k8s-filebeat收集所有容器標准輸出的日志
1. k8s-收集所有容器標准輸出的日志
- filebeat-kubernetes.yaml # 采集所有容器標准輸出
- app-log-stdout.yaml # 標准輸出測試應用
- app-log-logfile.yaml # 日志文件測試應用
1.1 filebeat-kubernetes 配置文件
-
filebeat-kubernetes采集示意圖
- 針對標准輸出:以DaemonSet方式在每個Node上部署一個日志收集程序,采集/var/lib/docker/containers/目錄下所有容器日志
-
示例filebeat-kubernetes.yaml配置文件
--- apiVersion: v1 kind: ConfigMap metadata: name: filebeat-config namespace: ops labels: k8s-app: filebeat data: filebeat.yml: |- filebeat.config: inputs: # Mounted `filebeat-inputs` configmap: path: ${path.config}/inputs.d/*.yml # Reload inputs configs as they change: reload.enabled: false modules: path: ${path.config}/modules.d/*.yml # Reload module configs as they change: reload.enabled: false output.elasticsearch: hosts: ['49.65.125.91:9200'] --- apiVersion: v1 kind: ConfigMap metadata: name: filebeat-inputs namespace: ops labels: k8s-app: filebeat data: kubernetes.yml: |- - type: docker containers.ids: - "*" processors: - add_kubernetes_metadata: in_cluster: true --- apiVersion: apps/v1 kind: DaemonSet metadata: name: filebeat namespace: ops labels: k8s-app: filebeat spec: selector: matchLabels: k8s-app: filebeat template: metadata: labels: k8s-app: filebeat spec: serviceAccountName: filebeat terminationGracePeriodSeconds: 30 containers: - name: filebeat image: elastic/filebeat:7.9.2 args: [ "-c", "/etc/filebeat.yml", "-e", ] securityContext: runAsUser: 0 # If using Red Hat OpenShift uncomment this: #privileged: true resources: limits: memory: 200Mi requests: cpu: 100m memory: 100Mi volumeMounts: - name: config mountPath: /etc/filebeat.yml readOnly: true subPath: filebeat.yml - name: inputs mountPath: /usr/share/filebeat/inputs.d readOnly: true - name: data mountPath: /usr/share/filebeat/data - name: varlibdockercontainers mountPath: /var/lib/docker/containers readOnly: true volumes: - name: config configMap: defaultMode: 0600 name: filebeat-config - name: varlibdockercontainers hostPath: path: /var/lib/docker/containers - name: inputs configMap: defaultMode: 0600 name: filebeat-inputs # data folder stores a registry of read status for all files, so we don't send everything again on a Filebeat pod restart - name: data hostPath: path: /var/lib/filebeat-data type: DirectoryOrCreate --- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding metadata: name: filebeat subjects: - kind: ServiceAccount name: filebeat namespace: ops roleRef: kind: ClusterRole name: filebeat apiGroup: rbac.authorization.k8s.io --- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: name: filebeat labels: k8s-app: filebeat rules: - apiGroups: [""] # "" indicates the core API group resources: - namespaces - pods verbs: - get - watch - list --- apiVersion: v1 kind: ServiceAccount metadata: name: filebeat namespace: ops labels: k8s-app: filebeat -
可視化展示日志:
1.查看索引(日志記錄集合):Management -> Stack Management -> 索引管理
2.將索引關聯到Kibana:索引模式-> 創建-> 匹配模式-> 選擇時間戳
3.在Discover選擇索引模式查看日志
-
圖示
1.2 日志文件輸出
-
日志文件輸出架構圖解
- 針對容器中日志文件:在Pod中增加一個容器運行日志采集器,使用emtyDir共享日志目錄讓日志采集器讀取到日志文件
2. 操作案例
-
編寫filebeat-kubernetes.yaml配置文件
[root@k8s-master elk]# vim filebeat-kubernetes.yaml [root@k8s-master elk]# cat filebeat-kubernetes.yaml --- apiVersion: v1 kind: ConfigMap metadata: name: filebeat-config namespace: ops labels: k8s-app: filebeat data: filebeat.yml: |- filebeat.config: inputs: # Mounted `filebeat-inputs` configmap: path: ${path.config}/inputs.d/*.yml # Reload inputs configs as they change: reload.enabled: false modules: path: ${path.config}/modules.d/*.yml # Reload module configs as they change: reload.enabled: false output.elasticsearch: hosts: ['127.0.0.1:9200'] username: "admin" password: "12345678" --- apiVersion: v1 kind: ConfigMap metadata: name: filebeat-inputs namespace: ops labels: k8s-app: filebeat data: kubernetes.yml: |- - type: docker containers.ids: - "*" processors: - add_kubernetes_metadata: in_cluster: true --- apiVersion: apps/v1 kind: DaemonSet metadata: name: filebeat namespace: ops labels: k8s-app: filebeat spec: selector: matchLabels: k8s-app: filebeat template: