Configure Fluent Bit to send EKS EC2 logs to CloudWatch on AWS

Fluent Bit is a high-performance and lightweight open-source log processor and forwarder. It’s designed to collect, process, and forward logs and other data in a variety of formats. When Fluent Bit used in AWS Elastic Kubernetes Service (EKS), it works as important and powerful for collecting and managing logs within AWS Kubernetes clusters.

In today’s tutorial, we will learn how we can configure the Fluent Bit on EKS to collect and forward the CloudWatch with easy and simple steps.

Prerequisites

Full access of AWS account (Root Access)
Up and Running EKS cluster
An Application must be deployed on the EKS

Assign EC2 Group of EKS to Access AWS CloudWatch

Before deploying the Fluent Bit on EKS, We need to allow permission on EC2 group of EKS to access the CloudWatch. Without it, Fluent Bit will not be allowed to send the Pod’s logs from EC2 to EKS.

Follow the below steps to allow the permission.

Navigate to IAM service of AWS and then Click on the Roles option.

Search for the name of the EKS cluster in search bar. In my case, the EKS cluster name is First. Now click on the Node group of the EKS as shown in the below screenshot.

Click on the Add permissions and then select the Attach policies option.

Now search for the CloudWatchFullAccess policy in the search bar of policies and Add it to EKS’s node group.

Note:- Make sure to add the CloudWatch policy to EKS Node Group without it Fluent Bit will not able to send logs to CloudWatch. If you have multiple node group connected to EKS cluster then you need to manually add the policy to each node group as mentioned above.

Deploy Fluent Bit on Amazon EKS

Create the namespace named as amazon-cloudwatch, run the following command to create the namespace.

kubectl apply -f https://raw.githubusercontent.com/aws-samples/amazon-cloudwatch-container-insights/latest/k8s-deployment-manifest-templates/deployment-mode/daemonset/container-insights-monitoring/cloudwatch-namespace.yaml

Now create a ConfigMap named as cluster-info with the following command. Replace the Cluster-Name and Cluster-Region with your EKS cluster’s name and region.

ClusterName=Cluster-Name
RegionName=Cluster-Region
FluentBitHttpPort='2020'
FluentBitReadFromHead='Off'
[[ ${FluentBitReadFromHead} = 'On' ]] && FluentBitReadFromTail='Off'|| FluentBitReadFromTail='On'
[[ -z ${FluentBitHttpPort} ]] && FluentBitHttpServer='Off' || FluentBitHttpServer='On'
kubectl create configmap fluent-bit-cluster-info \
--from-literal=cluster.name=${ClusterName} \
--from-literal=http.server=${FluentBitHttpServer} \
--from-literal=http.port=${FluentBitHttpPort} \
--from-literal=read.head=${FluentBitReadFromHead} \
--from-literal=read.tail=${FluentBitReadFromTail} \
--from-literal=logs.region=${RegionName} -n amazon-cloudwatch

To deploy the Fluent Bit as daemonset in the EKS cluster, then run the following command.

kubectl apply -f https://raw.githubusercontent.com/aws-samples/amazon-cloudwatch-container-insights/latest/k8s-deployment-manifest-templates/deployment-mode/daemonset/container-insights-monitoring/fluent-bit/fluent-bit.yaml

Run the following command to verify that the Fluent Bit is successfully deployed on the AWS Kubernetes Cluster.

kubectl get pods -n amazon-cloudwatch

Access the Pods Logs on AWS CloudWatch

Navigate to the CloudWatch service in the AWS and click on the Log groups options.

Troubleshooting

After successfully deploying the Fluent Bit on EKS, If you are unable to see the log groups in the correct AWS region. Then check the status of the Fluent Bit daemonSet pods with the following command and make sure that the status is in Running state.

kubectl get pods -n amazon-cloudwatch

If the status of the pods shows as CreateContainerConfigError then describe the pods to check the issue with the following command.

kubectl describe pod Pod_Name -n amazon-cloudwatch

If the status of the pods shows as Running and still Fluent bit not working, then check the logs of the pods with the following command.

kubectl logs Pod_Name -n amazon-cloudwatch

Conclusion

In AWS EKS cluster, Fluent Bit plays a major role in collecting and managing log data efficiently. Its ability to gather, analyze, and transmit logs in a scalable and customizable manner makes it a valuable element for log management, problem-solving, and monitoring within Kubernetes environments.

If you guys have any queries or questions, then drop a comment regarding your queries.

Install stress Command on Ubuntu 23.10

How to setup pgAdmin on Ubuntu 23.10

Install RabbitMQ Server on Ubuntu 23.10

Install and Setup the Teleport | Teleport Docs

How to Install or Update Latest OpenSSH on Ubuntu 23.10

How To Install Fastpanel On Ubuntu 20.04

How to install Plesk Control Panel on CentOS 7

How to install Virtualmin on Ubuntu 20.04

How To Install Vesta Control Panel on CentOS 7

How to host a website on cPanel

Install stress Command on Ubuntu 23.10

How to setup pgAdmin on Ubuntu 23.10

Install RabbitMQ Server on Ubuntu 23.10

Install and Setup the Teleport | Teleport Docs

How to Install or Update Latest OpenSSH on Ubuntu 23.10

How To Install Fastpanel On Ubuntu 20.04

How to install Plesk Control Panel on CentOS 7

How to install Virtualmin on Ubuntu 20.04

How To Install Vesta Control Panel on CentOS 7

How to host a website on cPanel

How to configure Fluent Bit to send EKS EC2 logs to CloudWatch on AWS

Prerequisites

Assign EC2 Group of EKS to Access AWS CloudWatch

Deploy Fluent Bit on Amazon EKS

Access the Pods Logs on AWS CloudWatch

Troubleshooting

Conclusion

Install stress Command on Ubuntu 23.10

How to setup pgAdmin on Ubuntu 23.10

Install RabbitMQ Server on Ubuntu 23.10

Install and Setup the Teleport | Teleport Docs

How to Install or Update Latest OpenSSH on Ubuntu 23.10

Application Load Balancer on Amazon EKS

Deploy Kubernetes with AWS EKS and Fargate

How to Deploy the Kubernetes Dashboard on an Amazon EKS