How to get ${kubernetes.namespace_name} for index_name in fluentd?

Question

Did anyone manage to get kubernetes.namespace_name as indexName? I tried this and its not working.

index_name ${kubernetes.namespace_name}.%Y%m%d
         


        

Answer 1

Please follow below mentioned steps for complete installation. I have Added below fluentd.conf configmap file with below line.

logstash_prefix clustername-${record['kubernetes']['namespace_name']}

Fluentd-DaemonSet

apiVersion: apps/v1
kind: DaemonSet
metadata:
  name: fluentd
  namespace: logging
  labels:
    k8s-app: fluentd-logging
    version: v1
spec:
  selector:
    matchLabels:
      k8s-app: fluentd-logging
      version: v1
  template:
    metadata:
      labels:
        k8s-app: fluentd-logging
        version: v1
    spec:
      serviceAccountName: fluentd                           
      tolerations:
      - key: node-role.kubernetes.io/master
        effect: NoSchedule
      containers:
      - name: fluentd
        image: fluent/fluentd-kubernetes-daemonset:v1-debian-elasticsearch 
        env:
          - name:  FLUENT_ELASTICSEARCH_HOST
            value: "elasticsearch"
          - name:  FLUENT_ELASTICSEARCH_PORT
            value: "9200"
          - name: FLUENT_ELASTICSEARCH_SCHEME
            value: "http"
          - name: FLUENT_ELASTICSEARCH_USER
            value: "user"
          - name: FLUENT_ELASTICSEARCH_PASSWORD
            value: "password"
          - name: FLUENT_ELASTICSEARCH_CLUSTER_NAME
            value: "clustername"
        resources:
          limits:
            memory: 500Mi
          requests:
            cpu: 100m
            memory: 200Mi
        volumeMounts:
        - name: config-fluentd
          mountPath: /fluentd/etc/fluent.conf
          subPath: fluent.conf
        - name: varlog
          mountPath: /var/log
        - name: varlibdockercontainers
          mountPath: /var/lib/docker/containers
          readOnly: true
      terminationGracePeriodSeconds: 30
      volumes:
      - name: config-fluentd
        configMap:
          name: fluentd-conf                      
      - name: varlog
        hostPath:
          path: /var/log
      - name: varlibdockercontainers
        hostPath:
          path: /var/lib/docker/containers

Add fluentd.conf file

kubectl create cm config-fluentd --from-file fluentd.conf

    # this tells fluentd to not output its log on stdout
    @type null


# Fetch all container logs

  @id kubernetes-containers.log
  @type tail
  path /var/log/containers/*.log
  pos_file /var/log/kubernetes-containers.log.pos
  tag raw.kubernetes.*
  read_from_head true
  
    @type multi_format
    
      format json
      time_key time
      time_format %Y-%m-%dT%H:%M:%S.%NZ
    
    
      format /^(?.+) (?stdout|stderr) [^ ]* (?.*)$/
      time_format %Y-%m-%dT%H:%M:%S.%N%:z
    
  


# Detect exceptions in the log output and forward them as one log entry.

  @id raw.kubernetes
  @type detect_exceptions
  remove_tag_prefix raw
  message log
  stream stream
  multiline_flush_interval 5
  max_bytes 500000
  max_lines 1000


# Concatenate multi-line logs

  @id filter_concat
  @type concat
  key message
  multiline_end_regexp /\n$/
  separator ""


# Add records with Kubernetes metadata

  @id filter_kubernetes_metadata
  @type kubernetes_metadata


# Fixes json fields for Elasticsearch

  @id filter_parser
  @type parser
  key_name log
  reserve_data true
  remove_key_name_field true
  
    @type multi_format
    
      format json
    
    
      format none
    
  


   @type elasticsearch_dynamic
   @id out_es
   @log_level info
					
   include_tag_key true
   host "#{ENV['FLUENT_ELASTICSEARCH_HOST']}"
   port "#{ENV['FLUENT_ELASTICSEARCH_PORT']}"
   path "#{ENV['FLUENT_ELASTICSEARCH_PATH']}"
   scheme "#{ENV['FLUENT_ELASTICSEARCH_SCHEME'] || 'http'}"
   ssl_verify "#{ENV['FLUENT_ELASTICSEARCH_SSL_VERIFY'] || 'true'}"
   user "#{ENV['FLUENT_ELASTICSEARCH_USER']}"
   password "#{ENV['FLUENT_ELASTICSEARCH_PASSWORD']}"
   reload_connections "#{ENV['FLUENT_ELASTICSEARCH_RELOAD_CONNECTIONS'] || 'true'}"
   logstash_prefix clustername-${record['kubernetes']['namespace_name']}
   logstash_format true
   type_name fluentd
   buffer_chunk_limit "#{ENV['FLUENT_ELASTICSEARCH_BUFFER_CHUNK_LIMIT_SIZE'] || '2M'}"
   buffer_queue_limit "#{ENV['FLUENT_ELASTICSEARCH_BUFFER_QUEUE_LIMIT_LENGTH'] || '32'}"
   flush_interval "#{ENV['FLUENT_ELASTICSEARCH_BUFFER_FLUSH_INTERVAL'] || '5s'}"
   max_retry_wait "#{ENV['FLUENT_ELASTICSEARCH_BUFFER_RETRY_MAX_INTERVAL'] || '30'}"
   disable_retry_limit
   num_threads "#{ENV['FLUENT_ELASTICSEARCH_BUFFER_FLUSH_THREAD_COUNT'] || '8'}"

Official Repo: https://github.com/fluent/fluentd-kubernetes-daemonset

If you want to divide fluentd.conf file to other files then you can use below annotation in fluentd.conf and add as a configmap and volume in DaemonSet.

Annotation

@include systemd.conf
@include kubernetes.conf

Configmap for above files

Add configmap similar to fluentd-config as a configmap for seperated config files.