Create a new 1.13 or 1.14 EKS cluster called container-insights
.
Enable IRSA:
eksctl utils associate-iam-oidc-provider \
--name container-insights \
--approve
Create a namespace:
kubectl create ns cw
Create SA with arn:aws:iam::aws:policy/CloudWatchAgentServerPolicy
policy:
eksctl create iamserviceaccount \
--name fluentbitds \
--namespace cw \
--cluster container-insights \
--attach-policy-arn arn:aws:iam::aws:policy/CloudWatchAgentServerPolicy \
--approve
Set up Fluent Bit as DS:
kubectl apply -f eks-fluent-bit-configmap.yaml
kubectl apply -f eks-fluent-bit-daemonset-rbac.yaml
kubectl apply -f eks-fluent-bit-daemonset.yaml
Set up NGINX for generating logs:
kubectl apply -f eks-nginx-app.yaml
Verify if all is running:
kubectl get po,ds,cm
NAME READY STATUS RESTARTS AGE
pod/fluentbit-bkntf 1/1 Running 0 6m11s
pod/nginx-8c5ddb5c-576hm 1/1 Running 0 6m4s
NAME DESIRED CURRENT READY UP-TO-DATE AVAILABLE NODE SELECTOR AGE
daemonset.extensions/fluentbit 1 1 1 1 1 <none> 6m12s
NAME DATA AGE
configmap/fluent-bit-config 2 6m32s
Generate load on NGINX to produce logs, for example using kubectl port-forward service/nginx 9090:80
and then curl localhost:9090
.
@mhausenblas Do workloads have to be in the same namespace for this to work?