How can I use fluentd log collection on Bottlerocket? #1436
-
What I'd like: Support fluentd log collection on Bottlerocket nodes. Provide configs/manifests, examples, and/or documentation. Ideally, support both Bottlerocket and standard (Amazon Linux 2) AMIs from the same manifests, including a shared fluentd ConfigMap. Background We use fluentd (with the cloudwatch_logs plugin) to forward logs to AWS CloudWatch Logs. We have clusters with mixed node types (Bottlerocket and standard AMIs). A valid fluentd configuration for our standard nodes (docker runtime, Amazon LInux 2) does not work on Bottlerocket nodes (containerd, SELinux). Logs are not forwarded, and fluentd logs on Bottlerocket nodes contain a variety of errors (like "pattern not matched"), depending on the config. Supporting this will likely require updated fluentd configs (different log paths, formats) and possibly securityContext. See also issue #850. Any alternatives you've considered:
|
Beta Was this translation helpful? Give feedback.
Replies: 6 comments
-
I wonder if this just needs a CRI parser enabled on the FluentD configuration to work. We had the same issue with FluentBit not picking up logs until we enabled the CRI parser for BottleRocket nodes. |
Beta Was this translation helpful? Give feedback.
-
Thanks, @backjo, that does look promising. I finally got a chance to check the node logs (I had to create a new cluster on my own account to ssh into the admin container and run sheltie). The formats I'm seeing look like CRI:
Which fluentbit parser are you using? Is it this, this, or something else? |
Beta Was this translation helpful? Give feedback.
-
@backjo Can you elaborate on what you needed to do to get fluent-bit working? |
Beta Was this translation helpful? Give feedback.
-
@springroll12 we use the following for collecting container logs. It uses the default CRI parser:
|
Beta Was this translation helpful? Give feedback.
-
Thanks for the suggestions, @backjo and others! I was able to get good results with
I added some further config for our unique log req'ts, but that's the gist. Turns out, this was fairly straightforward, so unless there's further interest, I'll close the issue. |
Beta Was this translation helpful? Give feedback.
-
Glad you were able to get this resolved. @backjo Thanks for the help! I'll close this for now, but feel free to re-open or cut a new issue if you're still running into problems. |
Beta Was this translation helpful? Give feedback.
Thanks for the suggestions, @backjo and others! I was able to get good results with
fluentd
using:source
containing: