pichuang/fluent.conf

## fluent.conf
<source>
  @id in_tail_container_logs
  @type tail
  path /var/log/containers/*.log
  pos_file /var/log/fluentd-containers.log.pos
  tag raw.kubernetes.*
  read_from_head true
  # Open below line if you need have filename as tag field (now without prefix kubernetes.)
  # path_key tag
  <parse>
    @type multi_format
    <pattern>
      format json
      time_key time
      time_format %Y-%m-%dT%H:%M:%S.%NZ
    </pattern>
    <pattern>
      format /^(?<time>.+) (?<stream>stdout|stderr) [^ ]* (?<log>.*)$/
      time_format %Y-%m-%dT%H:%M:%S.%N%:z
    </pattern>
  </parse>
</source>

# Detect exceptions in the log output and forward them as one log entry.
<match raw.kubernetes.**>
  @id raw.kubernetes
  @type detect_exceptions
  remove_tag_prefix raw
  message log
  stream stream
  multiline_flush_interval 5
  max_bytes 500000
  max_lines 1000
</match>

<filter kubernetes.**>
  @type record_transformer
  <record>
  environment tanzu_k8s_grid
  log_type kubernetes
  </record>
  watch false
</filter>

# Enriches records with Kubernetes metadata
<filter kubernetes.**>
  @id filter_kubernetes_metadata
  @type kubernetes_metadata
  watch false
</filter>

<match **>
  @type vmware_loginsight
  scheme https
  ssl_verify false
  host <LOGINSIGHT-IP>
  port 9543
  http_method post
  serializer json
  rate_limit_msec 0
  raise_on_error true
  include_tag_key true
  tag_key tag
  http_conn_debug false
  <buffer>
    chunk_limit_records 300
    flush_interval 3s
    retry_max_times 3
  </buffer>
</match>

## loginsight-fluent.yml
apiVersion: v1
kind: ServiceAccount
metadata:
  labels:
    k8s-app: log-collector
  name: fluentd
  namespace: kube-system

---
kind: ClusterRole
apiVersion: rbac.authorization.k8s.io/v1
metadata:
  name: fluentd
rules:
  - apiGroups:
      - ""
    resources:
      - "namespaces"
      - "pods"
    verbs:
      - "list"
      - "get"
      - "watch"

---
kind: ClusterRoleBinding
apiVersion: rbac.authorization.k8s.io/v1
metadata:
  name: fluentd
roleRef:
  apiGroup: rbac.authorization.k8s.io
  kind: ClusterRole
  name: fluentd
subjects:
- kind: ServiceAccount
  name: fluentd
  namespace: kube-system

---
apiVersion: apps/v1
kind: DaemonSet
metadata:
  name: log-collector
  namespace: kube-system
  labels:
    k8s-app: log-collector
    app: log-collector
    version: v1
    kubernetes.io/cluster-service: "true"
spec:
 selector:
   matchLabels:
     name: log-collector
 template:
   metadata:
     labels:
       name: log-collector
       app: log-collector
       version: v1
       kubernetes.io/cluster-service: "true"
   spec:
     serviceAccount: fluentd
     serviceAccountName: fluentd
     tolerations:
     - key: node-role.kubernetes.io/master
       effect: NoSchedule
     containers:
     - name: fluentd-li
       image: projects.registry.vmware.com/vrealize_loginsight/fluentd:1.1
       command: ["fluentd", "-c", "/etc/fluentd/fluent.conf", "-p", "/fluentd/plugins"]
       env:
       - name: FLUENTD_ARGS
         value: --no-supervisor -q
       resources:
         limits:
           memory: 512Mi
         requests:
           cpu: 500m
           memory: 512Mi
       volumeMounts:
       - name: varlog
         mountPath: /var/log
       - name: varlogcontainers
         mountPath: /var/log/containers
       - name: varlibdockercontainers
         mountPath: /var/lib/docker/containers
         readOnly: true
       - name: fluentdconfig
         mountPath: /etc/fluentd
     volumes:
     - name: varlog
       hostPath:
         path: /var/log
     - name: varlogcontainers
       hostPath:
         path: /var/log/containers
     - name: varlibdockercontainers
       hostPath:
         path: /var/lib/docker/containers
     - name: fluentdconfig
       configMap:
         name: loginsight-fluentd-config
     - name: li-fluent-volume
       emptyDir: {}
     - name: var-logs
       emptyDir: {}
	<source>
	@id in_tail_container_logs
	@type tail
	path /var/log/containers/*.log
	pos_file /var/log/fluentd-containers.log.pos
	tag raw.kubernetes.*
	read_from_head true
	# Open below line if you need have filename as tag field (now without prefix kubernetes.)
	# path_key tag
	<parse>
	@type multi_format
	<pattern>
	format json
	time_key time
	time_format %Y-%m-%dT%H:%M:%S.%NZ
	</pattern>
	<pattern>
	format /^(?<time>.+) (?<stream>stdout\|stderr) [^ ]* (?<log>.*)$/
	time_format %Y-%m-%dT%H:%M:%S.%N%:z
	</pattern>
	</parse>
	</source>

