How-to Configure Persistent Log Forwarding for Terraform Enterprise (Helm)

Avatar
Kunal Singh
  • Updated

Problem

When Terraform Enterprise (TFE) is deployed via Helm in Azure Kubernetes Service (AKS), logs from the atlas.log file fail to forward from the TFE pod to an Azure Log Analytics Workspace. This occurs even when using Azure Monitor Data Collection Rules (DCR) and logs are accessible in the container via a Persistent Volume Claim (PVC).

Cause

This issue has two primary causes.

First, the default TFE log forwarding feature is not enabled. A support bundle shows the following configuration.

{
  "log_forwarding": {
    "ConfigData": "",
    "config_path": "",
    "enabled": false
  }
}

Second, the documented method for enabling log forwarding relies on direct configuration within the pod, which is ephemeral. When pods restart, this configuration is lost. Additionally, the path /var/log/terraform-enterprise is intended for runtime logs, not static configuration files like fluent-bit.conf.

Solution

To automate and persist the log forwarding configuration across all environments and pod restarts, you must enable the feature and mount the configuration file using your Helm values.yaml file.

Configure Persistent Log Forwarding via Helm values.yaml

  1. Enable log forwarding by setting the following environment variables in your values.yaml file. This directs TFE to use a custom configuration path.

    TFE_LOG_FORWARDING_ENABLED: true
TFE_LOG_FORWARDING_CONFIG_PATH: "/etc/fluent-bit-custom/config"

  2. Mount your Fluent Bit configuration file as a volume. This ensures the configuration persists across pod restarts by making the file available at the specified target path.

    - type: bind
  source: /opt/tfe/fluent-bit.conf
  target: /etc/fluent-bit-custom/config

Outcome

By enabling TFE_LOG_FORWARDING_ENABLED and mounting the Fluent Bit configuration file as a volume, Terraform Enterprise will automatically forward logs from all pod instances. This ensures centralized visibility in Azure Log Analytics without requiring manual reconfiguration after pod restarts.

Additional Information

Articles in this section

Related articles