search

aws / eks-charts

Amazon EKS Helm chart repository
Apache License 2.0
1.2k stars 965 forks source link

[aws-for-fluent-bit] logRetentionPeriod parameter is not working for existing logGroups #1029

Open shubhindia opened 10 months ago

shubhindia commented 10 months ago

I have deployed aws-for-fluent-bit with logRetention set to 90 days using argo. Below is the argo application yaml

apiVersion: argoproj.io/v1alpha1
kind: Application
metadata:
  name: aws-for-fluent-bit
  namespace: argocd
spec:
  destination:
    namespace: fluent-bit
    server: https://kubernetes.default.svc
  project: admin
  source:
    chart: aws-for-fluent-bit
    helm:
      values: |
        cloudWatchLogs:
          region: us-west-2
          logRetentionDays: 90
        serviceAccount:
          create: true
          name: aws-for-fluent-bit
          annotations:
            eks.amazonaws.com/role-arn: arn:aws:iam::<redacted>:role/role-for-fluent_bit-us-west-2
    repoURL: https://aws.github.io/eks-charts
    targetRevision: 0.1.28
  syncPolicy:
    automated:
      selfHeal: true
    syncOptions:
    - Replace=true
    - CreateNamespace=true

This deploys fine but all the older logGroups still have never as retention period . Below is the fluent-bit.conf.

[SERVICE]
    HTTP_Server  On
    HTTP_Listen  0.0.0.0
    HTTP_PORT    2020
    Health_Check On
    HC_Errors_Count 5
    HC_Retry_Failure_Count 5
    HC_Period 5

    Parsers_File /fluent-bit/parsers/parsers.conf
[INPUT]
    Name              tail
    Tag               kube.*
    Path              /var/log/containers/*.log
    DB                /var/log/flb_kube.db
    Parser            docker
    Docker_Mode       On
    Mem_Buf_Limit     5MB
    Skip_Long_Lines   On
    Refresh_Interval  10
[FILTER]
    Name                kubernetes
    Match               kube.*
    Kube_URL            https://kubernetes.default.svc.cluster.local:443
    Merge_Log           On
    Merge_Log_Key       data
    Keep_Log            On
    K8S-Logging.Parser  On
    K8S-Logging.Exclude On
    Buffer_Size         32k
[OUTPUT]
    Name                  cloudwatch_logs
    Match                 *
    region                us-west-2
    log_group_name        /aws/eks/fluentbit-cloudwatch/logs
    log_group_template    /aws/eks/fluentbit-cloudwatch/workload/$kubernetes['namespace_name']
    log_stream_prefix     fluentbit-
    log_stream_template   $kubernetes['pod_name'].$kubernetes['container_name']
    auto_create_group     true
    log_retention_days    90

The policy attached to this role has required permissions as well

      {
        "Effect" : "Allow",
        "Action" : [
          "cloudwatch:PutMetricData",
          "ec2:DescribeVolumes",
          "ec2:DescribeTags",
          "logs:PutLogEvents",
          "logs:DescribeLogStreams",
          "logs:DescribeLogGroups",
          "logs:CreateLogStream",
          "logs:CreateLogGroup",
          "logs:PutRetentionPolicy"
        ],
        "Resource" : "*"
      }
lteixeira-dock commented 7 months ago

I have the same issue.

I deployed a FluentBit setting the retention to 14 days, but When I change the same parameter to 7 days. The fluentBit doesn't update the retention policy in CW LogGroups existing

sav-work commented 3 weeks ago

I have the same issue

log_retention_days 90

Applies only when creating a new LogGroup, if LogGroup already exists new parameter does not update it I think it should be added to the documentation

Thank you.