To use TLS encryption in your logging infrastructure, you have to configure encryption:
- for the log collection part of your logging pipeline (between Fluent Bit and Fluentd or Fluent bit and syslog-ng), and
- for the output plugin (between Fluentd or syslog-ng and the output backend).
For configuring the output, see the documentation of the output plugin you want to use at Outputs.
For Fluentd and Fluent Bit, you can configure encryption in the logging
resource using the following parameters:
Name | Type | Default | Description |
---|---|---|---|
enabled | bool | “Yes” | Enable TLS encryption |
secretName | string | "” | Kubernetes secret that contains: tls.crt, tls.key, ca.crt |
sharedKey | string | "” | Shared secret for fluentd authentication |
For example:
apiVersion: logging.banzaicloud.io/v1beta1
kind: Logging
metadata:
name: default-logging-tls
spec:
fluentd:
tls:
enabled: true
secretName: fluentd-tls
sharedKey: example-secret
fluentbit:
tls:
enabled: true
secretName: fluentbit-tls
sharedKey: example-secret
controlNamespace: logging
For other parameters of the logging resource, see LoggingSpec.