One Eye can automatically encrypt the communication between Fluentd and Fluent Bit, and it also automates handling the certificates used to mutually authenticate the TLS connections using cert-manager.
To enable TLS encryption between Fluentd and Fluent Bit, complete the following steps.
-
Install the cert-manager component of One Eye.
one-eye cert-manager install
-
Update the logging component.
one-eye logging install --update
-
Enable encrypted log transfer. The following command creates the required certificates and configures the Logging resource accordingly.
one-eye logging configure --secure
-
One Eye automatically creates the custom resources required for TLS certificates. Additionally, the generated configuration include newly created secrets for Fluentd and Fluent Bit. For example:
apiVersion: logging.banzaicloud.io/v1beta1 kind: Logging metadata: name: one-eye spec: enableRecreateWorkloadOnImmutableFieldChange: true controlNamespace: default fluentbit: tls: enabled: true secretName: one-eye-fluentbit-secret ... fluentd: tls: enabled: true secretName: one-eye-fluentd-secret image: tag: v1.9.2-alpine-9 repository: banzaicloud/one-eye-fluentd disablePvc: true