Skip to content

fluentbit values.yaml📜

elasticsearch📜

Type: object

Default value
name: ''

Description: Configuration for Elasticsearch interaction

elasticsearch.name📜

Type: string

Default value
""

Description: Name is only used at the BB level for host templating

istio📜

Type: object

Default value
enabled: false
hardened:
  customAuthorizationPolicies: []
  customServiceEntries: []
  enabled: false
  outboundTrafficPolicyMode: REGISTRY_ONLY
mtls:
  mode: STRICT

Description: Configuration for Istio interaction

istio.enabled📜

Type: bool

Default value
false

Description: Toggle currently only controls NetworkPolicies

istio.mtls📜

Type: object

Default value
mode: STRICT

Description: Default peer authentication setting

istio.mtls.mode📜

Type: string

Default value
"STRICT"

Description: STRICT = Allow only mutual TLS traffic PERMISSIVE = Allow both plain text and mutual TLS traffic

additionalOutputs📜

Type: object

Default value
disableDefault: false
elasticsearch:
  additionalConfig: {}
  caCert: ''
  host: ''
  match:
  - kube.*
  - host.*
  password: ''
  port: 9200
  tls: true
  tlsVerify: false
  user: elastic
fluentd:
  additionalConfig: {}
  caCert: ''
  host: ''
  match:
  - kube.*
  - host.*
  password: ''
  port: 24224
  sharedKey: ''
  tls: true
  tlsVerify: false
  user: ''
loki:
  additionalConfig: {}
  caCert: ''
  host: ''
  match:
  - kube.*
  - host.*
  password: ''
  port: 3100
  tls: false
  tlsVerify: false
  user: ''
s3:
  additionalConfig:
    total_file_size: 1M
    upload_timeout: 1m
    use_put_object: 'On'
  aws_access_key_id: ''
  aws_secret_access_key: ''
  bucket: ''
  existingSecret: ''
  match:
  - kube.*
  - host.*
  region: us-east-1

Description: Additional Outputs for Big Bang, these are wrappers to simplify the config of outputs and extend whatever is specified under the outputs values

additionalOutputs.disableDefault📜

Type: bool

Default value
false

Description: Option to disable the default elastic output configured under outputs, this only works at the Big Bang chart level

additionalOutputs.elasticsearch📜

Type: object

Default value
additionalConfig: {}
caCert: ''
host: ''
match:
- kube.*
- host.*
password: ''
port: 9200
tls: true
tlsVerify: false
user: elastic

Description: Options to enable an additional elastic output

additionalOutputs.elasticsearch.tls📜

Type: bool

Default value
true

Description: Toggle on TLS

additionalOutputs.elasticsearch.tlsVerify📜

Type: bool

Default value
false

Description: Verify TLS certificates, requires a caCert to be specified

additionalOutputs.elasticsearch.caCert📜

Type: string

Default value
""

Description: Full ca.crt specified as multiline string, see example

additionalOutputs.elasticsearch.additionalConfig📜

Type: object

Default value
{}

Description: Reference configuration parameters provided by Fluentbit - https://docs.fluentbit.io/manual/pipeline/outputs/elasticsearch

additionalOutputs.fluentd📜

Type: object

Default value
additionalConfig: {}
caCert: ''
host: ''
match:
- kube.*
- host.*
password: ''
port: 24224
sharedKey: ''
tls: true
tlsVerify: false
user: ''

Description: Options to enable a fluentd output

additionalOutputs.fluentd.sharedKey📜

Type: string

Default value
""

Description: Overriden by username and password

additionalOutputs.fluentd.tls📜

Type: bool

Default value
true

Description: Toggle on TLS

additionalOutputs.fluentd.tlsVerify📜

Type: bool

Default value
false

Description: Verify TLS certificates, requires a caCert to be specified

additionalOutputs.fluentd.caCert📜

Type: string

Default value
""

