![\"\"](\"https:\/\/artem.services\/wp-content\/uploads\/2018\/11\/AWS-Logo.png\"){kind=logo}
<\/p>\n<\/p>\n
At the time of writing, EKS Fargate<\/strong> does not support a driver log for recording to CloudWatch<\/strong>. The only option is to use Sidecar<\/strong><\/p>\n Let’s create a ConfigMap<\/strong>, in which we indicate the name of the EKS<\/strong> cluster, region<\/strong> and namespace<\/strong>:<\/p>\n <\/p>\n Next, let’s create a service account and a ConfigMap<\/strong> with a configuration file for Fluentd<\/strong>. To do this, copy the text below and save it as "fluentd.yaml<\/strong>"<\/p>\n <\/p>\n And apply it:<\/p>\n <\/p>\n Where "default<\/strong>" is the name of the required namespace<\/p><\/blockquote>\n <\/p>\n An example of a sidecar deployment:<\/p>\n <\/p>\n In this deployment, the variables are set to "AWS_ACCESS_KEY_ID<\/strong>" and "AWS_SECRET_ACCESS_KEY<\/strong>", since at the moment there are endpoints for IAM<\/strong> roles only for services: EC2<\/strong>, ECS Fargate<\/strong> and Lambda<\/strong>. For avoid this you can use OpenID Connect<\/strong> provider for EKS<\/strong>.<\/p><\/blockquote>\n","protected":false},"excerpt":{"rendered":" At the time of writing, EKS Fargate does not support a driver log for recording to CloudWatch. The only option is to use Sidecar Let’s create a ConfigMap, in which we indicate the name of the EKS cluster, region and namespace: Next, let’s create a service account and a ConfigMap with a configuration file … \u041f\u0440\u043e\u0434\u043e\u043b\u0436\u0438\u0442\u044c \u0447\u0438\u0442\u0430\u0442\u044c "AWS — EKS Fargate — Fluentd CloudWatch"<\/span><\/a><\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":[],"categories":[599],"tags":[543,887,1563,1685,1687,549,551,1689],"_links":{"self":[{"href":"https:\/\/artem.services\/index.php?rest_route=\/wp\/v2\/posts\/2054"}],"collection":[{"href":"https:\/\/artem.services\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/artem.services\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/artem.services\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/artem.services\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=2054"}],"version-history":[{"count":4,"href":"https:\/\/artem.services\/index.php?rest_route=\/wp\/v2\/posts\/2054\/revisions"}],"predecessor-version":[{"id":2225,"href":"https:\/\/artem.services\/index.php?rest_route=\/wp\/v2\/posts\/2054\/revisions\/2225"}],"wp:attachment":[{"href":"https:\/\/artem.services\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=2054"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/artem.services\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=2054"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/artem.services\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=2054"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}\r\nkubectl create configmap cluster-info \\\r\n--from-literal=cluster.name=YOUR_EKS_CLUSTER_NAME \\\r\n--from-literal=logs.region=YOUR_EKS_CLUSTER_REGION -n KUBERNETES_NAMESPACE\r\n<\/pre>\n
\r\napiVersion: v1\r\nkind: ServiceAccount\r\nmetadata:\r\n name: fluentd\r\n namespace: {{NAMESPACE}}\r\n---\r\napiVersion: rbac.authorization.k8s.io\/v1\r\nkind: ClusterRole\r\nmetadata:\r\n name: fluentd-role\r\nrules:\r\n - apiGroups: [""]\r\n resources:\r\n - namespaces\r\n - pods\r\n - pods\/logs\r\n verbs: ["get", "list", "watch"]\r\n---\r\napiVersion: rbac.authorization.k8s.io\/v1\r\nkind: ClusterRoleBinding\r\nmetadata:\r\n name: fluentd-role-binding\r\nroleRef:\r\n apiGroup: rbac.authorization.k8s.io\r\n kind: ClusterRole\r\n name: fluentd-role\r\nsubjects:\r\n - kind: ServiceAccount\r\n name: fluentd\r\n namespace: {{NAMESPACE}}\r\n---\r\napiVersion: v1\r\nkind: ConfigMap\r\nmetadata:\r\n name: fluentd-config\r\n namespace: {{NAMESPACE}}\r\n labels:\r\n k8s-app: fluentd-cloudwatch\r\ndata:\r\n fluent.conf: |\r\n @include containers.conf\r\n \r\n <match fluent.