{"id":2011,"date":"2020-06-22T16:04:36","date_gmt":"2020-06-22T13:04:36","guid":{"rendered":"https:\/\/artem.services\/?p=2011"},"modified":"2022-04-09T15:34:47","modified_gmt":"2022-04-09T12:34:47","slug":"aws-eks-fargate-fluentd-cloudwatch","status":"publish","type":"post","link":"https:\/\/artem.services\/?p=2011","title":{"rendered":"AWS — EKS Fargate — Fluentd CloudWatch"},"content":{"rendered":"

\"\"<\/p>\n

\u041d\u0430 \u043c\u043e\u043c\u0435\u043d\u0442 \u043d\u0430\u043f\u0438\u0441\u0430\u043d\u0438\u044f \u0441\u0442\u0430\u0442\u044c\u0438 EKS Fargate<\/strong> \u043d\u0435 \u043f\u043e\u0434\u0434\u0435\u0440\u0436\u0438\u0432\u0430\u043b \u0434\u0440\u0430\u0439\u0432\u0435\u0440\u043b\u043e\u0433 \u0434\u043b\u044f \u0437\u0430\u043f\u0438\u0441\u0438 \u0432 CloudWatch<\/strong>. \u0415\u0434\u0438\u043d\u0441\u0442\u0432\u0435\u043d\u043d\u044b\u0439 \u0432\u0430\u0440\u0438\u0430\u043d\u0442 — \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u044c Sidecar<\/strong><\/p>\n

\u0421\u043e\u0437\u0434\u0430\u0434\u0438\u043c ConfigMap<\/strong>, \u0432 \u043a\u043e\u0442\u043e\u0440\u043e\u043c \u0443\u043a\u0430\u0436\u0435\u043c \u0438\u043c\u044f EKS<\/strong> \u043a\u043b\u0430\u0441\u0442\u0435\u0440\u0430, \u0440\u0435\u0433\u0438\u043e\u043d \u0438 namespace<\/strong>:<\/p>\n

\r\nkubectl create configmap cluster-info \\\r\n--from-literal=cluster.name=YOUR_EKS_CLUSTER_NAME \\\r\n--from-literal=logs.region=YOUR_EKS_CLUSTER_REGION -n KUBERNETES_NAMESPACE\r\n<\/pre>\n
 <\/p>\n
\u0414\u0430\u043b\u0435\u0435 \u0441\u043e\u0437\u0434\u0430\u0434\u0438\u043c \u0441\u0435\u0440\u0432\u0438\u0441 \u0430\u043a\u043a\u0430\u0443\u043d\u0442 \u0438 ConfigMap<\/strong> \u0441 \u0444\u0430\u0439\u043b\u043e\u043c \u043a\u043e\u043d\u0444\u0438\u0433\u0443\u0440\u0430\u0446\u0438\u0438 \u0434\u043b\u044f Fluentd<\/strong>. \u0414\u043b\u044f \u044d\u0442\u043e\u0433\u043e \u0441\u043a\u043e\u043f\u0438\u0440\u0443\u0435\u043c \u0442\u0435\u043a\u0441\u0442 \u043d\u0438\u0436\u0435 \u0438 \u0441\u043e\u0445\u0440\u0430\u043d\u0438\u043c \u0435\u0433\u043e \u043a\u0430\u043a \u0444\u0430\u0439\u043b "fluentd.yaml<\/strong>"<\/p>\n
\r\napiVersion: v1\r\nkind: ServiceAccount\r\nmetadata:\r\n  name: fluentd\r\n  namespace: {{NAMESPACE}}\r\n---\r\napiVersion: rbac.authorization.k8s.io\/v1\r\nkind: ClusterRole\r\nmetadata:\r\n  name: fluentd-role\r\nrules:\r\n  - apiGroups: [""]\r\n    resources:\r\n      - namespaces\r\n      - pods\r\n      - pods\/logs\r\n    verbs: ["get", "list", "watch"]\r\n---\r\napiVersion: rbac.authorization.k8s.io\/v1\r\nkind: ClusterRoleBinding\r\nmetadata:\r\n  name: fluentd-role-binding\r\nroleRef:\r\n  apiGroup: rbac.authorization.k8s.io\r\n  kind: ClusterRole\r\n  name: fluentd-role\r\nsubjects:\r\n  - kind: ServiceAccount\r\n    name: fluentd\r\n    namespace: {{NAMESPACE}}\r\n---\r\napiVersion: v1\r\nkind: ConfigMap\r\nmetadata:\r\n  name: fluentd-config\r\n  namespace: {{NAMESPACE}}\r\n  labels:\r\n    k8s-app: fluentd-cloudwatch\r\ndata:\r\n  fluent.conf: |\r\n    @include containers.conf\r\n\r\n    <match fluent.