Description: Full ca.crt specified as multiline string, see example

additionalOutputs.fluentd.additionalConfig📜

Type: object

Default value
{}

Description: Reference configuration parameters provided by Fluentbit - https://docs.fluentbit.io/manual/pipeline/outputs/forward

additionalOutputs.loki📜

Type: object

Default value
additionalConfig: {}
caCert: ''
host: ''
match:
- kube.*
- host.*
password: ''
port: 3100
tls: false
tlsVerify: false
user: ''

Description: Options to enable a loki output

additionalOutputs.loki.user📜

Type: string

Default value
""

Description: User and Password are optional - only required if running proxy in front of Loki, see https://grafana.com/docs/loki/latest/operations/authentication/

additionalOutputs.loki.tls📜

Type: bool

Default value
false

Description: Toggle on TLS - disabled by default to support in cluster Loki

additionalOutputs.loki.tlsVerify📜

Type: bool

Default value
false

Description: Verify TLS certificates, requires a caCert to be specified

additionalOutputs.loki.caCert📜

Type: string

Default value
""

Description: Full ca.crt specified as multiline string, see example

additionalOutputs.loki.additionalConfig📜

Type: object

Default value
{}

Description: Reference configuration parameters provided by Fluentbit - https://docs.fluentbit.io/manual/pipeline/outputs/loki

additionalOutputs.s3📜

Type: object

Default value
additionalConfig:
  total_file_size: 1M
  upload_timeout: 1m
  use_put_object: 'On'
aws_access_key_id: ''
aws_secret_access_key: ''
bucket: ''
existingSecret: ''
match:
- kube.*
- host.*
region: us-east-1

Description: Options to enable a S3 output

additionalOutputs.s3.existingSecret📜

Type: string

Default value
""

Description: Reference an existing secret with your access and secret key, must contain key values pairs for AWS_ACCESS_KEY_ID and AWS_SECRET_ACCESS_KEY

additionalOutputs.s3.additionalConfig📜

Type: object

Default value
total_file_size: 1M
upload_timeout: 1m
use_put_object: 'On'

Description: Reference configuration parameters provided by Fluentbit - https://docs.fluentbit.io/manual/pipeline/outputs/s3

storage_buffer📜

Type: object

Default value
path: /var/log/flb-storage/

Description: Options to configure hostPath mounted storage buffer for production use Specified in fluentbit service configuration section below see https://docs.fluentbit.io/manual/administration/buffering-and-storage

storage📜

Type: object

Default value
total_limit_size: 10G

Description: Limits the number of Chunks that exists in the file system for a certain logical output destination. If one destination reaches the storage.total_limit_size limit, the oldest Chunk from the queue for that logical output destination will be discarded. see https://docs.fluentbit.io/manual/administration/buffering-and-storage

kind📜

Type: string

Default value
"DaemonSet"

Description: DaemonSet or Deployment

replicaCount📜

Type: int

Default value
1

Description: Only applicable if kind=Deployment

image.repository📜

Type: string

Default value
"registry1.dso.mil/ironbank/opensource/fluent/fluent-bit"

image.pullPolicy📜

Type: string

Default value
"Always"

image.tag📜

Type: string

Default value
"3.2.1"

networkPolicies.enabled📜

Type: bool

Default value
false

networkPolicies.controlPlaneCidr📜

Type: string

Default value
"0.0.0.0/0"

networkPolicies.additionalPolicies📜

Type: list

Default value
[]

testFramework.enabled📜

Type: bool

Default value
false

testFramework.namespace📜

Type: string

Default value
nil

testFramework.image.repository📜

Type: string

Default value
"busybox"

testFramework.image.pullPolicy📜

Type: string

Default value
"Always"

testFramework.image.tag📜

Type: string

Default value
"latest"

testFramework.image.digest📜

Type: string

Default value
nil

imagePullSecrets[0].name📜

Type: string

Default value
"private-registry"

