fluentbit values.yaml
📜
elasticsearch📜
Type: object
name: ''
Description: Configuration for Elasticsearch interaction
elasticsearch.name📜
Type: string
""
Description: Name is only used at the BB level for host templating
istio📜
Type: object
enabled: false
hardened:
customAuthorizationPolicies: []
customServiceEntries: []
enabled: false
outboundTrafficPolicyMode: REGISTRY_ONLY
mtls:
mode: STRICT
Description: Configuration for Istio interaction
istio.enabled📜
Type: bool
false
Description: Toggle currently only controls NetworkPolicies
istio.mtls📜
Type: object
mode: STRICT
Description: Default peer authentication setting
istio.mtls.mode📜
Type: string
"STRICT"
Description: STRICT = Allow only mutual TLS traffic PERMISSIVE = Allow both plain text and mutual TLS traffic
networkPolicies.enabled📜
Type: bool
false
networkPolicies.controlPlaneCidr📜
Type: string
"0.0.0.0/0"
networkPolicies.additionalPolicies📜
Type: list
[]
additionalOutputs📜
Type: object
disableDefault: false
elasticsearch:
additionalConfig: {}
caCert: ''
host: ''
match:
- kube.*
- host.*
password: ''
port: 9200
tls: true
tlsVerify: false
user: elastic
fluentd:
additionalConfig: {}
caCert: ''
host: ''
match:
- kube.*
- host.*
password: ''
port: 24224
sharedKey: ''
tls: true
tlsVerify: false
user: ''
loki:
additionalConfig: {}
caCert: ''
host: ''
match:
- kube.*
- host.*
password: ''
port: 3100
tls: false
tlsVerify: false
user: ''
s3:
additionalConfig:
total_file_size: 1M
upload_timeout: 1m
use_put_object: 'On'
aws_access_key_id: ''
aws_secret_access_key: ''
bucket: ''
existingSecret: ''
match:
- kube.*
- host.*
region: us-east-1
Description: Additional Outputs for Big Bang, these are wrappers to simplify the config of outputs and extend whatever is specified under the outputs
values
additionalOutputs.disableDefault📜
Type: bool
false
Description: Option to disable the default elastic output configured under outputs
, this only works at the Big Bang chart level
additionalOutputs.elasticsearch📜
Type: object
additionalConfig: {}
caCert: ''
host: ''
match:
- kube.*
- host.*
password: ''
port: 9200
tls: true
tlsVerify: false
user: elastic
Description: Options to enable an additional elastic output
additionalOutputs.elasticsearch.tls📜
Type: bool
true
Description: Toggle on TLS
additionalOutputs.elasticsearch.tlsVerify📜
Type: bool
false
Description: Verify TLS certificates, requires a caCert to be specified
additionalOutputs.elasticsearch.caCert📜
Type: string
""
Description: Full ca.crt specified as multiline string, see example
additionalOutputs.elasticsearch.additionalConfig📜
Type: object
{}
Description: Reference configuration parameters provided by Fluentbit - https://docs.fluentbit.io/manual/pipeline/outputs/elasticsearch
additionalOutputs.fluentd📜
Type: object
additionalConfig: {}
caCert: ''
host: ''
match:
- kube.*
- host.*
password: ''
port: 24224
sharedKey: ''
tls: true
tlsVerify: false
user: ''
Description: Options to enable a fluentd output
additionalOutputs.fluentd.sharedKey📜
Type: string
""
Description: Overridden by username and password
additionalOutputs.fluentd.tls📜
Type: bool
true
Description: Toggle on TLS
additionalOutputs.fluentd.tlsVerify📜
Type: bool
false
Description: Verify TLS certificates, requires a caCert to be specified
additionalOutputs.fluentd.caCert📜
Type: string
""
Description: Full ca.crt specified as multiline string, see example
additionalOutputs.fluentd.additionalConfig📜
Type: object
{}
Description: Reference configuration parameters provided by Fluentbit - https://docs.fluentbit.io/manual/pipeline/outputs/forward
additionalOutputs.loki📜
Type: object
additionalConfig: {}
caCert: ''
host: ''
match:
- kube.*
- host.*
password: ''
port: 3100
tls: false
tlsVerify: false
user: ''
Description: Options to enable a loki output
additionalOutputs.loki.user📜
Type: string
""
Description: User and Password are optional - only required if running proxy in front of Loki, see https://grafana.com/docs/loki/latest/operations/authentication/
additionalOutputs.loki.tls📜
Type: bool
false
Description: Toggle on TLS - disabled by default to support in cluster Loki
additionalOutputs.loki.tlsVerify📜
Type: bool
false
Description: Verify TLS certificates, requires a caCert to be specified
additionalOutputs.loki.caCert📜
Type: string
""
Description: Full ca.crt specified as multiline string, see example
additionalOutputs.loki.additionalConfig📜
Type: object
{}
Description: Reference configuration parameters provided by Fluentbit - https://docs.fluentbit.io/manual/pipeline/outputs/loki
additionalOutputs.s3📜
Type: object
additionalConfig:
total_file_size: 1M
upload_timeout: 1m
use_put_object: 'On'
aws_access_key_id: ''
aws_secret_access_key: ''
bucket: ''
existingSecret: ''
match:
- kube.*
- host.*
region: us-east-1
Description: Options to enable a S3 output
additionalOutputs.s3.existingSecret📜
Type: string
""