**>\r\n      @type null\r\n    <\/match>\r\n  containers.conf: |\r\n    <source>\r\n      @type tail\r\n      @id in_tail_container_logs\r\n      @label @containers\r\n      path \/var\/log\/application.log\r\n      pos_file \/var\/log\/fluentd-containers.log.pos\r\n      tag *\r\n      read_from_head true\r\n      <parse>\r\n        @type none\r\n        time_format %Y-%m-%dT%H:%M:%S.%NZ\r\n      <\/parse>\r\n    <\/source>\r\n\r\n    <label @containers>\r\n      <filter **>\r\n        @type kubernetes_metadata\r\n        @id filter_kube_metadata\r\n      <\/filter>\r\n\r\n      <filter **>\r\n        @type record_transformer\r\n        @id filter_containers_stream_transformer\r\n        <record>\r\n          stream_name "#{ENV.fetch('HOSTNAME')}"\r\n        <\/record>\r\n      <\/filter>\r\n\r\n      <filter **>\r\n        @type concat\r\n        key log\r\n        multiline_start_regexp \/^\\S\/\r\n        separator ""\r\n        flush_interval 5\r\n        timeout_label @NORMAL\r\n      <\/filter>\r\n\r\n      <match **>\r\n        @type relabel\r\n        @label @NORMAL\r\n      <\/match>\r\n    <\/label>\r\n\r\n    <label @NORMAL>\r\n      <match **>\r\n        @type cloudwatch_logs\r\n        @id out_cloudwatch_logs_containers\r\n        region "#{ENV.fetch('REGION')}"\r\n        log_group_name "\/aws\/containerinsights\/#{ENV.fetch('CLUSTER_NAME')}\/application"\r\n        log_stream_name_key stream_name\r\n        remove_log_stream_name_key true\r\n        auto_create_stream true\r\n        <buffer>\r\n          flush_interval 5\r\n          chunk_limit_size 2m\r\n          queued_chunks_limit_size 32\r\n          retry_forever true\r\n        <\/buffer>\r\n      <\/match>\r\n    <\/label>\r\n<\/pre>\n
 <\/p>\n
\u0418 \u043f\u0440\u0438\u043c\u0435\u043d\u0438\u043c \u0435\u0433\u043e:<\/p>\n
\r\ncurl fluentd.yaml | sed "s\/{{NAMESPACE}}\/default\/" | kubectl apply -f -\r\n<\/pre>\n
 <\/p>\n
\u0413\u0434\u0435 "default<\/strong>" \u0438\u043c\u044f \u043d\u0443\u0436\u043d\u043e\u0433\u043e \u043d\u0435\u0439\u043c\u0441\u043f\u0435\u0439\u0441\u0430<\/p><\/blockquote>\n
 <\/p>\n
\u041f\u0440\u0438\u043c\u0435\u0440 \u0434\u0435\u043f\u043b\u043e\u0439\u043c\u0435\u043d\u0442\u0430 \u0441 \u0441\u0430\u0439\u0434\u043a\u0430\u0440\u043e\u043c:<\/p>\n
deployment.yaml<\/h3>\n
\r\napiVersion: apps\/v1\r\nkind: Deployment\r\nmetadata:\r\n  labels:\r\n    app: testapp\r\n  name: testapp\r\nspec:\r\n  replicas: 1\r\n  selector:\r\n    matchLabels:\r\n      app: testapp\r\n  strategy: {}\r\n  template:\r\n    metadata:\r\n      labels:\r\n        app: testapp\r\n    spec:\r\n      serviceAccountName: fluentd\r\n      terminationGracePeriodSeconds: 30\r\n      initContainers:\r\n        - name: copy-fluentd-config\r\n          image: busybox\r\n          