apiVersion: v1
kind: Secret
type: Opaque
metadata:
name: cloudwatch-logging-agent
namespace: kube-system
labels:
app: fluentd
env: dev
data:
AWS_ACCESS_KEY_ID: {AWS_ACCESS_KEY_ID}
AWS_SECRET_ACCESS_KEY: {AWS_SECRET_ACCESS_KEY}
---
apiVersion: v1
kind: ConfigMap
metadata:
name: fluentd
namespace: kube-system
labels:
env: dev
data:
AWS_REGION: eu-west-1
CW_LOG_GROUP: kubernetes-cluster
---
apiVersion: extensions/v1beta1
kind: DaemonSet
metadata:
name: fluentd
namespace: kube-system
labels:
env: dev
k8s-app: fluentd-logging
version: v1
kubernetes.io/cluster-service: "true"
spec:
template:
metadata:
labels:
env: dev
k8s-app: fluentd-logging
version: v1
kubernetes.io/cluster-service: "true"
spec:
tolerations:
- key: node-role.kubernetes.io/master
effect: NoSchedule
containers:
- name: fluentd
image: callstats/fluentd-kubernetes-cloudwatch # fluent/fluentd-kubernetes-daemonset:v0.12-debian-cloudwatch
env:
- name: AWS_ACCESS_KEY_ID
valueFrom:
secretKeyRef:
name: cloudwatch-logging-agent
key: AWS_ACCESS_KEY_ID
- name: AWS_SECRET_ACCESS_KEY
valueFrom:
secretKeyRef:
name: cloudwatch-logging-agent
key: AWS_SECRET_ACCESS_KEY
- name: AWS_REGION
valueFrom:
configMapKeyRef:
name: fluentd
key: AWS_REGION
- name: CW_LOG_GROUP
valueFrom:
configMapKeyRef:
name: fluentd
key: CW_LOG_GROUP
resources:
limits:
memory: 200Mi
requests:
cpu: 100m
memory: 200Mi
volumeMounts:
- name: varlog
mountPath: /var/log
- name: varlibdockercontainers
mountPath: /var/lib/docker/containers
readOnly: true
terminationGracePeriodSeconds: 30
volumes:
- name: varlog
hostPath:
path: /var/log
- name: varlibdockercontainers
hostPath:
path: /var/lib/docker/containers
AmazonAPIGatewayPushToCloudWatchLogs
CloudWatchFullAccess
CloudWatchLogsReadOnlyAccess
CloudWatchLogsFullAccess
AmazonDMSCloudWatchLogsRole
AWSOpsWorksCloudWatchLogs
unfortunately, nothing shows up in cloudwatch logs, and when looking at the pod logs, i get these warnings from the aws client:
2017-10-11 09:15:31 +0000 [warn]: temporarily failed to flush the buffer. next_retry=2017-10-11 09:15:31 +0000 error_class="Aws::CloudWatchLogs::Errors::IncompleteSignatureException" error="Authorization header requires 'Signature' parameter. Authorization header requires 'SignedHeaders' parameter. Authorization=AWS4-HMAC-SHA256 Credential=AKIAIIFLVF4YM3PVXQUA" plugin_id="object:b0cb3c9ac"
2017-10-11 09:15:31 +0000 [warn]: /home/fluent/.gem/ruby/2.3.0/gems/aws-sdk-core-2.7.15/lib/seahorse/client/plugins/raise_response_errors.rb:15:in `call'
2017-10-11 09:15:31 +0000 [warn]: /home/fluent/.gem/ruby/2.3.0/gems/aws-sdk-core-2.7.15/lib/aws-sdk-core/plugins/idempotency_token.rb:18:in `call'
2017-10-11 09:15:31 +0000 [warn]: /home/fluent/.gem/ruby/2.3.0/gems/aws-sdk-core-2.7.15/lib/aws-sdk-core/plugins/param_converter.rb:20:in `call'
2017-10-11 09:15:31 +0000 [warn]: /home/fluent/.gem/ruby/2.3.0/gems/aws-sdk-core-2.7.15/lib/aws-sdk-core/plugins/response_paging.rb:26:in `call'
2017-10-11 09:15:31 +0000 [warn]: /home/fluent/.gem/ruby/2.3.0/gems/aws-sdk-core-2.7.15/lib/seahorse/client/plugins/response_target.rb:21:in `call'
2017-10-11 09:15:31 +0000 [warn]: /home/fluent/.gem/ruby/2.3.0/gems/aws-sdk-core-2.7.15/lib/seahorse/client/request.rb:70:in `send_request'
2017-10-11 09:15:31 +0000 [warn]: /home/fluent/.gem/ruby/2.3.0/gems/aws-sdk-core-2.7.15/lib/seahorse/client/base.rb:207:in `block (2 levels) in define_operation_methods'
2017-10-11 09:15:31 +0000 [warn]: /home/fluent/.gem/ruby/2.3.0/gems/fluent-plugin-cloudwatch-logs-0.4.0/lib/fluent/plugin/out_cloudwatch_logs.rb:298:in `log_group_exists?'
2017-10-11 09:15:31 +0000 [warn]: /home/fluent/.gem/ruby/2.3.0/gems/fluent-plugin-cloudwatch-logs-0.4.0/lib/fluent/plugin/out_cloudwatch_logs.rb:121:in `block in write'
2017-10-11 09:15:31 +0000 [warn]: /home/fluent/.gem/ruby/2.3.0/gems/fluent-plugin-cloudwatch-logs-0.4.0/lib/fluent/plugin/out_cloudwatch_logs.rb:113:in `each'
2017-10-11 09:15:31 +0000 [warn]: /home/fluent/.gem/ruby/2.3.0/gems/fluent-plugin-cloudwatch-logs-0.4.0/lib/fluent/plugin/out_cloudwatch_logs.rb:113:in `write'
2017-10-11 09:15:31 +0000 [warn]: /usr/lib/ruby/gems/2.3.0/gems/fluentd-0.12.32/lib/fluent/buffer.rb:354:in `write_chunk'
2017-10-11 09:15:31 +0000 [warn]: /usr/lib/ruby/gems/2.3.0/gems/fluentd-0.12.32/lib/fluent/buffer.rb:333:in `pop'
2017-10-11 09:15:31 +0000 [warn]: /usr/lib/ruby/gems/2.3.0/gems/fluentd-0.12.32/lib/fluent/output.rb:342:in `try_flush'
2017-10-11 09:15:31 +0000 [warn]: /usr/lib/ruby/gems/2.3.0/gems/fluentd-0.12.32/lib/fluent/output.rb:149:in `run'
2017-10-11 09:15:32 +0000 [warn]: temporarily failed to flush the buffer. next_retry=2017-10-11 09:15:34 +0000 error_class="Aws::CloudWatchLogs::Errors::IncompleteSignatureException" error="Authorization header requires 'Signature' parameter. Authorization header requires 'SignedHeaders' parameter. Authorization=AWS4-HMAC-SHA256 Credential=AKIAIIFLVF4YM3PVXQUA" plugin_id="object:b0cb3c9ac"
2017-10-11 09:15:32 +0000 [warn]: suppressed same stacktrace