kubernetes-平台日志收集(ELK)
使用ELK Stack收集Kubernetes平台中日志与可视化
- K8S系统的组件日志
- K8S Cluster里面部署的应用程序日志
日志系统:
ELK安装
- 安装jdk
- [root@localhost ~]# yum install java-1.8.-openjdk
- [root@localhost ~]# java -version
- openjdk version "1.8.0_212"
- OpenJDK Runtime Environment (build 1.8.0_212-b04)
- OpenJDK -Bit Server VM (build 25.212-b04, mixed mode)
- 安装elk组件
- [root@localhost ~]# yum install elasticsearch logstash kibana
- 启动es
- [root@localhost ~]# systemctl start elasticsearch
- 启动kibana
- [root@localhost ~]# vim /etc/kibana/kibana.yml
- server.host: "0.0.0.0"
- elasticsearch.hosts: ["http://localhost:9200"]
- [root@localhost ~]# systemctl start kibana
- 启动logstash
- [root@localhost ~]# cat /etc/logstash/conf.d/logstash-to-es.conf
- input {
beats {
port => 5044
}
}- filter {
}- output {
if [app] == "www" {
if [type] == "nginx-access" {
elasticsearch {
hosts => ["http://127.0.0.1:9200"]
index => "nginx-access-%{+YYYY.MM.dd}"
}
}
else if [type] == "nginx-error" {
elasticsearch {
hosts => ["http://127.0.0.1:9200"]
index => "nginx-error-%{+YYYY.MM.dd}"
}
}
else if [type] == "tomcat-catalina" {
elasticsearch {
hosts => ["http://127.0.0.1:9200"]
index => "tomcat-catalina-%{+YYYY.MM.dd}"
}
}
}
else if [app] == "k8s" {
if [type] == "module" {
elasticsearch {
hosts => ["http://127.0.0.1:9200"]
index => "k8s-log-%{+YYYY.MM.dd}"
}
}
}
stdout { codec => rubydebug }
}- [root@localhost ~]# /usr/share/logstash/bin/logstash -f /etc/logstash/conf.d/logstash-to-es.conf
启动收集日志的容器(filebeat)
- [root@localhost elk]# cat k8s-logs.yaml
- apiVersion: v1
- kind: ConfigMap
- metadata:
- name: k8s-logs-filebeat-config
- namespace: kube-system
- data:
- filebeat.yml: |-
- filebeat.prospectors:
- - type: log
- paths:
- - /messages
- fields:
- app: k8s
- type: module
- fields_under_root: true
- output.logstash:
- hosts: ['192.168.0.225:5044']
- ---
- apiVersion: apps/v1
- kind: DaemonSet
- metadata:
- name: k8s-logs
- namespace: kube-system
- spec:
- selector:
- matchLabels:
- project: k8s
- app: filebeat
- template:
- metadata:
- labels:
- project: k8s
- app: filebeat
- spec:
- containers:
- - name: filebeat
- image: docker.elastic.co/beats/filebeat:6.4.
