One Eye can automatically encrypt the communication between Fluentd and Fluent Bit, and it also automates handling the certificates used to mutually authenticate the TLS connections using cert-manager.

To enable TLS encryption between Fluentd and Fluent Bit, complete the following steps.

  1. Install the cert-manager component of One Eye.

    one-eye cert-manager install
    
  2. Update the logging component.

    one-eye logging install --update
    
  3. Enable encrypted log transfer. The following command creates the required certificates and configures the Logging resource accordingly.

    one-eye logging configure --secure
    
  4. One Eye automatically creates the custom resources required for TLS certificates. Additionally, the generated configuration include newly created secrets for Fluentd and Fluent Bit. For example:

    apiVersion: logging.banzaicloud.io/v1beta1
      kind: Logging
    metadata:
      name: one-eye
    spec:
      enableRecreateWorkloadOnImmutableFieldChange: true
      controlNamespace: default
      fluentbit:
        tls:
          enabled: true
          secretName: one-eye-fluentbit-secret
      ...
      fluentd:
        tls:
          enabled: true
          secretName: one-eye-fluentd-secret
        image:
          tag: v1.9.2-alpine-9
          repository: banzaicloud/one-eye-fluentd
        disablePvc: true