Install upstream Fluentd Helm chart

What does this MR do and why?

Migrates from the deprecated stable/fluentd Helm chart to Fluent's official chart. Currently, we deploy Fluentd 1.1.3, released on Jan 2019.

Refer to gitlab-org/gitlab#273138 (closed).

Rationale

• GMAv2 supports both Fluentd and Filebeat (as a dependency of the elastic-stack chart).
• Filebeat forwards all container logs to Elasticsearch once installed via GMAv2.
• Fluentd should provide a central in-cluster syslog forwarding service for SIEM other than Elasticsearch. It should not serve as a container log forwarder by default.

Implementation

Deploys the latest upstream chart version 0.3.0 containing Fluentd 1.12.0.

The following changes are introduced:

• The Fluentd Kubernetes service now accepts syslog input at 5140/UDP.

• The valuesfile now includes a commented-out example Elasticsearch output that points to the correct Elasticsearch Kubernetes service.

How to set up and validate locally

1. Create a new project, starting from this MR's updated template, as in bauerdominic/fluentd-sandbox

2. Connect a Kubernetes cluster

3. Install at least the fluentd and elastic-stack charts (via helmfile.yaml)

4. Enable Fluentd's Elasticsearch output

5. Enable Kibana

6. Start a Pod and write a syslog message to the Fluentd service:

   % kubectl run -i --rm --tty debug --image=alpine --restart=Never /bin/sh
   # apk add logger
   # logger --rfc3164 -n fluentd.gitlab-managed-apps --port 5140 "Foobar"

7. Access Kibana:

   kubectl port-forward svc/elastic-stack-kibana -n gitlab-managed-apps 5601:5601

   Navigate to http://localhost:5601

8. Create an index pattern for Fluentd documents

   • In Kibana, navigate to Management > Kibana > Index Patterns
   • Create the index pattern fluentd

9. In Kibana, navigate to the Discover section and select the fluentd index:

   

10. Wait a bit because Fluentd buffers writes to Elasticsearch. Then search the index for the message: