--- apiVersion: v1 kind: ServiceAccount metadata: name: fluentd namespace: monitoring --- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: name: fluentd namespace: monitoring rules: - apiGroups: - "" resources: - pods - namespaces verbs: - get - list - watch --- kind: ClusterRoleBinding apiVersion: rbac.authorization.k8s.io/v1 metadata: name: fluentd roleRef: kind: ClusterRole name: fluentd apiGroup: rbac.authorization.k8s.io subjects: - kind: ServiceAccount name: fluentd namespace: monitoring --- apiVersion: apps/v1 kind: DaemonSet metadata: name: fluentd-logzio namespace: monitoring labels: k8s-app: fluentd-logzio version: v1 spec: selector: matchLabels: k8s-app: fluentd-logzio template: metadata: labels: k8s-app: fluentd-logzio version: v1 spec: serviceAccount: fluentd serviceAccountName: fluentd tolerations: - key: node-role.kubernetes.io/master effect: NoSchedule # Because the image's entrypoint requires to write on /fluentd/etc but we mount configmap there which is read-only, # this initContainers workaround or other is needed. # See https://github.com/fluent/fluentd-kubernetes-daemonset/issues/90 initContainers: - name: copy-fluentd-config image: busybox command: ['sh', '-c', 'cp /config-volume/..data/* /fluentd/etc'] volumeMounts: - name: config-volume mountPath: /config-volume - name: fluentdconf mountPath: /fluentd/etc containers: - name: fluentd image: logzio/logzio-fluentd:1.5.4 env: - name: LOGZIO_LOG_SHIPPING_TOKEN valueFrom: secretKeyRef: name: logzio-logs-secret key: logzio-log-shipping-token - name: LOGZIO_LOG_LISTENER valueFrom: secretKeyRef: name: logzio-logs-secret key: logzio-log-listener - name: FLUENTD_SYSTEMD_CONF value: "disable" - name: FLUENTD_PROMETHEUS_CONF value: "disable" - name: INCLUDE_NAMESPACE value: "" - name: KUBERNETES_VERIFY_SSL value: "true" - name: AUDIT_LOG_FORMAT value: audit - name: "CRI" value: "docker" resources: limits: memory: 500Mi requests: cpu: 200m memory: 500Mi volumeMounts: - name: varlog mountPath: /var/log - name: varlibdockercontainers mountPath: /var/lib/docker/containers readOnly: true - name: config-volume mountPath: /config-volume - name: fluentdconf mountPath: /fluentd/etc terminationGracePeriodSeconds: 30 volumes: - name: varlog hostPath: path: /var/log - name: varlibdockercontainers hostPath: path: /var/lib/docker/containers - name: config-volume configMap: name: fluentd-config - name: fluentdconf emptyDir: {}