nameOverride📜

Type: string

Default value
"fluent-bit"

fullnameOverride📜

Type: string

Default value
""

serviceAccount.create📜

Type: bool

Default value
true

serviceAccount.annotations📜

Type: object

Default value
{}

serviceAccount.name📜

Type: string

Default value
nil

rbac.create📜

Type: bool

Default value
true

rbac.nodeAccess📜

Type: bool

Default value
false

rbac.eventsAccess📜

Type: bool

Default value
false

podSecurityPolicy.create📜

Type: bool

Default value
false

podSecurityPolicy.annotations📜

Type: object

Default value
{}

podSecurityPolicy.runAsUser.rule📜

Type: string

Default value
"RunAsAny"

podSecurityPolicy.seLinux.rule📜

Type: string

Default value
"RunAsAny"

openShift.enabled📜

Type: bool

Default value
false

openShift.securityContextConstraints.create📜

Type: bool

Default value
true

openShift.securityContextConstraints.name📜

Type: string

Default value
""

openShift.securityContextConstraints.annotations📜

Type: object

Default value
{}

openShift.securityContextConstraints.runAsUser.type📜

Type: string

Default value
"RunAsAny"

openShift.securityContextConstraints.seLinuxContext.type📜

Type: string

Default value
"MustRunAs"

openShift.securityContextConstraints.existingName📜

Type: string

Default value
""

podSecurityContext📜

Type: object

Default value
{}

hostNetwork📜

Type: bool

Default value
false

dnsPolicy📜

Type: string

Default value
"ClusterFirst"

dnsConfig📜

Type: object

Default value
{}

hostAliases📜

Type: list

Default value
[]

securityContext.runAsUser📜

Type: int

Default value
0

securityContext.readOnlyRootFilesystem📜

Type: bool

Default value
true

securityContext.privileged📜

Type: bool

Default value
false

securityContext.seLinuxOptions.type📜

Type: string

Default value
"spc_t"

securityContext.capabilities.drop[0]📜

Type: string

Default value
"ALL"

service.type📜

Type: string

Default value
"ClusterIP"

service.port📜

Type: int

Default value
2020

service.internalTrafficPolicy📜

Type: string

Default value
nil

service.loadBalancerClass📜

Type: string

Default value
nil

service.loadBalancerSourceRanges📜

Type: list

Default value
[]

service.labels📜

Type: object

Default value
{}

service.annotations📜

Type: object

Default value
{}

service.externalIPs📜

Type: list

Default value
[]

serviceMonitor.enabled📜

Type: bool

Default value
false

serviceMonitor.additionalEndpoints📜

Type: list

Default value
[]

prometheusRule.enabled📜

Type: bool

Default value
false

prometheusRule.additionalLabels📜

Type: object

Default value
{}

prometheusRule.rules[0].alert📜

Type: string

Default value
"fluentbitJobAbsent"

prometheusRule.rules[0].annotations.message📜

Type: string

Default value
"Fluent Bit job not present for 10m"

prometheusRule.rules[0].expr📜

Type: string

Default value
"absent(up{job=\"fluentbit\", namespace=\"logging\"})"

prometheusRule.rules[0].for📜

Type: string

Default value
"10m"

prometheusRule.rules[0].labels.severity📜

Type: string

Default value
"critical"

prometheusRule.rules[1].alert📜

Type: string

Default value
"FluentdLowNumberOfPods"

prometheusRule.rules[1].expr📜

Type: string

Default value
"avg without (instance) (up{job=\"fluentbit\"}) < .20"

prometheusRule.rules[1].for📜

Type: string

Default value
"10m"

prometheusRule.rules[1].annotations📜

Type: string

Default value
nil

prometheusRule.rules[1].labels.severity📜

Type: string

Default value
"critical"

prometheusRule.rules[2].alert📜

Type: string

Default value
"LogsNotFlowing"

