fluentbit values.yaml📜
elasticsearch📜
Type: object
name: ''
Description: Configuration for Elasticsearch interaction
elasticsearch.name📜
Type: string
""
Description: Name is only used at the BB level for host templating
istio📜
Type: object
enabled: false
hardened:
customAuthorizationPolicies: []
customServiceEntries: []
enabled: false
monitoring:
enabled: true
namespaces:
- monitoring
principals:
- cluster.local/ns/monitoring/sa/monitoring-grafana
- cluster.local/ns/monitoring/sa/monitoring-monitoring-kube-alertmanager
- cluster.local/ns/monitoring/sa/monitoring-monitoring-kube-operator
- cluster.local/ns/monitoring/sa/monitoring-monitoring-kube-prometheus
- cluster.local/ns/monitoring/sa/monitoring-monitoring-kube-state-metrics
- cluster.local/ns/monitoring/sa/monitoring-monitoring-prometheus-node-exporter
outboundTrafficPolicyMode: REGISTRY_ONLY
mtls:
mode: STRICT
Description: Configuration for Istio interaction
istio.enabled📜
Type: bool
false
Description: Toggle currently only controls NetworkPolicies
istio.mtls📜
Type: object
mode: STRICT
Description: Default peer authentication setting
istio.mtls.mode📜
Type: string
"STRICT"
Description: STRICT = Allow only mutual TLS traffic PERMISSIVE = Allow both plain text and mutual TLS traffic
additionalOutputs📜
Type: object
disableDefault: false
elasticsearch:
additionalConfig: {}
caCert: ''
host: ''
match:
- kube.*
- host.*
password: ''
port: 9200
tls: true
tlsVerify: false
user: elastic
fluentd:
additionalConfig: {}
caCert: ''
host: ''
match:
- kube.*
- host.*
password: ''
port: 24224
sharedKey: ''
tls: true
tlsVerify: false
user: ''
loki:
additionalConfig: {}
caCert: ''
host: ''
match:
- kube.*
- host.*
password: ''
port: 3100
tls: false
tlsVerify: false
user: ''
s3:
additionalConfig:
total_file_size: 1M
upload_timeout: 1m
use_put_object: 'On'
aws_access_key_id: ''
aws_secret_access_key: ''
bucket: ''
existingSecret: ''
match:
- kube.*
- host.*
region: us-east-1
Description: Additional Outputs for Big Bang, these are wrappers to simplify the config of outputs and extend whatever is specified under the outputs values
additionalOutputs.disableDefault📜
Type: bool
false
Description: Option to disable the default elastic output configured under outputs, this only works at the Big Bang chart level
additionalOutputs.elasticsearch📜
Type: object
additionalConfig: {}
caCert: ''
host: ''
match:
- kube.*
- host.*
password: ''
port: 9200
tls: true
tlsVerify: false
user: elastic
Description: Options to enable an additional elastic output
additionalOutputs.elasticsearch.tls📜
Type: bool
true
Description: Toggle on TLS
additionalOutputs.elasticsearch.tlsVerify📜
Type: bool
false
Description: Verify TLS certificates, requires a caCert to be specified
additionalOutputs.elasticsearch.caCert📜
Type: string
""
Description: Full ca.crt specified as multiline string, see example
additionalOutputs.elasticsearch.additionalConfig📜
Type: object
{}
Description: Reference configuration parameters provided by Fluentbit - https://docs.fluentbit.io/manual/pipeline/outputs/elasticsearch
additionalOutputs.fluentd📜
Type: object
additionalConfig: {}
caCert: ''
