Customers using Tanzu Kubernetes Grid (TKGm) 2.5.2 may wish to configure Fluent Bit to securely forward logs to an external Elasticsearch server using HTTPS and authentication (username/password).
This article clarifies whether HTTPS and authentication parameters are officially supported in the Tanzu Fluent Bit plugin included with the TKGm 2.5.2 package.

• Product: VMware Tanzu Kubernetes Grid (TKGm)

• Version: 2.5.2

• Component: Fluent Bit package (tanzu-system-logging)

• Log forwarder target: External Elasticsearch server

Customers may attempt to configure HTTPS and basic authentication parameters (e.g., tls On, HTTP_User, HTTP_Passwd) in the Fluent Bit output section.
However, these parameters are not included in the officially documented or validated configuration provided by the Tanzu Fluent Bit plugin deployed via the Tanzu package system.

The Tanzu Fluent Bit plugin for TKGm 2.5.2 supports only the configurations listed in the official VMware Tanzu documentation.

At this time:

• HTTPS and authentication parameters are not part of the officially supported configuration for Fluent Bit in TKGm 2.5.2.

• Customers who wish to experiment with HTTPS and authentication (e.g., tls On, tls.verify On, tls.ca_file, HTTP_User, HTTP_Passwd) may do so only in a non-production or lab environment.

For details on officially supported Fluent Bit configurations and usage in Tanzu Kubernetes Grid environments, please refer to:

• VMware Tanzu Kubernetes Grid Documentation – Logging Architecture and Fluent Bit Configuration

• https://docs.fluentbit.io/manual/