Configuring logging in a kubernetes cluster

Requirements

• helm 3

Stack used

• fluent-bit

• loki

• grafana

Introduction

The fluent-bit -> loki <- grafana stack is great if you are using prometheus, alertmanager, grafana, etc. for monitoring. Why fluent-bit and not promtail? fluent-bit is a very lightweight, high performance log collector. Out of the box it supports the main data sources for reading and sending, and has integration with kubernetes.

Configuring loki

helm repo add grafana https://grafana.github.io/helm-charts

The default loki chart is pretty heavyweight and includes prometheus operator, grafana, the loki cluster deployment, and a few other things. We will stick to configuring these services separately, as well as a single-node loki configuration to make operation and understanding easier. To do this, we need to change some default values via values.yaml

Example of a values.yaml file to configure using nfs storage

Note! We are using Basic Auth. Change your password. gateway.basicAuth.password

# disable service monitor from internal prometheus operator
serviceMonitor:
  enabled: false

# disable enterprise feature
enterprise:
  enabled: false

loki:
  auth_enabled: false

  server:
    http_listen_port: 3100
    grpc_listen_port: 9095

  podAnnotations:
    ### if you have annotations configured for prometheus, uncomment below
    # prometheus.io/scrape: "true"
    # prometheus.io/port: "3100"
    # prometheus.io/path: "metrics"
    # prometheus.io/scheme: "http"

  limits_config:
    enforce_metric_name: false
    reject_old_samples: true
    reject_old_samples_max_age: 168h
    max_cache_freshness_per_query: 10m
    split_queries_by_interval: 15m
    max_global_streams_per_user: 10000


  commonConfig:
    # using single binary loki instance, not cluster
    replication_factor: 1

  storage:
    type: "filesystem"

  readinessProbe:
    httpGet:
      path: /ready
      port: 3100
    initialDelaySeconds: 30
    timeoutSeconds: 1

gateway:
  # Enable basic auth
  basicAuth:
    enabled: true
    username: "admin"
    password: "your_password_here"

singleBinary:
  # Use nfs storage
  persistence:
    enabled: true
    type: pvc
    storageClass: ssd-nfs-storage
    accessModes:
      - ReadWriteOnce
    size: 2Gi
  # Disable cluster
  targetModule: "all"

test:
  enabled: false

# Disable internal prometheus operator
monitoring:
  dashboards:
    enabled: false

  rules:
    enabled: false
    alerting: false

  serviceMonitor:
    enabled: false

  selfMonitoring:
    enabled: false

    grafanaAgent:
      installOperator: false

  lokiCanary:
    enabled: false

Uploading the chart

Fluentbit

Fluent Bit allows you to collect logs and metrics from multiple sources, enrich them with filters, and send them to any specific destination.

Adding a chart repository

Configuring log collection

Use the values.yaml file to modify the default chart values.

Note!

• Change config.outputs[name=loki].loki.http_passwd to the password used for Basic Auth in the loki service

• Change config.outputs[name=loki].loki.host to match your namespace

• In the config.customParsers section, the order in which the parsers are defined matters!

For a better understanding of how log processing works in fluent-bit, visit this page

Uploading

Visualizing your data in grafana

It is assumed that you have already deployed grafana.

• Create a datasource loki with the data to connect

• Create or find a dashboard to display the data

Sources

• https://docs.fluentbit.io/manual/installation/kubernetes

• https://habr.com/ru/company/otus/blog/487118/

• https://github.com/grafana/loki/blob/main/production/helm/loki/values.yaml

• https://grafana.com/docs/loki/latest/installation/helm/install-monolithic/

• https://github.com/fluent/helm-charts/blob/main/charts/fluent-bit/values.yaml#L280

• https://docs.fluentbit.io/manual/pipeline/outputs/loki#getting-started