I am trying to create a daemonset that will collect logs from all the pods in a node from a specific namespace. I am not sure how I would specify a namespace name.
I have a namespace logging in which i deploy the daemonset. I created a serviceccount as below
apiVersion: v1
kind: ServiceAccount
metadata:
name: fluent-bit
namespace: loggingMy cluster role looks like this
apiVersion: rbac.authorization.k8s.io/v1beta1
kind: ClusterRole
metadata:
name: fluent-bit-read
rules:
- apiGroups: [""]
resources:
- namespaces
- pods
verbs: ["get", "list", "watch"]role binding
apiVersion: rbac.authorization.k8s.io/v1beta1
kind: ClusterRoleBinding
metadata:
name: fluent-bit-read
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: fluent-bit-read
subjects:
- kind: ServiceAccount
name: fluent-bit
namespace: loggingRight now the daemonset collects logs from the path /var/log/containers/*.log which currently has log files from containers running in all namespaces. Is there a way I could restrict this daemonset to just collect logs from namespaces i need ?
You'll have to adjust your Bit config to only read the log files you want. Or you could use routing rules if you prefer. This is not related to the Kubernetes API, Bit reads the logs directly off the disk via a bind mount.
Here is what we have in k8s documentation (link).
A Role always sets permissions within a particular namespace; when you create a Role, you have to specify the namespace it belongs in.
ClusterRole, by contrast, is a non-namespaced resource. The resources have different names (Role and ClusterRole) because a Kubernetes object always has to be either namespaced or not namespaced; it can’t be both.
So, in your case you need to make use of a Role and a RoleBinding instead of a ClusterRole and ClusterRoleBinding.