我通过以下命令部署
vmware/kube-fluentd-operator$ CHART_URL='https://github.com/vmware/kube-fluentd-operator/releases/download/v1.17.0/log-router-0.4.0.tgz'
$ helm install kfo ${CHART_URL} --set rbac.create=true --set image.tag=v1.16.8 --set image.repository=vmware/kube-fluentd-operator --set datasource=crd
然后尝试将k8s集群日志转发到splunk服务器。
$ kubectl apply -f f.yml↓ f.yml
$ cat f.yml
apiVersion: logs.vdp.vmware.com/v1beta1
kind: FluentdConfig
metadata:
name: fluentd-config
spec:
env:
- name: FLUENTD_SYSTEMD_CONF
value: 'disable'
fluentconf: |
<match **>
@type splunk_hec
hec_host 139.196.39.??
hec_port 8088
hec_token F4916F96-A7E3-4B1C-9153-???
insecure_ssl true
</match>
但是 Splunk 服务器(139.196.39.??)没有收到任何日志,
kube-fluentd-operator$ kubectl logs -f kfo-log-router-5rw5l
...
2023-03-06 09:26:48 +0000 [warn]: #0 [in_systemd_docker] Systemd::JournalError: No such file or directory retrying in 1s
2023-03-06 09:26:49 +0000 [warn]: #0 [in_systemd_bootkube] Systemd::JournalError: No such file or directory retrying in 1s
2023-03-06 09:26:49 +0000 [warn]: #0 [in_systemd_kubelet] Systemd::JournalError: No such file or directory retrying in 1s
期待 k8s 集群日志成功发送到 splunk 服务器。