Push fluentd logs to Elasticsearch with tls termination

Values.yaml

elasticsearch:
  host: 'elasticsearch-example-es-cluster'
  port: 9200

tolerations:
 - key: node-role.kubernetes.io/master
   operator: Exists
   effect: NoSchedule

configMaps:
  output.conf: |
    # Enriches records with Kubernetes metadata
    <filter kubernetes.**>
      @type kubernetes_metadata
    </filter>

    <match **>
      @id elasticsearch
      @type elasticsearch
      @log_level info
      include_tag_key true
      host "#{ENV['OUTPUT_HOST']}"
      port "#{ENV['OUTPUT_PORT']}"
      scheme "https"
      ca_file /certs/ca.pem
      client_cert /certs/node.pem
      client_key /certs/node-key.pem
      logstash_format true
      <buffer>
        @type file
        path /var/log/fluentd-buffers/kubernetes.system.buffer
        flush_mode interval
        retry_type exponential_backoff
        flush_thread_count 2
        flush_interval 5s
        retry_forever
        retry_max_interval 30
        chunk_limit_size "#{ENV['OUTPUT_BUFFER_CHUNK_LIMIT']}"
        queue_limit_length "#{ENV['OUTPUT_BUFFER_QUEUE_LIMIT']}"
        overflow_action block
      </buffer>
    </match>

extraVolumes:
  - name: es-certs
    secret:
      defaultMode: 420
      secretName: es-certs-example-es-cluster
extraVolumeMounts:
  - name: es-certs
    mountPath: /certs
    readOnly: true

Setup helm incubator repo

helm repo add incubator https://kubernetes-charts-incubator.storage.googleapis.com/

Install fluentd-elasticsearch chart

helm install incubator/fluentd-elasticsearch -f https://gist.githubusercontent.com/gianrubio/8a289add06795697db7d23d6bf7f6e5b/raw/dace0822e3bd94de4134459633be6be887f9e3b6/Values.yaml