prometheusRule.rules[2].expr📜

Type: string

Default value
"sum(rate(fluentd_output_status_num_records_total{}[4h])) by (tag) < .001"

prometheusRule.rules[2].for📜

Type: string

Default value
"30m"

prometheusRule.rules[2].annotations📜

Type: string

Default value
nil

prometheusRule.rules[2].labels.severity📜

Type: string

Default value
"critical"

prometheusRule.rules[3].alert📜

Type: string

Default value
"NoOutputBytesProcessed"

prometheusRule.rules[3].expr📜

Type: string

Default value
"rate(fluentbit_output_proc_bytes_total[5m]) == 0"

prometheusRule.rules[3].annotations.message📜

Type: string

Default value
"Fluent Bit instance {{ $labels.instance }}'s output plugin {{ $labels.name }} has not processed any\nbytes for at least 15 minutes.\n"

prometheusRule.rules[3].for📜

Type: string

Default value
"15m"

prometheusRule.rules[3].labels.severity📜

Type: string

Default value
"critical"

dashboards.enabled📜

Type: bool

Default value
false

dashboards.labelKey📜

Type: string

Default value
"grafana_dashboard"

dashboards.labelValue📜

Type: int

Default value
1

dashboards.annotations📜

Type: object

Default value
{}

dashboards.namespace📜

Type: string

Default value
""

dashboards.deterministicUid📜

Type: bool

Default value
false

lifecycle📜

Type: object

Default value
{}

livenessProbe.httpGet.path📜

Type: string

Default value
"/"

livenessProbe.httpGet.port📜

Type: string

Default value
"http"

readinessProbe.httpGet.path📜

Type: string

Default value
"/api/v1/health"

readinessProbe.httpGet.port📜

Type: string

Default value
"http"

resources📜

Type: object

Default value
{}

ingress.enabled📜

Type: bool

Default value
false

ingress.ingressClassName📜

Type: string

Default value
""

ingress.annotations📜

Type: object

Default value
{}

ingress.hosts📜

Type: list

Default value
[]

ingress.extraHosts📜

Type: list

Default value
[]

ingress.tls📜

Type: list

Default value
[]

autoscaling.vpa.enabled📜

Type: bool

Default value
false

autoscaling.vpa.annotations📜

Type: object

Default value
{}

autoscaling.vpa.controlledResources📜

Type: list

Default value
[]

autoscaling.vpa.maxAllowed📜

Type: object

Default value
{}

autoscaling.vpa.minAllowed📜

Type: object

Default value
{}

autoscaling.vpa.updatePolicy.updateMode📜

Type: string

Default value
"Auto"

autoscaling.enabled📜

Type: bool

Default value
false

autoscaling.minReplicas📜

Type: int

Default value
1

autoscaling.maxReplicas📜

Type: int

Default value
3

autoscaling.targetCPUUtilizationPercentage📜

Type: int

Default value
75

autoscaling.customRules📜

Type: list

Default value
[]

autoscaling.behavior📜

Type: object

Default value
{}

podDisruptionBudget.enabled📜

Type: bool

Default value
false

podDisruptionBudget.annotations📜

Type: object

Default value
{}

podDisruptionBudget.maxUnavailable📜

Type: string

Default value
"30%"

nodeSelector📜

Type: object

Default value
{}

tolerations📜

Type: list

Default value
[]

affinity📜

Type: object

Default value
{}

labels📜

Type: object

Default value
{}

annotations📜

Type: object

Default value
{}

podAnnotations📜

Type: object

Default value
{}

podLabels📜

Type: object

Default value
{}

minReadySeconds📜

Type: string

Default value
nil

terminationGracePeriodSeconds📜

Type: string

Default value
nil

priorityClassName📜

Type: string

Default value
""

env📜

Type: object

Default value
{}

envWithTpl📜

Type: list

Default value
[]

envFrom📜

Type: list

Default value
[]

extraContainers📜

Type: list

Default value
[]

flush📜

Type: int

Default value
1

metricsPort📜

Type: int

Default value
2020

extraPorts📜

Type: list

Default value
[]

extraVolumes[0]📜

Type: object

Default value
hostPath:
  path: /var/log/flb-storage/
  type: DirectoryOrCreate
name: flb-storage