- args: [
- "-c", "/etc/filebeat.yml",
- "-e",
- ]
- resources:
- requests:
- cpu: 100m
- memory: 100Mi
- limits:
- cpu: 500m
- memory: 500Mi
- securityContext:
- runAsUser:
- volumeMounts:
- - name: filebeat-config
- mountPath: /etc/filebeat.yml
- subPath: filebeat.yml
- - name: k8s-logs
- mountPath: /messages
- volumes:
- - name: k8s-logs
- hostPath:
- path: /var/log/messages
- type: File
- - name: filebeat-config
- configMap:
- name: k8s-logs-filebeat-config
- [root@localhost elk]# kubectl apply -f k8s-logs.yaml
- configmap/k8s-logs-filebeat-config created
- [root@localhost elk]# kubectl get pod -n kube-system
- NAME READY STATUS RESTARTS AGE
- alertmanager-6b5bbd5bd4-lgjn8 / Running 7d4h
- coredns-5b8c57999b-z9jh8 / Running 28d
- grafana- / Running 10d
- k8s-logs-b6f4v / Running 6m30s
- k8s-logs-lz5pn / Running 6m30s
- k8s-logs-pj8kj / Running 6m30s
- kube-state-metrics-f86fd9f4f-j4rdc / Running 7d7h
- kubernetes-dashboard-644c96f9c6-bvw8w / Running 28d
- prometheus- / Running 7d3h
访问kibana,添加index
容器中的日志怎么收集
|
方式 |
优点 |
缺点 |
|
方案一:Node上部署一个日志收集程序 |
每个Node仅需部署一个日志收集程序,资源消耗少,对应用无侵入 |
应用程序日志需要写到标准输出和标准错误输出,不支持多行日志 |
|
方案二:Pod中附加专用日志收集的容器 |
低耦合 |
每个Pod启动一个日志收集代理,增加资源消耗,并增加运维维护成本 |
|
方案三:应用程序直接推送日志 |
无需额外收集工具 |
浸入应用,增加应用复杂度 |
方案二示例:Pod中附加专用日志收集的容器
nginx日志收集
- [root@localhost elk]# cat filebeat-nginx-configmap.yaml
- apiVersion: v1
- kind: ConfigMap
- metadata:
- name: filebeat-nginx-config
- namespace: test
- data:
- filebeat.yml: |-
- filebeat.prospectors:
- - type: log
- paths:
- - /usr/local/nginx/logs/access.log
- # tags: ["access"]
- fields:
- app: www
- type: nginx-access
- fields_under_root: true
- - type: log
- paths:
- - /usr/local/nginx/logs/error.log
- # tags: ["error"]
- fields:
- app: www
- type: nginx-error
- fields_under_root: true
- output.logstash:
- hosts: ['192.168.0.225:5044']
- [root@localhost elk]# kubectl apply -f filebeat-nginx-configmap.yaml
- configmap/filebeat-nginx-config unchanged
- [root@localhost elk]# cat nginx-deployment.yaml
- apiVersion: apps/v1beta1
- kind: Deployment
- metadata:
- name: php-demo
- namespace: test
- spec:
- replicas:
- selector:
- matchLabels:
- project: www
- app: php-demo
- template:
- metadata:
- labels:
- project: www
- app: php-demo
- spec:
- imagePullSecrets:
- - name: registry-pull-secret
- containers:
- - name: nginx
- image: 192.168.0.223/project/nginx:v1
- imagePullPolicy: Always
- ports:
- - containerPort:
- name: web
- protocol: TCP
- resources:
- requests:
- cpu: 0.5
- memory: 256Mi
- limits:
- cpu:
- memory: 1Gi
- resources:
- requests:
- cpu: 0.5
- memory: 256Mi
- limits:
- cpu:
- memory: 1Gi
- livenessProbe:
- httpGet:
- path: /status.php
- port:
- initialDelaySeconds:
- timeoutSeconds:
- volumeMounts:
- - name: nginx-logs
- mountPath: /usr/local/nginx/logs
- - name: filebeat
- image: docker.elastic.co/beats/filebeat:6.4.
