In DKP 2.X, fluent-bit is used in DKP to collect and forward logs and it’s disabled by default in the management cluster. To enable fluent-bit in the management cluster, the operator must add the following to the kommander.yaml:
fluent-bit:
enabled: true
When enabled, fluent-bit forward logs to Loki by default as configured in this configmap.
To modify the default configuration there are two options:
- Edit the configmap fluent-bit-overrides in the kommander namespace.
- Edit the kommander configuration (kommander.yaml), example provided below.
In the configuration below, an example of how to configure the Splunk output plugin to forward the logs.
apiVersion: config.kommander.mesosphere.io/v1alpha1
kind: Installation
apps:
dex:
enabled: true
dex-k8s-authenticator:
enabled: true
dkp-insights-management:
enabled: true
fluent-bit:
enabled: true
values: |
config:
outputs: |
[OUTPUT]
Name splunk
Match audit.*
Host <HOSTNAME>
Port 8088
Splunk_Token <TOKEN>
Splunk_Send_Raw Off
TLS On
TLS.Verify Off
Message_Key kubernetes
[OUTPUT]
Name splunk
Match kube.*
Host <HOSTNAME>
Port 8088
Splunk_Token <TOKEN>
Splunk_Send_Raw Off
TLS On
TLS.Verify Off
Message_Key kubernetes
[OUTPUT]
Name splunk
Match host.*
Host <HOSTNAME>
Port 8088
Splunk_Token <TOKEN>
Splunk_Send_Raw Off
TLS On
TLS.Verify Off
Message_Key kubernetes
[OUTPUT]
Name splunk
Match kernel
Host <HOSTNAME>
Port 8088
Splunk_Token <TOKEN>
Splunk_Send_Raw Off
TLS On
TLS.Verify Off
Message_Key kubernetes