對於fluentd這個組件來說,你是負責抓取日志的,它可以從docker的控制台里抓取,也可以從指定文件夾里抓取,對於文件夾里存儲的日志文件,我們需要先配置logback,然后再進行fluentd的configmap的配置,這樣才能把持久化的日志抓取出來,並推送到elastic這種存儲介質里。
logback控制存儲位置
<?xml version="1.0" encoding="UTF-8"?>
<configuration>
<property name="logPath" value="/var/log/"/>
<springProperty scope="context" name="springAppName" source="spring.application.name"/>
<appender name="STDOUT" class="ch.qos.logback.core.ConsoleAppender">
<encoder>
<pattern>%date-%level-%X{X-B3-TraceId:-}-%X{X-B3-SpanId:-}-[%file:%line]-%msg%n</pattern>
</encoder>
</appender>
<appender name="fileInfoLog" filePermissions="rw-r--r--" class="ch.qos.logback.core.rolling.RollingFileAppender">
<encoder class="net.logstash.logback.encoder.LoggingEventCompositeJsonEncoder">
<providers class="net.logstash.logback.composite.loggingevent.LoggingEventJsonProviders">
<pattern>
<pattern>
{
"level": "%level",
"application": "${springAppName:-}",
"trace": "%X{X-B3-TraceId:-}",
"span": "%X{X-B3-SpanId:-}",
"exportable": "%X{X-Span-Export:-}",
"pid": "${PID:-}",
"thread": "%thread",
"class": "%logger{40}",
"message": "%message"
}
</pattern>
</pattern>
</providers>
</encoder>
<!--滾動策略-->
<rollingPolicy class="ch.qos.logback.core.rolling.TimeBasedRollingPolicy">
<!--路徑-->
<fileNamePattern>${logPath}/info.%d.log</fileNamePattern>
<maxHistory>7</maxHistory>
</rollingPolicy>
</appender>
<root level="INFO">
<appender-ref ref="STDOUT"/>
<appender-ref ref="fileInfoLog"/>
</root>
fluentd以sidecar邊車方法注冊到pod里
這種sidecar設計主要為了解耦,它與pod里的容器共享存儲卷,事實上就是讀取容器產生的日志,然后把日志推送到存儲介質里,本例是推送到elastic里,通過kibana進行查詢和分析,k8s的yaml部署腳本如下
kind: Deployment
apiVersion: apps/v1
metadata:
name: hello-world-deployment
namespace: saas
labels:
app: hello-world
spec:
replicas: 1
selector:
matchLabels:
app: hello-world
template:
metadata:
labels:
app: hello-world
spec:
containers:
- name: hello-world
image: 172.17.0.22:8888/saas/hello-world:latest
imagePullPolicy: Always
ports:
- containerPort: 9001
env:
- name: spring.profiles.active
value: prod
volumeMounts:
- name: varlog
mountPath: /var/log
- name: fluent-sidecar
image: registry.cn-beijing.aliyuncs.com/k8s-mqm/fluentd-elasticsearch:v2.1.0
env:
- name: FLUENTD_ARGS
value: -c /etc/fluentd-config/fluentd.conf
volumeMounts:
- name: varlog
mountPath: /var/log
- name: config-volume
mountPath: /etc/fluentd-config
volumes:
- name: varlog
emptyDir: {}
- name: config-volume
configMap:
name: fluentd-config
最后是,為fluentd添加配置,就是k8s里的configmap,注意,它是針對某個namespace來說的,這個configmap不能跨namespace訪問。
一般來說,一個namespace在kibana里可以對應一個索引,你在配置fluentd時,可以使用tag和logstash_prefix來實現索引前綴的功能
<source>
type tail
format json
path /var/log/*.log
pos_file /var/log/*.log.pos
tag test.*
</source>
<match **>
@id elasticsearch
@type elasticsearch
@log_level debug
type_name fluentd
host elasticsearch.elk
port 9200
logstash_format true
logstash_prefix test #表示索引的前綴,對應source里的tag,一個namespace可以是一個,對應一組微服務,方便進行日志追蹤
flush_interval 10s
</match>
最后在kibana里建立索引
Management->create index,選擇test-*,保存即可