- args: [
- "-c", "/etc/filebeat.yml",
- "-e",
- ]
- resources:
- limits:
- memory: 500Mi
- requests:
- cpu: 100m
- memory: 100Mi
- securityContext:
- runAsUser:
- volumeMounts:
- - name: filebeat-config
- mountPath: /etc/filebeat.yml
- subPath: filebeat.yml
- - name: nginx-logs
- mountPath: /usr/local/nginx/logs
- volumes:
- - name: nginx-logs
- emptyDir: {}
- - name: filebeat-config
- configMap:
- name: filebeat-nginx-config
- [root@localhost elk]# kubectl apply -f nginx-deployment.yaml
- deployment.apps/php-demo configured
tomcat日志收集
- [root@localhost elk]# cat filebeat-tomcat-configmap.yaml
- apiVersion: v1
- kind: ConfigMap
- metadata:
- name: filebeat-config
- namespace: test
- data:
- filebeat.yml: |-
- filebeat.prospectors:
- - type: log
- paths:
- - /usr/local/tomcat/logs/catalina.*
- # tags: ["tomcat"]
- fields:
- app: www
- type: tomcat-catalina
- fields_under_root: true
- multiline:
- pattern: '^\['
- negate: true
- match: after
- output.logstash:
- hosts: ['192.168.0.225:5044']
- [root@localhost elk]# kubectl apply -f filebeat-tomcat-configmap.yaml
- configmap/filebeat-config created
- [root@localhost elk]# cat tomcat-deployment.yaml
- apiVersion: apps/v1beta1
- kind: Deployment
- metadata:
- name: tomcat-java-demo
- namespace: test
- spec:
- replicas:
- selector:
- matchLabels:
- project: www
- app: java-demo
- template:
- metadata:
- labels:
- project: www
- app: java-demo
- spec:
- imagePullSecrets:
- - name: registry-pull-secret
- containers:
- - name: tomcat
- image: 192.168.0.223/project/tomcat-java-demo:latest
- imagePullPolicy: Always
- ports:
- - containerPort:
- name: web
- protocol: TCP
- resources:
- requests:
- cpu: 0.5
- memory: 1Gi
- limits:
- cpu:
- memory: 2Gi
- livenessProbe:
- httpGet:
- path: /
- port:
- initialDelaySeconds:
- timeoutSeconds:
- readinessProbe:
- httpGet:
- path: /
- port:
- initialDelaySeconds:
- timeoutSeconds:
- volumeMounts:
- - name: tomcat-logs
- mountPath: /usr/local/tomcat/logs
- - name: filebeat
- image: docker.elastic.co/beats/filebeat:6.4.
- args: [
- "-c", "/etc/filebeat.yml",
- "-e",
- ]
- resources:
- limits:
- memory: 500Mi
- requests:
- cpu: 100m
- memory: 100Mi
- securityContext:
- runAsUser:
- volumeMounts:
- - name: filebeat-config
- mountPath: /etc/filebeat.yml
- subPath: filebeat.yml
- - name: tomcat-logs
- mountPath: /usr/local/tomcat/logs
- volumes:
- - name: tomcat-logs
- emptyDir: {}
- - name: filebeat-config
- configMap:
- name: filebeat-config
- [root@localhost elk]# kubectl apply -f tomcat-deployment.yaml
- deployment.apps/tomcat-java-demo created
kubernetes-平台日志收集(ELK)的更多相关文章
- Kubernetes 常用日志收集方案
Kubernetes 常用日志收集方案 学习了 Kubernetes 集群中监控系统的搭建,除了对集群的监控报警之外,还有一项运维工作是非常重要的,那就是日志的收集. 介绍 应用程序和系统日志可以帮助 ...
- 日志收集ELK+kafka相关博客
SpringBoot+kafka+ELK分布式日志收集 使用 logstash + kafka + elasticsearch 实现日志监控 Kibana 安装 与 汉化 windows系统安装运行f ...
- Kubernetes容器日志收集
日志采集方式 日志从传统方式演进到容器方式的过程就不详细讲了,可以参考一下这篇文章Docker日志收集最佳实践,由于容器的漂移.自动伸缩等特性,日志收集也就必须使用新的方式来实现,Kubernetes ...
- ELK构建MySQL慢日志收集平台详解
上篇文章<中小团队快速构建SQL自动审核系统>我们完成了SQL的自动审核与执行,不仅提高了效率还受到了同事的肯定,心里美滋滋.但关于慢查询的收集及处理也耗费了我们太多的时间和精力,如何在这 ...
- ELK分布式日志收集搭建和使用
大型系统分布式日志采集系统ELK全框架 SpringBootSecurity1.传统系统日志收集的问题2.Logstash操作工作原理3.分布式日志收集ELK原理4.Elasticsearch+Log ...
