From 3057b50c510613145c6b668715baab17050dc0ae Mon Sep 17 00:00:00 2001 From: Ryan Ohnemus Date: Fri, 16 Aug 2024 10:49:08 -0500 Subject: [PATCH] in_kubernetes_events: add k8s permission details (#1396) * in_kubernetes_events: add k8s permission details fluent/fluent-bit#8351 Signed-off-by: ryanohnemus * Update pipeline/inputs/kubernetes-events.md Co-authored-by: Adam Locke Signed-off-by: Ryan Ohnemus * Update pipeline/inputs/kubernetes-events.md Co-authored-by: Adam Locke Signed-off-by: Ryan Ohnemus * Add hard return to break section Signed-off-by: Adam Locke --------- Signed-off-by: ryanohnemus Signed-off-by: Ryan Ohnemus Signed-off-by: Adam Locke Co-authored-by: Adam Locke --- pipeline/inputs/kubernetes-events.md | 14 ++++++++++++-- 1 file changed, 12 insertions(+), 2 deletions(-) diff --git a/pipeline/inputs/kubernetes-events.md b/pipeline/inputs/kubernetes-events.md index eb156e0a9..78de97bfa 100644 --- a/pipeline/inputs/kubernetes-events.md +++ b/pipeline/inputs/kubernetes-events.md @@ -14,8 +14,8 @@ Kubernetes exports it events through the API server. This input plugin allows to |---------------------|---------------------------------------------------------------------------------------|------------------------------------------------------| | db | Set a database file to keep track of recorded Kubernetes events | | | db.sync | Set a database sync method. values: extra, full, normal and off | normal | -| interval_sec | Set the polling interval for each channel. | 0 | -| interval_nsec | Set the polling interval for each channel (sub seconds: nanoseconds) | 500000000 | +| interval_sec | Set the reconnect interval (seconds)* | 0 | +| interval_nsec | Set the reconnect interval (sub seconds: nanoseconds)* | 500000000 | | kube_url | API Server end-point | https://kubernetes.default.svc | | kube_ca_file | Kubernetes TLS CA file | /var/run/secrets/kubernetes.io/serviceaccount/ca.crt | | kube_ca_path | Kubernetes TLS ca path | | @@ -28,8 +28,18 @@ Kubernetes exports it events through the API server. This input plugin allows to | tls.verify | Enable or disable verification of TLS peer certificate. | On | | tls.vhost | Set optional TLS virtual host. | | + +- _* As of Fluent-Bit 3.1, this plugin uses a Kubernetes watch stream instead of polling. In versions before 3.1, the interval parameters are used for reconnecting the Kubernetes watch stream._ + + ## Getting Started +### Kubernetes Service Account +The Kubernetes service account used by Fluent Bit must have `get`, `list`, and `watch` +permissions to `namespaces` and `pods` for the namespaces watched in the +`kube_namespace` configuration parameter. If you're using the helm chart to configure +Fluent Bit, this role is included. + ### Simple Configuration File In the following configuration file, the input plugin *kubernetes_events* collects events every 5 seconds (default for *interval_nsec*) and exposes them through the [standard output plugin](../outputs/standard-output.md) on the console.