**>\r\n @type null\r\n <\/match>\r\n containers.conf: |\r\n <source>\r\n @type tail\r\n @id in_tail_container_logs\r\n @label @containers\r\n path \/var\/log\/application.log\r\n pos_file \/var\/log\/fluentd-containers.log.pos\r\n tag *\r\n read_from_head true\r\n <parse>\r\n @type none\r\n time_format %Y-%m-%dT%H:%M:%S.%NZ\r\n <\/parse>\r\n <\/source>\r\n \r\n <label @containers>\r\n <filter **>\r\n @type kubernetes_metadata\r\n @id filter_kube_metadata\r\n <\/filter>\r\n \r\n <filter **>\r\n @type record_transformer\r\n @id filter_containers_stream_transformer\r\n <record>\r\n stream_name "#{ENV.fetch('HOSTNAME')}"\r\n <\/record>\r\n <\/filter>\r\n \r\n <filter **>\r\n @type concat\r\n key log\r\n multiline_start_regexp \/^\\S\/\r\n separator ""\r\n flush_interval 5\r\n timeout_label @NORMAL\r\n <\/filter>\r\n \r\n <match **>\r\n @type relabel\r\n @label @NORMAL\r\n <\/match>\r\n <\/label>\r\n \r\n <label @NORMAL>\r\n <match **>\r\n @type cloudwatch_logs\r\n @id out_cloudwatch_logs_containers\r\n region "#{ENV.fetch('REGION')}"\r\n log_group_name "\/aws\/containerinsights\/#{ENV.fetch('CLUSTER_NAME')}\/application"\r\n log_stream_name_key stream_name\r\n remove_log_stream_name_key true\r\n auto_create_stream true\r\n <buffer>\r\n flush_interval 5\r\n chunk_limit_size 2m\r\n queued_chunks_limit_size 32\r\n retry_forever true\r\n <\/buffer>\r\n <\/match>\r\n <\/label>\r\n<\/pre>\n\r\ncurl fluentd.yaml | sed "s\/{{NAMESPACE}}\/default\/" | kubectl apply -f -\r\n<\/pre>\ndeployment.yaml<\/h3>\n
\r\napiVersion: apps\/v1\r\nkind: Deployment\r\nmetadata:\r\n labels:\r\n app: testapp\r\n name: testapp\r\nspec:\r\n replicas: 1\r\n selector:\r\n matchLabels:\r\n app: testapp\r\n strategy: {}\r\n template:\r\n metadata:\r\n labels:\r\n app: testapp\r\n spec:\r\n serviceAccountName: fluentd\r\n terminationGracePeriodSeconds: 30\r\n initContainers:\r\n - name: copy-fluentd-config\r\n image: busybox\r\n command: ['sh', '-c', 'cp \/config-volume\/..data\/* \/fluentd\/etc']\r\n volumeMounts:\r\n - name: config-volume\r\n mountPath: \/config-volume\r\n - name: fluentdconf\r\n mountPath: \/fluentd\/etc\r\n containers:\r\n - image: alpine:3.10\r\n name: alpine\r\n command: ["\/bin\/sh"]\r\n args: ["-c", "while true; do echo hello 2>&1 | tee -a \/var\/log\/application.log; sleep 10;done"]\r\n volumeMounts:\r\n - name: fluentdconf\r\n mountPath: \/fluentd\/etc\r\n - name: varlog\r\n mountPath: \/var\/log\r\n - image: fluent\/fluentd-kubernetes-daemonset:v1.7.3-debian-cloudwatch-1.0\r\n name: fluentd-cloudwatch\r\n env:\r\n - name: REGION\r\n valueFrom:\r\n configMapKeyRef:\r\n name: cluster-info\r\n key: logs.region\r\n - name: CLUSTER_NAME\r\n valueFrom:\r\n configMapKeyRef:\r\n name: cluster-info\r\n key: cluster.name\r\n - name: AWS_ACCESS_KEY_ID\r\n value: "XXXXXXXXXXXXXXX"\r\n - name: "AWS_SECRET_ACCESS_KEY"\r\n value: "YYYYYYYYYYYYYYY"\r\n resources:\r\n limits:\r\n memory: 400Mi\r\n requests:\r\n cpu: 100m\r\n memory: 200Mi\r\n volumeMounts:\r\n - name: config-volume\r\n mountPath: \/config-volume\r\n - name: fluentdconf\r\n mountPath: \/fluentd\/etc\r\n - name: varlog\r\n mountPath: \/var\/log\r\n volumes:\r\n - name: config-volume\r\n configMap:\r\n name: fluentd-config\r\n - name: fluentdconf\r\n emptyDir: {}\r\n - name: varlog\r\n emptyDir: {}\r\n<\/pre>\n