host: ''
match:
- kube.*
- host.*
password: ''
port: 24224
sharedKey: ''
tls: true
tlsVerify: false
user: ''
Description: Options to enable a fluentd output
additionalOutputs.fluentd.sharedKey📜
Type: string
""
Description: Overriden by username and password
additionalOutputs.fluentd.tls📜
Type: bool
true
Description: Toggle on TLS
additionalOutputs.fluentd.tlsVerify📜
Type: bool
false
Description: Verify TLS certificates, requires a caCert to be specified
additionalOutputs.fluentd.caCert📜
Type: string
""
Description: Full ca.crt specified as multiline string, see example
additionalOutputs.fluentd.additionalConfig📜
Type: object
{}
Description: Reference configuration parameters provided by Fluentbit - https://docs.fluentbit.io/manual/pipeline/outputs/forward
additionalOutputs.loki📜
Type: object
additionalConfig: {}
caCert: ''
host: ''
match:
- kube.*
- host.*
password: ''
port: 3100
tls: false
tlsVerify: false
user: ''
Description: Options to enable a loki output
additionalOutputs.loki.user📜
Type: string
""
Description: User and Password are optional - only required if running proxy in front of Loki, see https://grafana.com/docs/loki/latest/operations/authentication/
additionalOutputs.loki.tls📜
Type: bool
false
Description: Toggle on TLS - disabled by default to support in cluster Loki
additionalOutputs.loki.tlsVerify📜
Type: bool
false
Description: Verify TLS certificates, requires a caCert to be specified
additionalOutputs.loki.caCert📜
Type: string
""
Description: Full ca.crt specified as multiline string, see example
additionalOutputs.loki.additionalConfig📜
Type: object
{}
Description: Reference configuration parameters provided by Fluentbit - https://docs.fluentbit.io/manual/pipeline/outputs/loki
additionalOutputs.s3📜
Type: object
additionalConfig:
total_file_size: 1M
upload_timeout: 1m
use_put_object: 'On'
aws_access_key_id: ''
aws_secret_access_key: ''
bucket: ''
existingSecret: ''
match:
- kube.*
- host.*
region: us-east-1
Description: Options to enable a S3 output
additionalOutputs.s3.existingSecret📜
Type: string
""
Description: Reference an existing secret with your access and secret key, must contain key values pairs for AWS_ACCESS_KEY_ID and AWS_SECRET_ACCESS_KEY
additionalOutputs.s3.additionalConfig📜
Type: object
total_file_size: 1M
upload_timeout: 1m
use_put_object: 'On'
Description: Reference configuration parameters provided by Fluentbit - https://docs.fluentbit.io/manual/pipeline/outputs/s3
storage_buffer📜
Type: object
path: /var/log/flb-storage/
Description: Options to configure hostPath mounted storage buffer for production use Specified in fluentbit service configuration section below see https://docs.fluentbit.io/manual/administration/buffering-and-storage
storage📜
Type: object
total_limit_size: 10G
Description: Limits the number of Chunks that exists in the file system for a certain logical output destination. If one destination reaches the storage.total_limit_size limit, the oldest Chunk from the queue for that logical output destination will be discarded. see https://docs.fluentbit.io/manual/administration/buffering-and-storage
kind📜
Type: string
"DaemonSet"