metadata: labels: k8s-app: filebeat spec: serviceAccountName: filebeat terminationGracePeriodSeconds: 30 containers: - name: filebeat image: elastic/filebeat:7.10.1 args: [ "-c", "/etc/filebeat.yml", "-e", ] securityContext: runAsUser: 0 # If using Red Hat OpenShift uncomment this: #privileged: true resources: limits: memory: 200Mi requests: cpu: 100m memory: 100Mi volumeMounts: - name: config mountPath: /etc/filebeat.yml readOnly: true subPath: filebeat.yml - name: inputs mountPath: /usr/share/filebeat/inputs.d readOnly: true - name: data mountPath: /usr/share/filebeat/data - name: varlibdockercontainers mountPath: /var/lib/docker/containers readOnly: true volumes: - name: config configMap: defaultMode: 0600 name: filebeat-config - name: varlibdockercontainers hostPath: path: /var/lib/docker/containers - name: inputs configMap: defaultMode: 0600 name: filebeat-inputs # data folder stores a registry of read status for all files, so we don't send everything again on a Filebeat pod restart - name: data hostPath: path: /var/lib/filebeat-data type: DirectoryOrCreate --- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding metadata: name: filebeat subjects: - kind: ServiceAccount name: filebeat namespace: ops roleRef: kind: ClusterRole name: filebeat apiGroup: rbac.authorization.k8s.io --- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: name: filebeat labels: k8s-app: filebeat rules: - apiGroups: [""] # "" indicates the core API group resources: - namespaces - pods verbs: - get - watch - list --- apiVersion: v1 kind: ServiceAccount metadata: name: filebeat namespace: ops labels: k8s-app: filebeat -
運行配置
[root@k8s-master elk]# kubectl create namespace ops namespace/ops created [root@k8s-master elk]# kubectl apply -f filebeat-kubernetes.yaml configmap/filebeat-config created configmap/filebeat-inputs created daemonset.apps/filebeat created clusterrolebinding.rbac.authorization.k8s.io/filebeat unchanged clusterrole.rbac.authorization.k8s.io/filebeat unchanged serviceaccount/filebeat created -
查看運行配置
[root@k8s-master elk]# kubectl get pods -n ops NAME READY STATUS RESTARTS AGE filebeat-dmbzg 1/1 Running 0 24m [root@k8s-master elk]# kubectl logs -f filebeat-dmbzg -n ops -
查看kibana是否有索引
3. 可視化展示數據
- 可視化展示數據
-
創建索引
-
查看索引數據
4. 驗證日志輸出
-
創建nginx服務
[root@k8s-master elk]# kubectl run nginx --image=nginx -
請求nginx,得到日志數據
[root@k8s-master elk]# kubectl get pods NAME READY STATUS RESTARTS AGE nginx 1/1 Running 0 33h tomcat 1/1 Running 0 33h web-5df8b97c79-hksfc 1/1 Running 0 3d3h [root@k8s-master elk]# kubectl get pods -o wide NAME READY STATUS RESTARTS AGE IP NODE NOMINATED NODE READINESS GATES nginx 1/1 Running 0 33h 10.244.85.196 k8s-node01 <none> <none> tomcat 1/1 Running 0 33h 10.244.85.197 k8s-node01 <none> <none> web-5df8b97c79-hksfc 1/1 Running 0 3d3h 10.244.85.195 k8s-node01 <none> <none> [root@k8s-master elk]# curl -I 10.244.85.196 HTTP/1.1 200 OK Server: nginx/1.21.1 Date: Thu, 08 Jul 2021 14:13:02 GMT Content-Type: text/html Content-Length: 612 Last-Modified: Tue, 06 Jul 2021 14:59:17 GMT Connection: keep-alive ETag: "60e46fc5-264" Accept-Ranges: bytes [root@k8s-master elk]# curl -I 10.244.85.196 HTTP/1.1 200 OK Server: nginx/1.21.1 Date: Thu, 08 Jul 2021 14:13:04 GMT Content-Type: text/html Content-Length: 612 Last-Modified: Tue, 06 Jul 2021 14:59:17 GMT Connection: keep-alive ETag: "60e46fc5-264" Accept-Ranges: bytes -
查看輸出日志
[root@k8s-master elk]# kubectl logs nginx 10.244.235.192 - - [07/Jul/2021:05:15:13 +0000] "GET / HTTP/1.1" 200 612 "-" "curl/7.29.0" "-" 10.244.235.192 - - [07/Jul/2021:05:15:18 +0000] "GET / HTTP/1.1" 200 612 "-" "curl/7.29.0" "-" 10.244.235.192 - - [08/Jul/2021:14:08:55 +0000] "GET / HTTP/1.1" 200 612 "-" "curl/7.29.0" "-" 10.244.235.192 - - [08/Jul/2021:14:08:57 +0000] "GET / HTTP/1.1" 200 612 "-" "curl/7.29.0" "-" 10.244.235.192 - - [08/Jul/2021:14:13:02 +0000] "HEAD / HTTP/1.1" 200 0 "-" "curl/7.29.0" "-" 10.244.235.192 - - [08/Jul/2021:14:13:04 +0000] "HEAD / HTTP/1.1" 200 0 "-" "curl/7.29.0" "-" -
kibana驗證nginx數據是否被收集
