k8s-humio - Ship Logs from Kubernetes to Humio
Contains components for shipping logs from kubernetes clusters to humio.
Here, fluentd is used to forward application- and _host-_level logs from each kubernetes worker node to humio server. This extends the standard setup here from fluentd for log forwarding in kubernetes.
fluentd/docker-image a docker image is defined which specifies how to forward to humio (with other settings, like log sources reused from the base image). Kubernetes manifests are defined in
fluentd/k8s: a daemonset will deploy fluentd pods across every worker node inside the kube-system namespace, and each pod will read the humio ingest token from the
As per the normal setup, fluentd output is buffered, and uses tls for nice log confidentiality.
- Kubernetes cluster
- User authorized to administrate via kubectl
- Default service account with read privileges to API server for use by the kubernetes metadata filter plugin. This should be present by default in the kube-system namespace (even in kubernetes 1.6 with RBAC enabled)
- Setup your dataspace in humio and create an ingest token
- Base64 encode your token by running
printf 'TOKEN' | base64and update
fluentd/k8s/fluentd-humio-ingest-token-secret.yamlwith the value
- Create your resources in kubernetes:
kubectl apply -f fluentd/k8s/
- Logs start appearing in humio!