--- apiVersion: v1 kind: ConfigMap metadata: name: fluentd-config namespace: amazon-cloudwatch labels: k8s-app: fluentd-cloudwatch data: fluent.conf: | @include containers.conf @include systemd.conf @include host.conf @type null containers.conf: | @type tail @id in_tail_container_logs @label @containers path /var/log/containers/*.log pos_file /var/log/fluentd-containers.log.pos tag * read_from_head true @type json time_format %Y-%m-%dT%H:%M:%S.%NZ @type kubernetes_metadata @id filter_kube_metadata @type record_transformer @id filter_containers_stream_transformer stream_name ${tag_parts[3]} @type cloudwatch_logs @id out_cloudwatch_logs_containers region "#{ENV.fetch('REGION')}" log_group_name "/aws/containerinsights/#{ENV.fetch('CLUSTER_NAME')}/application" log_stream_name_key stream_name remove_log_stream_name_key true auto_create_stream true flush_interval 5 chunk_limit_size 2m queued_chunks_limit_size 32 retry_forever true systemd.conf: | @type systemd @id in_systemd_kubelet @label @systemd filters [{ "_SYSTEMD_UNIT": "kubelet.service" }] field_map {"MESSAGE": "message", "_HOSTNAME": "hostname", "_SYSTEMD_UNIT": "systemd_unit"} field_map_strict true path /var/log/journal pos_file /var/log/fluentd-journald-kubelet.pos read_from_head true tag kubelet.service @type systemd @id in_systemd_kubeproxy @label @systemd filters [{ "_SYSTEMD_UNIT": "kubeproxy.service" }] field_map {"MESSAGE": "message", "_HOSTNAME": "hostname", "_SYSTEMD_UNIT": "systemd_unit"} field_map_strict true path /var/log/journal pos_file /var/log/fluentd-journald-kubeproxy.pos read_from_head true tag kubeproxy.service @type systemd @id in_systemd_docker @label @systemd filters [{ "_SYSTEMD_UNIT": "docker.service" }] field_map {"MESSAGE": "message", "_HOSTNAME": "hostname", "_SYSTEMD_UNIT": "systemd_unit"} field_map_strict true path /var/log/journal pos_file /var/log/fluentd-journald-docker.pos read_from_head true tag docker.service @type kubernetes_metadata @id filter_kube_metadata_systemd @type record_transformer @id filter_systemd_stream_transformer stream_name ${tag}-${record["hostname"]} @type cloudwatch_logs @id out_cloudwatch_logs_systemd region "#{ENV.fetch('REGION')}" log_group_name "/aws/containerinsights/#{ENV.fetch('CLUSTER_NAME')}/dataplane" log_stream_name_key stream_name auto_create_stream true remove_log_stream_name_key true flush_interval 5 chunk_limit_size 2m queued_chunks_limit_size 32 retry_forever true host.conf: | @type tail @id in_tail_dmesg @label @hostlogs path /var/log/dmesg pos_file /var/log/dmesg.log.pos tag host.dmesg read_from_head true @type syslog @type tail @id in_tail_secure @label @hostlogs path /var/log/secure pos_file /var/log/secure.log.pos tag host.secure read_from_head true @type syslog @type tail @id in_tail_messages @label @hostlogs path /var/log/messages pos_file /var/log/messages.log.pos tag host.messages read_from_head true @type syslog @type kubernetes_metadata @id filter_kube_metadata_host @type record_transformer @id filter_containers_stream_transformer_host stream_name ${tag}-${record["host"]} @type cloudwatch_logs @id out_cloudwatch_logs_host_logs region "#{ENV.fetch('REGION')}" log_group_name "/aws/containerinsights/#{ENV.fetch('CLUSTER_NAME')}/host" log_stream_name_key stream_name remove_log_stream_name_key true auto_create_stream true flush_interval 5 chunk_limit_size 2m queued_chunks_limit_size 32 retry_forever true