You implement log forwarding with Fluent Bit at the individual cluster level. This applies to both management clusters and Tanzu Kubernetes clusters that you deploy from the management cluster.

The procedures in this topic describe how to deploy Fluent Bit on management clusters and Tanzu Kubernetes clusters that are running on either vSphere or Amazon EC2.

You deploy Fluent Bit on clusters by applying YAML files from the Tanzu Kubernetes Grid extensions bundle onto clusters.


  • You have deployed a management cluster to either vSphere or Amazon EC2 and optionally one or more Tanzu Kubernetes clusters.
  • You have downloaded and unpacked the bundle of Tanzu Kubernetes Grid extensions. For information about where to obtain the bundle, see Download and Unpack the Tanzu Kubernetes Grid Extensions Bundle.
  • You have deployed one of the following logging management backends for storing and analyzing logs.
    • Elastic Search
    • Kafka
    • Splunk
    • HTTP


Perform this procedure on all clusters from which you want to collect logs. You can apply this procedure on either management clusters or Tanzu Kubernetes clusters, that are running on either vSphere or Amazon EC2. The instructions in this procedure assume that you unpacked the bundle of Tanzu Kubernetes Grid extensions in the location in which your are running the commands.

  1. Get the contexts of the clusters from which to gather logs.

    • To see the contexts of all of your management clusters, run tkg get management-cluster.
    • To see the contexts of all of the clusters that a management cluster manages, run tkg set management-cluster my-management-cluster then tkg get cluster.
  2. Set the focus of kubectl to the context of the management cluster or Tanzu Kubernetes cluster from which to gather logs.

    kubectl config use-context my-cluster-admin@my-cluster

  3. Create a namespace on the cluster for Fluent Bit.

    • vSphere:
      kubectl apply -f tkg-extensions-v1.0.0/logging/fluent-bit/vsphere/00-fluent-bit-namespace.yaml
    • Amazon EC2
      kubectl apply -f tkg-extensions-v1.0.0/logging/fluent-bit/aws/00-fluent-bit-namespace.yaml
  4. Create role-based access control (RBAC) resources for Fluent Bit.

    This procedure creates a cluster role that grants get, list, and watch permissions on pods and namespace objects. The ClusterRoleBinding binds the ClusterRole to the ServiceAccount within the logging namespace.

    1. Create a service account.

      • vSphere:
        kubectl apply -f tkg-extensions-v1.0.0/logging/fluent-bit/vsphere/01-fluent-bit-service-account.yaml
      • Amazon EC2:
        kubectl apply -f tkg-extensions-v1.0.0/logging/fluent-bit/aws/01-fluent-bit-service-account.yaml
    2. Create a cluster role.

      • vSphere:
        kubectl apply -f tkg-extensions-v1.0.0/logging/fluent-bit/vsphere/02-fluent-bit-role.yaml
      • Amazon EC2:
        kubectl apply -f tkg-extensions-v1.0.0/logging/fluent-bit/aws/02-fluent-bit-role.yaml
    3. Create a cluster role binding.

      • vSphere:
        kubectl apply -f logging/fluent-bit/vsphere/03-fluent-bit-role-binding.yaml
      • Amazon EC2:
        kubectl apply -f tkg-extensions-v1.0.0/logging/fluent-bit/aws/03-fluent-bit-role-binding.yaml

What to Do Next

Depending on whether you use Elastic Search, Kafka, Splunk, or HTTP, configure an output plugin on your cluster.

check-circle-line exclamation-circle-line close-line
Scroll to top icon