command: ['sh', '-c', 'cp \/config-volume\/..data\/* \/fluentd\/etc']\r\n          volumeMounts:\r\n            - name: config-volume\r\n              mountPath: \/config-volume\r\n            - name: fluentdconf\r\n              mountPath: \/fluentd\/etc\r\n      containers:\r\n      - image: alpine:3.10\r\n        name: alpine\r\n        command: ["\/bin\/sh"]\r\n        args: ["-c", "while true; do echo hello 2>&1 | tee -a \/var\/log\/application.log; sleep 10;done"]\r\n        volumeMounts:\r\n        - name: fluentdconf\r\n          mountPath: \/fluentd\/etc\r\n        - name: varlog\r\n          mountPath: \/var\/log\r\n      - image: fluent\/fluentd-kubernetes-daemonset:v1.7.3-debian-cloudwatch-1.0\r\n        name: fluentd-cloudwatch\r\n        env:\r\n          - name: REGION\r\n            valueFrom:\r\n              configMapKeyRef:\r\n                name: cluster-info\r\n                key: logs.region\r\n          - name: CLUSTER_NAME\r\n            valueFrom:\r\n              configMapKeyRef:\r\n                name: cluster-info\r\n                key: cluster.name\r\n          - name: AWS_ACCESS_KEY_ID\r\n            value: "XXXXXXXXXXXXXXX"\r\n          - name: "AWS_SECRET_ACCESS_KEY"\r\n            value: "YYYYYYYYYYYYYYY"\r\n        resources:\r\n          limits:\r\n            memory: 400Mi\r\n          requests:\r\n            cpu: 100m\r\n            memory: 200Mi\r\n        volumeMounts:\r\n          - name: config-volume\r\n            mountPath: \/config-volume\r\n          - name: fluentdconf\r\n            mountPath: \/fluentd\/etc\r\n          - name: varlog\r\n            mountPath: \/var\/log\r\n      volumes:\r\n        - name: config-volume\r\n          configMap:\r\n            name: fluentd-config\r\n        - name: fluentdconf\r\n          emptyDir: {}\r\n        - name: varlog\r\n          emptyDir: {}\r\n<\/pre>\n
 <\/p>\n
\u0412 \u0434\u0430\u043d\u043d\u043e\u043c \u0434\u0435\u043f\u043b\u043e\u0439\u043c\u0435\u043d\u0442\u0435 \u0432 \u043f\u0435\u0440\u0435\u043c\u0435\u043d\u043d\u044b\u0445 \u0437\u0430\u0434\u0430\u043d\u044b "AWS_ACCESS_KEY_ID<\/strong>" \u0438 "AWS_SECRET_ACCESS_KEY<\/strong>", \u0442\u0430\u043a \u043a\u0430\u043a \u0432 \u0434\u0430\u043d\u043d\u044b\u0439 \u043c\u043e\u043c\u0435\u043d\u0442 \u0441\u0443\u0449\u0435\u0441\u0442\u0432\u0443\u044e\u0442 \u044d\u043d\u0434\u043f\u043e\u0438\u043d\u0442\u044b \u0434\u043b\u044f IAM<\/strong> \u0440\u043e\u043b\u0435\u0439 \u0442\u043e\u043b\u044c\u043a\u043e \u0434\u043b\u044f \u0441\u0435\u0440\u0432\u0438\u0441\u043e\u0432: EC2<\/strong>, ECS Fargate<\/strong> \u0438 Lambda<\/strong>. \u0427\u0442\u043e\u0431\u044b \u0438\u0437\u0431\u0435\u0436\u0430\u0442\u044c \u044d\u0442\u043e\u0433\u043e, \u0432\u044b \u043c\u043e\u0436\u0435\u0442\u0435 \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u044c OpenID Connect<\/strong> \u043f\u0440\u043e\u0432\u0430\u0439\u0434\u0435\u0440 \u0434\u043b\u044f EKS<\/strong>.<\/p><\/blockquote>\n","protected":false},"excerpt":{"rendered":"