Description: Mount /var/log/flb-storage/ for the storage buffer, recommended for production systems.

extraVolumeMounts[0]📜

Type: object

Default value
mountPath: /var/log/flb-storage/
name: flb-storage
readOnly: false

Description: Mount /var/log/flb-storage/ for the storage buffer, recommended for production systems.

updateStrategy📜

Type: object

Default value
{}

existingConfigMap📜

Type: string

Default value
""

networkPolicy.enabled📜

Type: bool

Default value
false

luaScripts📜

Type: object

Default value
{}

config.service📜

Type: string

Default value
"[SERVICE]\n    Daemon Off\n    Flush {{ .Values.flush }}\n    Log_Level {{ .Values.logLevel }}\n    Parsers_File /fluent-bit/etc/parsers.conf\n    Parsers_File /fluent-bit/etc/conf/custom_parsers.conf\n    HTTP_Server On\n    HTTP_Listen 0.0.0.0\n    HTTP_Port {{ .Values.metricsPort }}\n    # -- Setting up storage buffer on filesystem and slighty upping backlog mem_limit value.\n    storage.path {{ .Values.storage_buffer.path }}\n    storage.sync normal\n    storage.backlog.mem_limit 15M\n    Health_Check On\n"

config.inputs📜

Type: string

Default value
"[INPUT]\n    Name tail\n    Path /var/log/containers/*.log\n    # -- Excluding fluentbit logs from sending to ECK, along with gatekeeper-audit logs which are shipped by clusterAuditor.\n    Exclude_Path /var/log/containers/*fluent*.log\n    Parser containerd\n    Tag kube.*\n    Mem_Buf_Limit 50MB\n    Skip_Long_Lines On\n    storage.type filesystem\n\n[INPUT]\n    Name systemd\n    Tag host.*\n    Systemd_Filter _SYSTEMD_UNIT=kubelet.service\n    Read_From_Tail On\n    storage.type filesystem\n"

config.filters📜

Type: string

Default value
""

config.outputs📜

Type: string

Default value
""

config.upstream📜

Type: object

Default value
{}

config.customParsers📜

Type: string

Default value
"[PARSER]\n    Name docker_no_time\n    Format json\n    Time_Keep Off\n    Time_Key time\n    Time_Format %Y-%m-%dT%H:%M:%S.%L\n\n[PARSER]\n    Name containerd\n    Format regex\n    Regex ^(?<time>[^ ]+) (?<stream>stdout\|stderr) (?<logtag>[^ ]*) (?<log>.*)$\n    Time_Key time\n    Time_Format %Y-%m-%dT%H:%M:%S.%L%z\n    Time_Keep On\n\n[PARSER]\n    Name        syslog\n    Format      regex\n    Regex       ^\\<(?<pri>[0-9]+)\\>(?<time>[^ ]* {1,2}[^ ]* [^ ]*) (?<host>[^ ]*) (?<ident>[a-zA-Z0-9_\\/\\.\\-]*)(?:\\[(?<pid>[0-9]+)\\])?(?:[^\\:]*\\:)? *(?<message>.*)$\n    Time_Key    time\n    Time_Format %b %d %H:%M:%S\n"

config.extraFiles📜

Type: object

Default value
{}

volumeMounts[0].name📜

Type: string

Default value
"config"

volumeMounts[0].mountPath📜

Type: string

Default value
"/fluent-bit/etc/conf"

daemonSetVolumes[0].name📜

Type: string

Default value
"varlog"

daemonSetVolumes[0].hostPath.path📜

Type: string

Default value
"/var/log"

daemonSetVolumes[1].name📜

Type: string

Default value
"varlibdockercontainers"