Description: DaemonSet or Deployment
replicaCount📜
Type: int
1
Description: Only applicable if kind=Deployment
image.repository📜
Type: string
"registry1.dso.mil/ironbank/opensource/fluent/fluent-bit"
image.pullPolicy📜
Type: string
"Always"
image.tag📜
Type: string
"3.0.2"
networkPolicies.enabled📜
Type: bool
false
networkPolicies.controlPlaneCidr📜
Type: string
"0.0.0.0/0"
networkPolicies.additionalPolicies📜
Type: list
[]
testFramework.enabled📜
Type: bool
false
testFramework.namespace📜
Type: string
nil
testFramework.image.repository📜
Type: string
"busybox"
testFramework.image.pullPolicy📜
Type: string
"Always"
testFramework.image.tag📜
Type: string
"latest"
testFramework.image.digest📜
Type: string
nil
imagePullSecrets[0].name📜
Type: string
"private-registry"
nameOverride📜
Type: string
"fluent-bit"
fullnameOverride📜
Type: string
""
serviceAccount.create📜
Type: bool
true
serviceAccount.annotations📜
Type: object
{}
serviceAccount.name📜
Type: string
nil
rbac.create📜
Type: bool
true
rbac.nodeAccess📜
Type: bool
false
rbac.eventsAccess📜
Type: bool
false
podSecurityPolicy.create📜
Type: bool
false
podSecurityPolicy.annotations📜
Type: object
{}
openShift.enabled📜
Type: bool
false
openShift.securityContextConstraints.create📜
Type: bool
true
openShift.securityContextConstraints.name📜
Type: string
""
openShift.securityContextConstraints.annotations📜
Type: object
{}
openShift.securityContextConstraints.existingName📜
Type: string
""
podSecurityContext📜
Type: object
{}
hostNetwork📜
Type: bool
false
dnsPolicy📜
Type: string
"ClusterFirst"
dnsConfig📜
Type: object
{}
hostAliases📜
Type: list
[]
securityContext.runAsUser📜
Type: int
0
securityContext.readOnlyRootFilesystem📜
Type: bool
true
securityContext.privileged📜
Type: bool
false
securityContext.seLinuxOptions.type📜
Type: string
"spc_t"
securityContext.capabilities.drop[0]📜
Type: string
"ALL"
service.type📜
Type: string
"ClusterIP"
service.port📜
Type: int
2020
service.internalTrafficPolicy📜
Type: string
nil
service.loadBalancerClass📜
Type: string
nil
service.loadBalancerSourceRanges📜
Type: list
[]
service.labels📜
Type: object
{}
service.annotations📜
Type: object
{}
serviceMonitor.enabled📜
Type: bool
false
serviceMonitor.additionalEndpoints📜
Type: list
[]
prometheusRule.enabled📜
Type: bool
false
prometheusRule.additionalLabels📜
Type: object
{}
prometheusRule.rules[0].alert📜
Type: string
"fluentbitJobAbsent"
prometheusRule.rules[0].annotations.message📜
Type: string
"Fluent Bit job not present for 10m"
prometheusRule.rules[0].expr📜
Type: string
"absent(up{job=\"fluentbit\", namespace=\"logging\"})"
prometheusRule.rules[0].for📜
Type: string
"10m"
prometheusRule.rules[0].labels.severity📜
Type: string
"critical"
prometheusRule.rules[1].alert📜
Type: string
"FluentdLowNumberOfPods"
prometheusRule.rules[1].expr📜
Type: string
"avg without (instance) (up{job=\"fluentbit\"}) < .20"
prometheusRule.rules[1].for📜
Type: string
"10m"
prometheusRule.rules[1].annotations📜
Type: string
nil
prometheusRule.rules[1].labels.severity📜
Type: string
"critical"
prometheusRule.rules[2].alert📜
Type: string
"LogsNotFlowing"
prometheusRule.rules[2].expr📜
Type: string
