Getting data of pod using binary

Question

I'm trying to figure a way of building a configuration file/script that can help me retrieve the logs of the Kubernetes pod into elastic but using Binary fluent-bit only.

I was managed to retrieve the logs from the pod into elastic using the following code:

./fluent-bit -i stdin -o es -p Host=elasticsearch -p Port=9200 -p Index=myindex -p HTTP_User=myuser -p HTTP_Passwd=dsfsgsdfg < < here i run a script to take it from the proc folder and echo it.

but i have an issue that the pod details like pod name,pod id,etc are not passing. is there a way to get the logs of the pod in a more elegant way? and also retrieve the pod details? right now I take it from the /proc/?/fd/1 Folder using some ugly script. if i can do it using configuration file it can be amazing.

Answer 1

Fluentd would usually add kubernetes contextual data using the Kubernetes Metadata filter.

As for fluent-bit, I'm less familiar with it, still they do have some docs about this.

Either way, your fluentd/fluentbit would require its ServiceAccount and some RBAC collecting those data from your Kubernetes API.

---

Meanwhile, I'm not sure I completely understand how you get containers logs into fluent-bit (/proc/?/fd/1 ?!! then you miss stderr? fluent-bit reading from stdin? sounds ... unusual).

Note you have plugins fetching logs out of journald, or tail. As opposed to some stdin output, systemd and tail are aware of which logs were forwarded last (offset/seek/...), thus less likely to lose messages.

Even if you prefer to go with your own images in the end: give a look to existing solutions. Collecting logs from kubernetes containers, augmented with kubernetes metadata, reliable buffering, ... those are relatively common problematics, with their fair share of interesting implementations, several of them open-sourced, check github/gitlab/...