The fluent-bit -> loki <- grafana stack is great if you are using prometheus, alertmanager, grafana, etc. for monitoring. Why fluent-bit and not promtail? fluent-bit is a very lightweight, high performance log collector. Out of the box it supports the main data sources for reading and sending, and has integration with kubernetes.
The default loki chart is pretty heavyweight and includes prometheus operator, grafana, the loki cluster deployment, and a few other things. We will stick to configuring these services separately, as well as a single-node loki configuration to make operation and understanding easier. To do this, we need to change some default values via values.yaml
Example of a values.yaml file to configure using nfs storage
Note! We are using Basic Auth. Change your password. gateway.basicAuth.password
# disable service monitor from internal prometheus operatorserviceMonitor:enabled:false# disable enterprise featureenterprise:enabled:falseloki:auth_enabled:falseserver:http_listen_port:3100grpc_listen_port:9095podAnnotations:### if you have annotations configured for prometheus, uncomment below# prometheus.io/scrape: "true"# prometheus.io/port: "3100"# prometheus.io/path: "metrics"# prometheus.io/scheme: "http"limits_config:enforce_metric_name:falsereject_old_samples:truereject_old_samples_max_age:168hmax_cache_freshness_per_query:10msplit_queries_by_interval:15mmax_global_streams_per_user:10000commonConfig:# using single binary loki instance, not clusterreplication_factor:1storage:type:"filesystem"readinessProbe:httpGet:path:/readyport:3100initialDelaySeconds:30timeoutSeconds:1gateway:# Enable basic authbasicAuth:enabled:trueusername:"admin"password:"your_password_here"singleBinary:# Use nfs storagepersistence:enabled:truetype:pvcstorageClass:ssd-nfs-storageaccessModes: - ReadWriteOncesize:2Gi# Disable clustertargetModule:"all"test:enabled:false# Disable internal prometheus operatormonitoring:dashboards:enabled:falserules:enabled:falsealerting:falseserviceMonitor:enabled:falseselfMonitoring:enabled:falsegrafanaAgent:installOperator:falselokiCanary:enabled:false
Use the values.yaml file to modify the default chart values.
image:repository:cr.fluentbit.io/fluent/fluent-bit# Overrides the image tag whose default is {{ .Chart.AppVersion }}# tag: "1.9.10"pullPolicy:IfNotPresentservice:type:ClusterIPport:2020annotations:### if you have annotations configured for prometheus, uncomment below# prometheus.io/scrape: "true"# prometheus.io/port: "2020"# prometheus.io/path: "/api/v1/metrics/prometheus"metricsPort:2020flush:1serviceMonitor:enabled:falseprometheusRule:enabled:falselivenessProbe:httpGet:path:/port:httpreadinessProbe:httpGet:path:/api/v1/healthport:httpresources:limits:cpu:50mmemory:128Mirequests:cpu:100mmemory:128Miconfig:service:| [SERVICE] Daemon Off Flush {{ .Values.flush }} Log_Level {{ .Values.logLevel }} Parsers_File parsers.conf Parsers_File custom_parsers.conf HTTP_Server On HTTP_Listen 0.0.0.0 HTTP_Port {{ .Values.metricsPort }} Health_Check Oninputs:| [INPUT] Name tail Tag kube.* Path /var/log/containers/*.log Mem_Buf_Limit 5MB Skip_Long_Lines On Skip_Empty_Lines Off Refresh_Interval 60filters:| [FILTER] Name parser Match kube.* Key_Name log Parser chainlink Parser cri Preserve_Key On Reserve_Data On [FILTER] Name kubernetes Match kube.* Kube_URL https://kubernetes.default.svc:443 Kube_CA_File /var/run/secrets/kubernetes.io/serviceaccount/ca.crt Kube_Token_File /var/run/secrets/kubernetes.io/serviceaccount/token Kube_Tag_Prefix kube.var.log.containers. Merge_Log On Merge_Log_Trim On Keep_Log Off tls.verify On K8S-Logging.Parser On K8S-Logging.Exclude On Labels On Annotations On Use_Kubelet Offoutputs:| [OUTPUT] name loki match * host loki.your-namespace.svc port 3100 http_user admin http_passwd your_loki_password labels $service_logtag auto_kubernetes_labels oncustomParsers:| [PARSER] Name chainlink Format regex Regex ^(?<time>[^ ]+) (?<stream>stdout|stderr) (?<container_logtag>[^ ]*) (?<service_time>[^ ]+) (?<service_logtag>[^ ]*) (?<service_message>.*)$
Time_Key time Time_Format %Y-%m-%dT%H:%M:%S.%L%z [PARSER] Name cri Format regex Regex ^(?<time>[^ ]+) (?<stream>stdout|stderr) (?<logtag>[^ ]*) (?<message>.*)$ Time_Key time Time_Format %Y-%m-%dT%H:%M:%S.%L%zpodAnnotations:### if you have annotations configured for prometheus, uncomment below# prometheus.io/scrape: "true"# prometheus.io/port: "2020"# prometheus.io/path: "/api/v1/metrics/prometheus"# prometheus.io/scheme: "http"logLevel:"inf
Note!
Change config.outputs[name=loki].loki.http_passwd to the password used for Basic Auth in the loki service
Change config.outputs[name=loki].loki.host to match your namespace
In the config.customParsers section, the order in which the parsers are defined matters!
For a better understanding of how log processing works in fluent-bit, visit this page