"sum(rate(fluentd_output_status_num_records_total{}[4h])) by (tag) < .001"
prometheusRule.rules[2].for📜
Type: string
"30m"
prometheusRule.rules[2].annotations📜
Type: string
nil
prometheusRule.rules[2].labels.severity📜
Type: string
"critical"
prometheusRule.rules[3].alert📜
Type: string
"NoOutputBytesProcessed"
prometheusRule.rules[3].expr📜
Type: string
"rate(fluentbit_output_proc_bytes_total[5m]) == 0"
prometheusRule.rules[3].annotations.message📜
Type: string
"Fluent Bit instance {{ $labels.instance }}'s output plugin {{ $labels.name }} has not processed any\nbytes for at least 15 minutes.\n"
prometheusRule.rules[3].for📜
Type: string
"15m"
prometheusRule.rules[3].labels.severity📜
Type: string
"critical"
dashboards.enabled📜
Type: bool
false
dashboards.labelKey📜
Type: string
"grafana_dashboard"
dashboards.labelValue📜
Type: int
1
dashboards.annotations📜
Type: object
{}
lifecycle📜
Type: object
{}
livenessProbe.httpGet.path📜
Type: string
"/"
livenessProbe.httpGet.port📜
Type: string
"http"
readinessProbe.httpGet.path📜
Type: string
"/api/v1/health"
readinessProbe.httpGet.port📜
Type: string
"http"
resources📜
Type: object
{}
ingress.enabled📜
Type: bool
false
ingress.ingressClassName📜
Type: string
""
ingress.annotations📜
Type: object
{}
ingress.hosts📜
Type: list
[]
ingress.extraHosts📜
Type: list
[]
ingress.tls📜
Type: list
[]
autoscaling.vpa.enabled📜
Type: bool
false
autoscaling.vpa.annotations📜
Type: object
{}
autoscaling.vpa.controlledResources📜
Type: list
[]
autoscaling.vpa.maxAllowed📜
Type: object
{}
autoscaling.vpa.minAllowed📜
Type: object
{}
autoscaling.vpa.updatePolicy.updateMode📜
Type: string
"Auto"
autoscaling.enabled📜
Type: bool
false
autoscaling.minReplicas📜
Type: int
1
autoscaling.maxReplicas📜
Type: int
3
autoscaling.targetCPUUtilizationPercentage📜
Type: int
75
autoscaling.customRules📜
Type: list
[]
autoscaling.behavior📜
Type: object
{}
podDisruptionBudget.enabled📜
Type: bool
false
podDisruptionBudget.annotations📜
Type: object
{}
podDisruptionBudget.maxUnavailable📜
Type: string
"30%"
nodeSelector📜
Type: object
{}
tolerations📜
Type: list
[]
affinity📜
Type: object
{}
labels📜
Type: object
{}
annotations📜
Type: object
{}
podAnnotations📜
Type: object
{}
podLabels📜
Type: object
{}
minReadySeconds📜
Type: string
nil
terminationGracePeriodSeconds📜
Type: string
nil
priorityClassName📜
Type: string
""
env📜
Type: object
{}
envFrom📜
Type: list
[]
extraContainers📜
Type: list
[]
flush📜
Type: int
1
metricsPort📜
Type: int
2020
extraPorts📜
Type: list
[]
extraVolumes[0]📜
Type: object
hostPath:
path: /var/log/flb-storage/
type: DirectoryOrCreate
name: flb-storage
Description: Mount /var/log/flb-storage/ for the storage buffer, recommended for production systems.
extraVolumeMounts[0]📜
Type: object
mountPath: /var/log/flb-storage/
name: flb-storage
readOnly: false
Description: Mount /var/log/flb-storage/ for the storage buffer, recommended for production systems.
updateStrategy📜
Type: object
{}
existingConfigMap📜
Type: string
""
networkPolicy.enabled📜
Type: bool
false
luaScripts📜
Type: object
{}
config.service📜
Type: string