\u041d\u0430 \u043c\u043e\u043c\u0435\u043d\u0442 \u043d\u0430\u043f\u0438\u0441\u0430\u043d\u0438\u044f \u0441\u0442\u0430\u0442\u044c\u0438 EKS Fargate \u043d\u0435 \u043f\u043e\u0434\u0434\u0435\u0440\u0436\u0438\u0432\u0430\u043b \u0434\u0440\u0430\u0439\u0432\u0435\u0440\u043b\u043e\u0433 \u0434\u043b\u044f \u0437\u0430\u043f\u0438\u0441\u0438 \u0432 CloudWatch. \u0415\u0434\u0438\u043d\u0441\u0442\u0432\u0435\u043d\u043d\u044b\u0439 \u0432\u0430\u0440\u0438\u0430\u043d\u0442 — \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u044c Sidecar \u0421\u043e\u0437\u0434\u0430\u0434\u0438\u043c ConfigMap, \u0432 \u043a\u043e\u0442\u043e\u0440\u043e\u043c \u0443\u043a\u0430\u0436\u0435\u043c \u0438\u043c\u044f EKS \u043a\u043b\u0430\u0441\u0442\u0435\u0440\u0430, \u0440\u0435\u0433\u0438\u043e\u043d \u0438 namespace:   \u0414\u0430\u043b\u0435\u0435 \u0441\u043e\u0437\u0434\u0430\u0434\u0438\u043c \u0441\u0435\u0440\u0432\u0438\u0441 \u0430\u043a\u043a\u0430\u0443\u043d\u0442 \u0438 ConfigMap \u0441 \u0444\u0430\u0439\u043b\u043e\u043c \u043a\u043e\u043d\u0444\u0438\u0433\u0443\u0440\u0430\u0446\u0438\u0438 \u0434\u043b\u044f Fluentd. \u0414\u043b\u044f \u044d\u0442\u043e\u0433\u043e \u0441\u043a\u043e\u043f\u0438\u0440\u0443\u0435\u043c \u0442\u0435\u043a\u0441\u0442 \u043d\u0438\u0436\u0435 \u0438 \u0441\u043e\u0445\u0440\u0430\u043d\u0438\u043c \u0435\u0433\u043e \u043a\u0430\u043a \u0444\u0430\u0439\u043b "fluentd.yaml"   \u0418 \u043f\u0440\u0438\u043c\u0435\u043d\u0438\u043c … \u041f\u0440\u043e\u0434\u043e\u043b\u0436\u0438\u0442\u044c \u0447\u0438\u0442\u0430\u0442\u044c "AWS — EKS Fargate — Fluentd CloudWatch"<\/span><\/a><\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":[],"categories":[24],"tags":[25,891,1189,1637,67,18,1641,1639],"_links":{"self":[{"href":"https:\/\/artem.services\/index.php?rest_route=\/wp\/v2\/posts\/2011"}],"collection":[{"href":"https:\/\/artem.services\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/artem.services\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/artem.services\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/artem.services\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=2011"}],"version-history":[{"count":5,"href":"https:\/\/artem.services\/index.php?rest_route=\/wp\/v2\/posts\/2011\/revisions"}],"predecessor-version":[{"id":2223,"href":"https:\/\/artem.services\/index.php?rest_route=\/wp\/v2\/posts\/2011\/revisions\/2223"}],"wp:attachment":[{"href":"https:\/\/artem.services\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=2011"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/artem.services\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=2011"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/artem.services\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=2011"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}