Description: Reference an existing secret with your access and secret key, must contain key values pairs for AWS_ACCESS_KEY_ID and AWS_SECRET_ACCESS_KEY
additionalOutputs.s3.additionalConfig📜
Type: object
total_file_size: 1M
upload_timeout: 1m
use_put_object: 'On'
Description: Reference configuration parameters provided by Fluentbit - https://docs.fluentbit.io/manual/pipeline/outputs/s3
storage📜
Type: object
total_limit_size: 10G
Description: Limits the number of Chunks that exists in the file system for a certain logical output destination. If one destination reaches the storage.total_limit_size limit, the oldest Chunk from the queue for that logical output destination will be discarded. see https://docs.fluentbit.io/manual/administration/buffering-and-storage
openshift📜
Type: bool
false
Description: Toggle for Openshift, currently only controls NetworkPolicy changes
loki📜
Type: object
enabled: false
Description: List of enabled Big Bang log storage package(s), used to control networkPolicies and auth only
elasticsearchKibana.enabled📜
Type: bool
false
bbtests📜
Type: object
enabled: false
scripts:
envs:
desired_version: '{{ .Values.upstream.image.tag }}'
fluent_host: http://{{ include "fluent-bit.fullname" . }}.{{ .Release.Namespace
}}.svc.cluster.local:{{ .Values.upstream.service.port }}
image: registry1.dso.mil/ironbank/big-bang/base:2.1.0
Description: Values used for Big Bang CI testing
bbtests.enabled📜
Type: bool
false
Description: Toggles test manifests
bbtests.scripts.image📜
Type: string
"registry1.dso.mil/ironbank/big-bang/base:2.1.0"
Description: Image used to run script tests, must include curl and jq
bbtests.scripts.envs📜
Type: object
desired_version: '{{ .Values.upstream.image.tag }}'
fluent_host: http://{{ include "fluent-bit.fullname" . }}.{{ .Release.Namespace }}.svc.cluster.local:{{
.Values.upstream.service.port }}
Description: Envs that are passed into the script runner pod
bbtests.scripts.envs.fluent_host📜
Type: string
"http://{{ include \"fluent-bit.fullname\" . }}.{{ .Release.Namespace }}.svc.cluster.local:{{ .Values.upstream.service.port }}"
Description: Hostname/port to contact Fluentbit
bbtests.scripts.envs.desired_version📜
Type: string
"{{ .Values.upstream.image.tag }}"
Description: Version that should be running
upstream.image.repository📜
Type: string
"registry1.dso.mil/ironbank/opensource/fluent/fluent-bit"
upstream.image.pullPolicy📜
Type: string
"Always"
upstream.image.tag📜
Type: string
"4.0.4"
upstream.testFramework.enabled📜
Type: bool
false
upstream.imagePullSecrets[0].name📜
Type: string
"private-registry"
upstream.nameOverride📜
Type: string
"fluent-bit"
upstream.securityContext.runAsUser📜
Type: int
0
upstream.securityContext.readOnlyRootFilesystem📜
Type: bool
true
upstream.securityContext.privileged📜
Type: bool
false
upstream.securityContext.seLinuxOptions.type📜
Type: string
"spc_t"
upstream.securityContext.capabilities.drop[0]📜
Type: string
"ALL"
upstream.prometheusRule.additionalLabels📜
Type: object
{}
upstream.prometheusRule.rules[0].alert📜
Type: string
"fluentbitJobAbsent"
upstream.prometheusRule.rules[0].annotations.message📜
Type: string
"Fluent Bit job not present for 10m"
upstream.prometheusRule.rules[0].expr📜
Type: string
"absent(up{job=\"fluentbit\", namespace=\"logging\"})"
upstream.prometheusRule.rules[0].for📜
Type: string
"10m"
upstream.prometheusRule.rules[0].labels.severity📜
Type: string
"critical"
upstream.prometheusRule.rules[1].alert📜
Type: string
"FluentdLowNumberOfPods"
upstream.prometheusRule.rules[1].expr📜
Type: string
"avg without (instance) (up{job=\"fluentbit\"}) < .20"
upstream.prometheusRule.rules[1].for📜
Type: string
"10m"
upstream.prometheusRule.rules[1].annotations📜
Type: string
nil
upstream.prometheusRule.rules[1].labels.severity📜
Type: string
"critical"
upstream.prometheusRule.rules[2].alert📜
Type: string
"LogsNotFlowing"
upstream.prometheusRule.rules[2].expr📜
Type: string
"sum(rate(fluentd_output_status_num_records_total{}[4h])) by (tag) < .001"
upstream.prometheusRule.rules[2].for📜
Type: string
"30m"
upstream.prometheusRule.rules[2].annotations📜
Type: string
nil
upstream.prometheusRule.rules[2].labels.severity📜
Type: string
"critical"
upstream.prometheusRule.rules[3].alert📜
Type: string
"NoOutputBytesProcessed"
upstream.prometheusRule.rules[3].expr📜
Type: string
"rate(fluentbit_output_proc_bytes_total[5m]) == 0"
upstream.prometheusRule.rules[3].annotations.message📜
Type: string
"Fluent Bit instance {{ $labels.instance }}'s output plugin {{ $labels.name }} has not processed any\nbytes for at least 15 minutes.\n"
upstream.prometheusRule.rules[3].for📜
Type: string
"15m"
upstream.prometheusRule.rules[3].labels.severity📜
Type: string
"critical"
upstream.extraVolumes[0]📜
Type: object
hostPath:
path: /var/log/flb-storage/
type: DirectoryOrCreate
name: flb-storage
Description: Mount /var/log/flb-storage/ for the storage buffer, recommended for production systems.
