Using Antrea with Fluentd

Fluentd, in order for efficient audit logging. In this scenario, Antrea is used for the default network,

is used for the default storage, and Kibana dashboard is used for visualization.

• Practical steps
  • Step 3: Configure Custom Fluentd Plugins
  • Step 5: Visualize with Kibana Dashboard

The only prerequisites are:

• a K8s cluster (Linux Nodes) running a K8s version supported by Antrea.

All the required software will be deployed using YAML manifests, and the corresponding container images will be downloaded from public registries.

For detailed information on the Antrea requirements and instructions on how to deploy Antrea, please refer to

You may also choose a .

Fluentd supports multiple . Details will be discussed in Step 4, but by default, log records are collected by Fluentd DaemonSet and sent to Elasticsearch. A Kibana Dashboard can then be used to visualize the data. The YAML file for deployment is included in the directory. To deploy Elasticsearch and Kibana, run:

The architecture of Fluentd is a pipeline from input-> parser-> buffer-> output-> formatter, many of these are plugins that could be configured to fit users’ different use cases.

To specify custom input plugins and parsers, modify ./resources/kubernetes.conf and create a ConfigMap with the following command. Later, direct Fluentd DaemonSet to refer to that ConfigMap. To see more variations of custom configuration, refer to Fluentd inputs. This cookbook uses the input plugin to monitor the audit logging files for Antrea-native policies on every K8s Node.

Fluentd deployment includes RBAC and DaemonSet. Fluentd will collect logs from cluster components, so permissions need to be granted first through RBAC. In fluentd.yml, we create a ServiceAccount, and use a ClusterRole and a ClusterRoleBinding to grant it permissions to read, list and watch Pods in cluster scope.

Navigate to and create an index pattern with “fluentd-*”. Go to http://[NodeIP]: 30007/app/kibana#/discover to see the results as below.

Kibana dashboard supports creating alerts with the logs in this

. This

documentation also provides a detailed guide for email alerting when using td-agent (the stable version of Fluentd and preconfigured).

.