Kubernetes events

Collect Kubernetes events

Kubernetes exports events through the API server. This input plugin lets you retrieve those events as logs and process them through the pipeline.

Configuration parameters

Key

Description

Default

db

Set a database file to keep track of recorded Kubernetes events.

none

db.journal_mode

Set the journal mode for databases. Values: DELETE, TRUNCATE, PERSIST, MEMORY, WAL, OFF.

WAL

db.locking

Specify that the database will be accessed only by Fluent Bit. Enabling this feature helps increase performance when accessing the database but restricts external tools from querying the content.

false

db.sync

Set a database sync method. Values: extra, full, normal, off.

normal

interval_nsec

Set the reconnect interval (sub seconds: nanoseconds).

500000000

interval_sec

Set the reconnect interval (seconds).

0

kube_ca_file

Kubernetes TLS CA file.

/var/run/secrets/kubernetes.io/serviceaccount/ca.crt

kube_ca_path

Kubernetes TLS CA path.

none

kube_namespace

Kubernetes namespace to query events from. Gets events from all namespaces by default.

none

kube_request_limit

Kubernetes limit parameter for events query. No limit applied when set to 0.

0

kube_retention_time

Kubernetes retention time for events.

1h

kube_token_file

Kubernetes authorization token file.

/var/run/secrets/kubernetes.io/serviceaccount/token

kube_token_ttl

Kubernetes token time to live, until it's read again from the token file.

10m

kube_url

API Server endpoint.

https://kubernetes.default.svc

tls.debug

Set TLS debug level: 0 (no debug), 1 (error), 2 (state change), 3 (info), and 4 (verbose).

0

tls.verify

Enable or disable verification of TLS peer certificate.

true

tls.vhost

Set optional TLS virtual host.

none

In Fluent Bit 3.1 or later, this plugin uses a Kubernetes watch stream instead of polling. In versions earlier than 3.1, the interval parameters are used for reconnecting the Kubernetes watch stream.

Threading

This input always runs in its own thread.

Get started

Kubernetes service account

The Kubernetes service account used by Fluent Bit must have get, list, and watch permissions to namespaces and pods for the namespaces watched in the kube_namespace configuration parameter. If you're using the Helm chart to configure Fluent Bit, this role is included.

Basic configuration file

In the following configuration file, the Kubernetes events plugin collects events and exposes them through the standard output plugin on the console:

service:
  flush: 1
  log_level: info
    
pipeline:
  inputs:
    - name: kubernetes_events
      tag: k8s_events
      kube_url: https://kubernetes.default.svc
      
  outputs:
    - name: stdout
      match: '*'

[SERVICE]
  flush           1
  log_level       info

[INPUT]
  name            kubernetes_events
  tag             k8s_events
  kube_url        https://kubernetes.default.svc

[OUTPUT]
  name            stdout
  match           *

Event timestamp

Event timestamps are created from the first existing field, based on the following order of precedence:

lastTimestamp
firstTimestamp
metadata.creationTimestamp

PreviousKernel logs NextMemory metrics

Last updated 15 days ago

Was this helpful?

hashtagConfiguration parameters

hashtagThreading

hashtagGet started

hashtagKubernetes service account

hashtagBasic configuration file

hashtagEvent timestamp

Configuration parameters

Threading

Get started

Kubernetes service account

Basic configuration file

Event timestamp