"[SERVICE]\n Daemon Off\n Flush {{ .Values.flush }}\n Log_Level {{ .Values.logLevel }}\n Parsers_File /fluent-bit/etc/parsers.conf\n Parsers_File /fluent-bit/etc/conf/custom_parsers.conf\n HTTP_Server On\n HTTP_Listen 0.0.0.0\n HTTP_Port {{ .Values.metricsPort }}\n # -- Setting up storage buffer on filesystem and slighty upping backlog mem_limit value.\n storage.path {{ .Values.storage_buffer.path }}\n storage.sync normal\n storage.backlog.mem_limit 15M\n Health_Check On\n"
config.inputs📜
Type: string
"[INPUT]\n Name tail\n Path /var/log/containers/*.log\n # -- Excluding fluentbit logs from sending to ECK, along with gatekeeper-audit logs which are shipped by clusterAuditor.\n Exclude_Path /var/log/containers/*fluent*.log\n Parser containerd\n Tag kube.*\n Mem_Buf_Limit 50MB\n Skip_Long_Lines On\n storage.type filesystem\n\n[INPUT]\n Name systemd\n Tag host.*\n Systemd_Filter _SYSTEMD_UNIT=kubelet.service\n Read_From_Tail On\n storage.type filesystem\n"
config.filters📜
Type: string
"[FILTER]\n Name kubernetes\n Match kube.*\n Kube_CA_File /var/run/secrets/kubernetes.io/serviceaccount/ca.crt\n Kube_Token_File /var/run/secrets/kubernetes.io/serviceaccount/token\n Merge_Log On\n Merge_Log_Key log_processed\n K8S-Logging.Parser On\n K8S-Logging.Exclude Off\n Buffer_Size 1M\n"
config.outputs📜
Type: string
""
config.upstream📜
Type: object
{}
config.customParsers📜
Type: string
"[PARSER]\n Name docker_no_time\n Format json\n Time_Keep Off\n Time_Key time\n Time_Format %Y-%m-%dT%H:%M:%S.%L\n\n[PARSER]\n Name containerd\n Format regex\n Regex ^(?<time>[^ ]+) (?<stream>stdout\|stderr) (?<logtag>[^ ]*) (?<log>.*)$\n Time_Key time\n Time_Format %Y-%m-%dT%H:%M:%S.%L%z\n Time_Keep On\n\n[PARSER]\n Name apache\n Format regex\n Regex ^(?<host>[^ ]*) [^ ]* (?<user>[^ ]*) \\[(?<time>[^\\]]*)\\] \"(?<method>\\S+)(?: +(?<path>[^\\\"]*?)(?: +\\S*)?)?\" (?<code>[^ ]*) (?<size>[^ ]*)(?: \"(?<referer>[^\\\"]*)\" \"(?<agent>[^\\\"]*)\")?$\n Time_Key time\n Time_Format %d/%b/%Y:%H:%M:%S %z\n\n[PARSER]\n Name apache2\n Format regex\n Regex ^(?<host>[^ ]*) [^ ]* (?<user>[^ ]*) \\[(?<time>[^\\]]*)\\] \"(?<method>\\S+)(?: +(?<path>[^ ]*) +\\S*)?\" (?<code>[^ ]*) (?<size>[^ ]*)(?: \"(?<referer>[^\\\"]*)\" \"(?<agent>[^\\\"]*)\")?$\n Time_Key time\n Time_Format %d/%b/%Y:%H:%M:%S %z\n\n[PARSER]\n Name apache_error\n Format regex\n Regex ^\\[[^ ]* (?<time>[^\\]]*)\\] \\[(?<level>[^\\]]*)\\](?: \\[pid (?<pid>[^\\]]*)\\])?( \\[client (?<client>[^\\]]*)\\])? (?<message>.*)$\n\n[PARSER]\n Name nginx\n Format regex\n Regex ^(?<remote>[^ ]*) (?<host>[^ ]*) (?<user>[^ ]*) \\[(?<time>[^\\]]*)\\] \"(?<method>\\S+)(?: +(?<path>[^\\\"]*?)(?: +\\S*)?)?\" (?<code>[^ ]*) (?<size>[^ ]*)(?: \"(?<referer>[^\\\"]*)\" \"(?<agent>[^\\\"]*)\")?$\n Time_Key time\n Time_Format %d/%b/%Y:%H:%M:%S %z\n\n[PARSER]\n Name json\n Format json\n Time_Key time\n Time_Format %d/%b/%Y:%H:%M:%S %z\n\n[PARSER]\n Name docker\n Format json\n Time_Key time\n Time_Format %Y-%m-%dT%H:%M:%S.%L\n Time_Keep On\n\n[PARSER]\n Name syslog\n Format regex\n Regex ^\\<(?<pri>[0-9]+)\\>(?<time>[^ ]* {1,2}[^ ]* [^ ]*) (?<host>[^ ]*) (?<ident>[a-zA-Z0-9_\\/\\.\\-]*)(?:\\[(?<pid>[0-9]+)\\])?(?:[^\\:]*\\:)? *(?<message>.*)$\n Time_Key time\n Time_Format %b %d %H:%M:%S\n"