	# Detect exceptions in the log output and forward them as one log entry.
	<match raw.kubernetes.**>
	@id raw.kubernetes
	@type detect_exceptions
	remove_tag_prefix raw
	message log
	stream stream
	multiline_flush_interval 5
	max_bytes 500000
	max_lines 1000
	</match>

	<filter kubernetes.**>
	@type record_transformer
	<record>
	environment tanzu_k8s_grid
	log_type kubernetes
	</record>
	watch false
	</filter>

	# Enriches records with Kubernetes metadata
	<filter kubernetes.**>
	@id filter_kubernetes_metadata
	@type kubernetes_metadata
	watch false
	</filter>

	<match **>
	@type vmware_loginsight
	scheme https
	ssl_verify false
	host <LOGINSIGHT-IP>
	port 9543
	http_method post
	serializer json
	rate_limit_msec 0
	raise_on_error true
	include_tag_key true
	tag_key tag
	http_conn_debug false
	<buffer>
	chunk_limit_records 300
	flush_interval 3s
	retry_max_times 3
	</buffer>
	</match>
	apiVersion: v1
	kind: ServiceAccount
	metadata:
	labels:
	k8s-app: log-collector
	name: fluentd
	namespace: kube-system

	---
	kind: ClusterRole
	apiVersion: rbac.authorization.k8s.io/v1
	metadata:
	name: fluentd
	rules:
	- apiGroups:
	- ""
	resources:
	- "namespaces"
	- "pods"
	verbs:
	- "list"
	- "get"
	- "watch"

	---
	kind: ClusterRoleBinding
	apiVersion: rbac.authorization.k8s.io/v1
	metadata:
	name: fluentd
	roleRef:
	apiGroup: rbac.authorization.k8s.io
	kind: ClusterRole
	name: fluentd
	subjects:
	- kind: ServiceAccount
	name: fluentd
	namespace: kube-system

	---
	apiVersion: apps/v1
	kind: DaemonSet
	metadata:
	name: log-collector
	namespace: kube-system
	labels:
	k8s-app: log-collector
	app: log-collector
	version: v1
	kubernetes.io/cluster-service: "true"
	spec:
	selector:
	matchLabels:
	name: log-collector
	template:
	metadata:
	labels:
	name: log-collector
	app: log-collector
	version: v1
	kubernetes.io/cluster-service: "true"
	spec:
	serviceAccount: fluentd
	serviceAccountName: fluentd
	tolerations:
	- key: node-role.kubernetes.io/master
	effect: NoSchedule
	containers:
	- name: fluentd-li
	image: projects.registry.vmware.com/vrealize_loginsight/fluentd:1.1
	command: ["fluentd", "-c", "/etc/fluentd/fluent.conf", "-p", "/fluentd/plugins"]
	env:
	- name: FLUENTD_ARGS
	value: --no-supervisor -q
	resources:
	limits:
	memory: 512Mi
	requests:
	cpu: 500m
	memory: 512Mi
	volumeMounts:
	- name: varlog
	mountPath: /var/log
	- name: varlogcontainers
	mountPath: /var/log/containers
	- name: varlibdockercontainers
	mountPath: /var/lib/docker/containers
	readOnly: true
	- name: fluentdconfig
	mountPath: /etc/fluentd
	volumes:
	- name: varlog
	hostPath:
	path: /var/log
	- name: varlogcontainers
	hostPath:
	path: /var/log/containers
	- name: varlibdockercontainers
	hostPath:
	path: /var/lib/docker/containers
	- name: fluentdconfig
	configMap:
	name: loginsight-fluentd-config
	- name: li-fluent-volume
	emptyDir: {}
	- name: var-logs
	emptyDir: {}