- Kubernetes实战之部署ELK Stack收集平台日志
主要内容 1 ELK概念 2 K8S需要收集哪些日志 3 ELK Stack日志方案 4 容器中的日志怎么收集 5 K8S平台中应用日志收集 准备环境 一套正常运行的k8s集群,kubeadm安装部署 ...
- ELK+Kafka 企业日志收集平台(一)
背景: 最近线上上了ELK,但是只用了一台Redis在中间作为消息队列,以减轻前端es集群的压力,Redis的集群解决方案暂时没有接触过,并且Redis作为消息队列并不是它的强项:所以最近将Redis ...
- FILEBEAT+ELK日志收集平台搭建流程
filebeat+elk日志收集平台搭建流程 1. 整体简介: 模式:单机 平台:Linux - centos - 7 ELK:elasticsearch.logstash.kiban ...
- ELK Stack 企业级日志收集平台
ELK Stack介绍 大型项目,多产品线的日志收集 ,分析平台 为什么用ELK? 1.开发人员排查问题,服务器上查看权限 2.项目多,服务器多,日志类型多 ELK 架构介绍 数据源--->lo ...
- ELK:日志收集分析平台
简介 ELK是一个日志收集分析的平台,它能收集海量的日志,并将其根据字段切割.一来方便供开发查看日志,定位问题:二来可以根据日志进行统计分析,通过其强大的呈现能力,挖掘数据的潜在价值,分析重要指标的趋 ...
随机推荐
- 数据库路由中间件MyCat - 源代码篇(9)
此文已由作者张镐薪授权网易云社区发布. 欢迎访问网易云社区,了解更多网易技术产品运营经验. 3. 连接模块 3.5 后端连接 3.5.1 后端连接获取与负载均衡 上一节我们讲了后端连接的基本建立和响应 ...
- 蓝桥杯T32(树的直径)
题目链接:http://lx.lanqiao.cn/problem.page?gpid=T32 题意:中文题诶- 思路:显然给出的地图是一颗树,若能求得树的直径 ans,则答案为:ans*(ans+1 ...
- Hyperledger Fabric (1.0)环境部署 chaincode【转】
三.测试Fabric 其实我们在前面运行./network_setup.sh up的时候系统已经运行了一个Example02的ChainCode测试,部署上去的ChainCodeName是mycc,所 ...
- 2015 Noip提高组 Day1
P2615 神奇的幻方 [题目描述] 幻方是一种很神奇的N*N矩阵:它由数字1,2,3,……,N*N构成,且每行.每列及两条对角线上的数字之和都相同. 当N为奇数时,我们可以通过以下方法构建一个幻方: ...
- Tyvj P1520 树的直径
P1520 树的直径 http://www.tyvj.cn/p/1520 时间: 1000ms / 空间: 131072KiB / Java类名: Main 描述 树的直径,即这棵树中距离最远的两个结 ...
- criteria用法
Criteria Query通过面向对象化的设计,将数据查询条件封装为一个对象.简单来讲,Criteria Query可以看作是传统SQL的对象化表示,如: Java代码 Criteria cri ...
- 项目模板eShopOnContainers
.NET Core多平台项目模板eShopOnContainers编译手记 之前写了一个功能性的文件上传asp.net core的小程序,加上点七七八八的东西,勉强能够应付了,打算学习一下微软的官 ...
- 072 Edit Distance 编辑距离
给出两个单词 word1 和 word2,找出将 word1 转换成 word2 所使用的最少的步骤数 (每个操作记为一步).你可以对一个单词进行以下三种操作:a) 插入一个字符b) 删除一个字符c) ...
- C语言-字符操作函数
1字符数组的初始化: 1.1 char string={'c','h','i','n','a'} 1.2char string={"china"}或者去掉{}即char strin ...
- 关于编译错误ambiguous call of overridden pre R14 auto-imported BIF get/1
今天写代码用到了进程字典,出现了一个编译错误 根据相关提示改成了erlang:put erlang/get以后即编译通过