config.extraFiles📜
Type: object
{}
volumeMounts[0].name📜
Type: string
"config"
volumeMounts[0].mountPath📜
Type: string
"/fluent-bit/etc/conf"
daemonSetVolumes[0].name📜
Type: string
"varlog"
daemonSetVolumes[0].hostPath.path📜
Type: string
"/var/log"
daemonSetVolumes[1].name📜
Type: string
"varlibdockercontainers"
daemonSetVolumes[1].hostPath.path📜
Type: string
"/var/lib/docker/containers"
daemonSetVolumes[2].name📜
Type: string
"etcmachineid"
daemonSetVolumes[2].hostPath.path📜
Type: string
"/etc/machine-id"
daemonSetVolumes[2].hostPath.type📜
Type: string
"File"
daemonSetVolumeMounts[0].name📜
Type: string
"varlog"
daemonSetVolumeMounts[0].mountPath📜
Type: string
"/var/log"
daemonSetVolumeMounts[0].readOnly📜
Type: bool
true
daemonSetVolumeMounts[1].name📜
Type: string
"varlibdockercontainers"
daemonSetVolumeMounts[1].mountPath📜
Type: string
"/var/lib/docker/containers"
daemonSetVolumeMounts[1].readOnly📜
Type: bool
true
daemonSetVolumeMounts[2].name📜
Type: string
"etcmachineid"
daemonSetVolumeMounts[2].mountPath📜
Type: string
"/etc/machine-id"
daemonSetVolumeMounts[2].readOnly📜
Type: bool
true
command[0]📜
Type: string
"/fluent-bit/bin/fluent-bit"
args[0]📜
Type: string
"--workdir=/fluent-bit/etc"
args[1]📜
Type: string
"--config=/fluent-bit/etc/conf/fluent-bit.conf"
initContainers📜
Type: list
[]
logLevel📜
Type: string
"info"
openshift📜
Type: bool
false
Description: Toggle for Openshift, currently only controls NetworkPolicy changes
loki📜
Type: object
enabled: false
Description: List of enabled Big Bang log storage package(s), used to control networkPolicies and auth only
elasticsearchKibana.enabled📜
Type: bool
false
bbtests📜
Type: object
enabled: false
scripts:
envs:
desired_version: '{{ .Values.image.tag }}'
fluent_host: http://{{ include "fluent-bit.fullname" . }}.{{ .Release.Namespace
}}.svc.cluster.local:{{ .Values.service.port }}
image: registry1.dso.mil/ironbank/stedolan/jq:1.7
Description: Values used for Big Bang CI testing
bbtests.enabled📜
Type: bool
false
Description: Toggles test manifests
bbtests.scripts.image📜
Type: string
"registry1.dso.mil/ironbank/stedolan/jq:1.7"
Description: Image used to run script tests, must include curl and jq
bbtests.scripts.envs📜
Type: object
desired_version: '{{ .Values.image.tag }}'
fluent_host: http://{{ include "fluent-bit.fullname" . }}.{{ .Release.Namespace }}.svc.cluster.local:{{
.Values.service.port }}
Description: Envs that are passed into the script runner pod
bbtests.scripts.envs.fluent_host📜
Type: string
"http://{{ include \"fluent-bit.fullname\" . }}.{{ .Release.Namespace }}.svc.cluster.local:{{ .Values.service.port }}"
Description: Hostname/port to contact Fluentbit
bbtests.scripts.envs.desired_version📜
Type: string
"{{ .Values.image.tag }}"
Description: Version that should be running
hotReload.enabled📜
Type: bool
false
hotReload.image.repository📜
Type: string
"registry1.dso.mil/ironbank/opensource/jimmidyson/configmap-reload"
hotReload.image.tag📜
Type: string
"v0.12.0"
hotReload.image.digest📜
Type: string
nil
hotReload.image.pullPolicy📜
Type: string
"IfNotPresent"
hotReload.resources📜
Type: object
{}