daemonSetVolumes[1].hostPath.path📜

Type: string

Default value
"/var/lib/docker/containers"

daemonSetVolumes[2].name📜

Type: string

Default value
"etcmachineid"

daemonSetVolumes[2].hostPath.path📜

Type: string

Default value
"/etc/machine-id"

daemonSetVolumes[2].hostPath.type📜

Type: string

Default value
"File"

daemonSetVolumeMounts[0].name📜

Type: string

Default value
"varlog"

daemonSetVolumeMounts[0].mountPath📜

Type: string

Default value
"/var/log"

daemonSetVolumeMounts[0].readOnly📜

Type: bool

Default value
true

daemonSetVolumeMounts[1].name📜

Type: string

Default value
"varlibdockercontainers"

daemonSetVolumeMounts[1].mountPath📜

Type: string

Default value
"/var/lib/docker/containers"

daemonSetVolumeMounts[1].readOnly📜

Type: bool

Default value
true

daemonSetVolumeMounts[2].name📜

Type: string

Default value
"etcmachineid"

daemonSetVolumeMounts[2].mountPath📜

Type: string

Default value
"/etc/machine-id"

daemonSetVolumeMounts[2].readOnly📜

Type: bool

Default value
true

command[0]📜

Type: string

Default value
"/fluent-bit/bin/fluent-bit"

args[0]📜

Type: string

Default value
"--workdir=/fluent-bit/etc"

args[1]📜

Type: string

Default value
"--config=/fluent-bit/etc/conf/fluent-bit.conf"

initContainers📜

Type: list

Default value
[]

logLevel📜

Type: string

Default value
"info"

openshift📜

Type: bool

Default value
false

Description: Toggle for Openshift, currently only controls NetworkPolicy changes

loki📜

Type: object

Default value
enabled: false

Description: List of enabled Big Bang log storage package(s), used to control networkPolicies and auth only

elasticsearchKibana.enabled📜

Type: bool

Default value
false

bbtests📜

Type: object

Default value
enabled: false
scripts:
  envs:
    desired_version: '{{ .Values.image.tag }}'
    fluent_host: http://{{ include "fluent-bit.fullname" . }}.{{ .Release.Namespace
      }}.svc.cluster.local:{{ .Values.service.port }}
  image: registry1.dso.mil/ironbank/stedolan/jq:1.7

Description: Values used for Big Bang CI testing

bbtests.enabled📜

Type: bool

Default value
false

Description: Toggles test manifests

bbtests.scripts.image📜

Type: string

Default value
"registry1.dso.mil/ironbank/stedolan/jq:1.7"

Description: Image used to run script tests, must include curl and jq

bbtests.scripts.envs📜

Type: object

Default value
desired_version: '{{ .Values.image.tag }}'
fluent_host: http://{{ include "fluent-bit.fullname" . }}.{{ .Release.Namespace }}.svc.cluster.local:{{
  .Values.service.port }}

Description: Envs that are passed into the script runner pod

bbtests.scripts.envs.fluent_host📜

Type: string

Default value
"http://{{ include \"fluent-bit.fullname\" . }}.{{ .Release.Namespace }}.svc.cluster.local:{{ .Values.service.port }}"

Description: Hostname/port to contact Fluentbit

bbtests.scripts.envs.desired_version📜

Type: string

Default value
"{{ .Values.image.tag }}"

Description: Version that should be running

hotReload.enabled📜

Type: bool

Default value
false

hotReload.image.repository📜

Type: string

Default value
"registry1.dso.mil/ironbank/opensource/jimmidyson/configmap-reload"

hotReload.image.tag📜

Type: string

Default value
"v0.14.0"

hotReload.image.digest📜

Type: string

Default value
nil

hotReload.image.pullPolicy📜

Type: string

Default value
"IfNotPresent"

hotReload.resources📜

Type: object

Default value
{}