常見的方案:
- 日志輸出到stdout stderr
相關(guān)的路徑有兩個(gè)/var/lib/docker/container 和 /var/log/container, 一般云平臺(tái)都默認(rèn)支持 - 日志輸出到文件,emptyDir方式掛載,pod中再通過sidecar方式部署一個(gè)采集agent
- 日志輸出到文件徽惋,hostPath方式掛載,agent通過deamonset方式部署
分析:
方案1 我司日志都是打到文件铅歼,修改的話成本高
方案2 agent變化時(shí)如何全部生效可能會(huì)帶來麻煩公壤,維護(hù)成本高
方案3 存儲(chǔ)可能會(huì)有浪費(fèi),相比其他問題成本還是低很多椎椰。常見有fluentd等
確定方案:
使用方案3厦幅,agent使用filebeat,因?yàn)楸容^熟悉慨飘,最新是7.3版本, 支持不少新功能
具體實(shí)施:
1.配置hostPath掛載日志
掛載主機(jī)的/var/log/containers2/[namespace]/[svcName]到容器的/home/logs目錄确憨,容器在entrypoint腳本中增加軟鏈,將應(yīng)用通用的/home/abc/logs目錄鏈接到/home/logs/${HOSTNAME}下瓤的,可以解決deploy多pod時(shí)日志區(qū)分的問題休弃。
- 配置filebeat
參考了官網(wǎng)的配置
---
apiVersion: v1
kind: ConfigMap
metadata:
name: filebeat-config
namespace: kube-system
labels:
k8s-app: filebeat
data:
# java日志以日期開頭,node日志以[日期開頭,nginx access日志以日期開頭堤瘤,nginx error日志日期以/分割
filebeat.yml: |-
filebeat.inputs:
- type: log
paths:
- /var/log/containers2/*/*/*/*.log
multiline.pattern: '^\[?[0-9]{4}[-\/][0-9]{2}[-\/][0-9]{2}'
multiline.negate: true
multiline.match: after
ignore_older: 5m
close_inactive: 1m
clean_removed: true
processors:
- script:
lang: javascript
id: k8s_metadata
source: >
function process(event) {
event.Tag("js");
var path = event.Get('log.file.path');
path = path.split('/');
event.Put('k8s.namespace', path[4]);
event.Put('k8s.svcname', path[5]);
event.Put('k8s.podname', path[6]);
}
output.kafka:
hosts: ['xx:9092', 'xxx:9092', 'xxx:9092']
topic: 'xxx'
required_acks: 1
compression: gzip
---
apiVersion: extensions/v1beta1
kind: DaemonSet
metadata:
name: filebeat
namespace: kube-system
labels:
k8s-app: filebeat
spec:
template:
metadata:
labels:
k8s-app: filebeat
spec:
serviceAccountName: filebeat
terminationGracePeriodSeconds: 30
containers:
- name: filebeat
image: docker.elastic.co/beats/filebeat:7.2.1
args: [
"-c", "/etc/filebeat.yml",
"-e",
]
env:
- name: NODE_NAME
valueFrom:
fieldRef:
fieldPath: spec.nodeName
securityContext:
runAsUser: 0
# If using Red Hat OpenShift uncomment this:
#privileged: true
resources:
limits:
memory: 200Mi
requests:
cpu: 100m
memory: 100Mi
volumeMounts:
- name: config
mountPath: /etc/filebeat.yml
readOnly: true
subPath: filebeat.yml
- name: data
mountPath: /usr/share/filebeat/data
- name: varlibdockercontainers
mountPath: /var/lib/docker/containers
readOnly: true
- name: varlog
mountPath: /var/log
readOnly: true
volumes:
- name: config
configMap:
defaultMode: 0600
name: filebeat-config
- name: varlibdockercontainers
hostPath:
path: /var/lib/docker/containers
- name: varlog
hostPath:
path: /var/log
# data folder stores a registry of read status for all files, so we don't send everything again on a Filebeat pod restart
- name: data
hostPath:
path: /var/lib/filebeat-data
type: DirectoryOrCreate
---
apiVersion: rbac.authorization.k8s.io/v1beta1
kind: ClusterRoleBinding
metadata:
name: filebeat
subjects:
- kind: ServiceAccount
name: filebeat
namespace: kube-system
roleRef:
kind: ClusterRole
name: filebeat
apiGroup: rbac.authorization.k8s.io
---
apiVersion: rbac.authorization.k8s.io/v1beta1
kind: ClusterRole
metadata:
name: filebeat
labels:
k8s-app: filebeat
rules:
- apiGroups: [""] # "" indicates the core API group
resources:
- namespaces
- pods
verbs:
- get
- watch
- list
---
apiVersion: v1
kind: ServiceAccount
metadata:
name: filebeat
namespace: kube-system
labels:
k8s-app: filebeat
---
``