logtag>[^ ]*) (?<log>.*)$\n    Time_Key time\n    Time_Format %Y-%m-%dT%H:%M:%S.%L%z\n    Time_Keep On\n\n[PARSER]\n    Name        syslog\n    Format      regex\n    Regex       ^\\<(?<pri>[0-9]+)\\>(?<time>[^ ]* {1,2}[^ ]* [^ ]*) (?<host>[^ ]*) (?<ident>[a-zA-Z0-9_\\/\\.\\-]*)(?:\\[(?<pid>[0-9]+)\\])?(?:[^\\:]*\\:)? *(?<message>.*)$\n    Time_Key    time\n    Time_Format %b %d %H:%M:%S\n"

upstream.daemonSetVolumeMounts[0].name📜

Type: string

Default value
"varlog"

upstream.daemonSetVolumeMounts[0].mountPath📜

Type: string

Default value
"/var/log"

upstream.daemonSetVolumeMounts[0].readOnly📜

Type: bool

Default value
true

upstream.daemonSetVolumeMounts[1].name📜

Type: string

Default value
"varlibdockercontainers"

upstream.daemonSetVolumeMounts[1].mountPath📜

Type: string

Default value
"/var/lib/docker/containers"

upstream.daemonSetVolumeMounts[1].readOnly📜

Type: bool

Default value
true

upstream.daemonSetVolumeMounts[2].name📜

Type: string

Default value
"etcmachineid"

upstream.daemonSetVolumeMounts[2].mountPath📜

Type: string

Default value
"/etc/machine-id"

upstream.daemonSetVolumeMounts[2].readOnly📜

Type: bool

Default value
true

upstream.hotReload.image.repository📜

Type: string

Default value
"registry1.dso.mil/ironbank/opensource/jimmidyson/configmap-reload"

upstream.hotReload.image.tag📜

Type: string

Default value
"v0.15.0"