Skip to content

Instantly share code, notes, and snippets.

@artem-hatchenko

artem-hatchenko/eks_fluent_bit_module_full.tf

Created October 22, 2025 12:35
Show Gist options

  • Select an option

    Learn more about clone URLs
  • Save artem-hatchenko/4f7a123f7e4c3b65eb6703dd344dcfd7 to your computer and use it in GitHub Desktop.

Select an option

Learn more about clone URLs
Save artem-hatchenko/4f7a123f7e4c3b65eb6703dd344dcfd7 to your computer and use it in GitHub Desktop.
Download ZIP
eks_fluent_bit_module_full.tf
Raw
eks_fluent_bit_module_full.tf
### AWS Fluent-bit
resource "helm_release" "fluent-bit" {
name = "aws-for-fluent-bit"
repository = "https://aws.github.io/eks-charts"
chart = "aws-for-fluent-bit"
namespace = var.namespace
version = var.helm_version
dependency_update = true
values = [<<EOF
image:
tag: ${var.image_version}
resources:
limits:
memory: ${var.memory_limit}
requests:
cpu: ${var.cpu_request}
memory: ${var.memory_request}
%{if var.labels != null}
affinity:
nodeAffinity:
requiredDuringSchedulingIgnoredDuringExecution:
nodeSelectorTerms:
- matchExpressions:
- key: pool
operator: In
values:
%{for label in var.labels}
- ${label}
%{endfor}
tolerations:
%{for label in var.labels}
- key: dedicated
operator: Equal
value: ${label}
effect: NoSchedule
%{endfor}
%{endif}
rbac:
pspEnabled: ${var.rbac_psp_enabled}
serviceAccount:
create: false
name: ${kubernetes_service_account.irsa.metadata[0].name}
cloudWatchLogs:
enabled: false
firehose:
enabled: false
kinesis:
enabled: false
elasticsearch:
enabled: false
opensearch:
enabled: true
match: ${var.opensearch_filter}.*
host: ${var.opensearch_host}
port: "443"
awsRegion: ${var.aws_region}
awsAuth: "${var.opensearch_aws_auth}"
logstashFormat: "on"
logstashPrefix: ${var.logstash_prefix}
logstashPrefixKey: Index
traceError: "On"
bufferSize: "5m"
input:
extraInputs: |
Exclude_Path /var/log/containers/aws-for-fluent-bit*,/var/log/containers/${var.opensearch_filter}*
additionalInputs: |
[INPUT]
Name tail
Tag ${var.opensearch_filter}.*
Path /var/log/containers/*${var.opensearch_filter}*.log
DB /var/log/flb_${var.opensearch_filter}.db
multiline.parser docker,cri
Docker_Mode Off
Mem_Buf_Limit 50MB
Skip_Long_Lines Off
Refresh_Interval 10
additionalFilters: |
[FILTER]
Name kubernetes
Match ${var.opensearch_filter}.*
Kube_URL https://kubernetes.default.svc.cluster.local:443
Merge_Log On
# For rewrite_tag filter, Keep_log must be On
Keep_log On
K8S-Logging.Parser On
K8S-Logging.Exclude On
Kube_Tag_Prefix ${var.opensearch_filter}.var.log.containers.
Labels Off
Annotations Off
%{if length(var.log_s3_outputs) > 0}
%{for out in var.log_s3_outputs}
[FILTER]
Name rewrite_tag
Match ${var.opensearch_filter}.var.log.containers.*_${out.namespace}_*${out.app}*
Rule $kubernetes['container_name'] ^${out.app}$ ${out.tag_prefix}.$TAG ${out.shipping_logs_to_os}
[FILTER]
Name nest
Match ${out.tag_prefix}.*
Operation lift
Nested_under kubernetes
Add_prefix kubernetes.
[FILTER]
Name record_modifier
Match ${out.tag_prefix}.*
%{for label in var.opensearch_remove_keys}
Remove_key ${label}
%{endfor}
%{endfor}
%{endif}
[FILTER]
Name nest
Match ${var.opensearch_filter}.*
Operation lift
Nested_under kubernetes
Add_prefix kubernetes.
[FILTER]
Name record_modifier
Match ${var.opensearch_filter}.*
%{for label in var.opensearch_remove_keys}
Remove_key ${label}
%{endfor}
%{if length(var.log_s3_outputs) > 0}
additionalOutputs: |
%{for out in var.log_s3_outputs}
[OUTPUT]
Name s3
Match ${out.tag_prefix}.*
bucket ${out.bucket}
region ${var.aws_region}
total_file_size ${out.total_file_size}
upload_timeout ${out.upload_timeout}
use_put_object On
compression gzip
s3_key_format ${out.bucket_out_prefix}/%Y/%m/%d/%H/$UUID.gz
s3_key_format_tag_delimiters .-
%{endfor}
%{endif}
EOF
]
}
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment