One Eye can automatically encrypt the communication between Fluentd and Fluent Bit, and it also automates handling the certificates used to mutually authenticate the TLS connections using cert-manager.

To enable TLS encryption between Fluentd and Fluent Bit, complete the following steps.

  1. Install the cert-manager component of One Eye.

    one-eye cert-manager install
    
  2. Update the logging component.

    one-eye logging install --update
    
  3. Enable encrypted log transfer. The following command creates the required certificates and configures the Logging resource accordingly.

    one-eye logging configure --secure
    
  4. One Eye automatically creates the custom resources required for TLS certificates. Additionally, the generated configuration include newly created secrets for Fluentd and Fluent Bit. For example:

    apiVersion: logging.banzaicloud.io/v1beta1
    kind: Logging
    metadata:
    name: one-eye
    spec:
    enableRecreateWorkloadOnImmutableFieldChange: true
    controlNamespace: default
    fluentbit:
        tls:
        enabled: true
        secretName: one-eye-fluentbit-secret
    ...`
    fluentd:
        tls:
        enabled: true
        secretName: one-eye-fluentd-secret
        image:
        tag: v1.9.2-alpine-9
        repository: banzaicloud/one-eye-fluentd
        disablePvc: true