upstream.extraVolumeMounts[0]📜
Type: object
mountPath: /var/log/flb-storage/
name: flb-storage
readOnly: false
Description: Mount /var/log/flb-storage/ for the storage buffer, recommended for production systems.
upstream.config.service📜
Type: string
"[SERVICE]\n Daemon Off\n Flush {{ .Values.flush | default \"1\" }}\n Log_Level {{ .Values.logLevel | default \"info\" }}\n Parsers_File /fluent-bit/etc/parsers.conf\n Parsers_File /fluent-bit/etc/conf/custom_parsers.conf\n HTTP_Server On\n HTTP_Listen 0.0.0.0\n HTTP_Port {{ .Values.metricsPort | default \"2020\" }}\n # -- Setting up storage buffer on filesystem and slightly upping backlog mem_limit value.\n storage.path /var/log/flb-storage/\n storage.sync normal\n storage.backlog.mem_limit 15M\n Health_Check On\n"
upstream.config.inputs📜
Type: string
"[INPUT]\n Name tail\n Path /var/log/containers/*.log\n # -- Excluding fluentbit logs from sending to ECK, along with gatekeeper-audit logs which are shipped by clusterAuditor.\n Exclude_Path /var/log/containers/*fluent*.log\n Parser containerd\n Tag kube.*\n Mem_Buf_Limit 50MB\n Skip_Long_Lines On\n storage.type filesystem\n\n[INPUT]\n Name systemd\n Tag host.*\n Systemd_Filter _SYSTEMD_UNIT=kubelet.service\n Read_From_Tail On\n storage.type filesystem\n"
upstream.config.filters📜
Type: string
""
upstream.config.outputs📜
Type: string
""
upstream.config.customParsers📜
Type: string
"[PARSER]\n Name docker_no_time\n Format json\n Time_Keep Off\n Time_Key time\n Time_Format %Y-%m-%dT%H:%M:%S.%L\n\n[PARSER]\n Name containerd\n Format regex\n Regex ^(?<time>[^ ]+) (?<stream>stdout|stderr) (?<logtag>[^ ]*) (?<log>.*)$\n Time_Key time\n Time_Format %Y-%m-%dT%H:%M:%S.%L%z\n Time_Keep On\n\n[PARSER]\n Name syslog\n Format regex\n Regex ^\\<(?<pri>[0-9]+)\\>(?<time>[^ ]* {1,2}[^ ]* [^ ]*) (?<host>[^ ]*) (?<ident>[a-zA-Z0-9_\\/\\.\\-]*)(?:\\[(?<pid>[0-9]+)\\])?(?:[^\\:]*\\:)? *(?<message>.*)$\n Time_Key time\n Time_Format %b %d %H:%M:%S\n"
upstream.daemonSetVolumeMounts[0].name📜
Type: string
"varlog"
upstream.daemonSetVolumeMounts[0].mountPath📜
Type: string
"/var/log"
upstream.daemonSetVolumeMounts[0].readOnly📜
Type: bool
true
upstream.daemonSetVolumeMounts[1].name📜
Type: string
"varlibdockercontainers"
upstream.daemonSetVolumeMounts[1].mountPath📜
Type: string
"/var/lib/docker/containers"
upstream.daemonSetVolumeMounts[1].readOnly📜
Type: bool
true
upstream.daemonSetVolumeMounts[2].name📜
Type: string
"etcmachineid"
upstream.daemonSetVolumeMounts[2].mountPath📜
Type: string
"/etc/machine-id"
upstream.daemonSetVolumeMounts[2].readOnly📜
Type: bool
true
upstream.hotReload.image.repository📜
Type: string
"registry1.dso.mil/ironbank/opensource/jimmidyson/configmap-reload"
upstream.hotReload.image.tag📜
Type: string
"v0.15.0"