kubernetes-平台日志收集(ELK)
使用ELK Stack收集Kubernetes平台中日志与可视化
- K8S系统的组件日志
- K8S Cluster里面部署的应用程序日志
日志系统:
ELK安装
安装jdk
[root@localhost ~]# yum install java-1.8.-openjdk
[root@localhost ~]# java -version
openjdk version "1.8.0_212"
OpenJDK Runtime Environment (build 1.8.0_212-b04)
OpenJDK -Bit Server VM (build 25.212-b04, mixed mode) 安装elk组件
[root@localhost ~]# yum install elasticsearch logstash kibana
启动es
[root@localhost ~]# systemctl start elasticsearch 启动kibana
[root@localhost ~]# vim /etc/kibana/kibana.yml
server.host: "0.0.0.0"
elasticsearch.hosts: ["http://localhost:9200"]
[root@localhost ~]# systemctl start kibana 启动logstash
[root@localhost ~]# cat /etc/logstash/conf.d/logstash-to-es.conf
input {
beats {
port => 5044
}
} filter {
} output {
if [app] == "www" {
if [type] == "nginx-access" {
elasticsearch {
hosts => ["http://127.0.0.1:9200"]
index => "nginx-access-%{+YYYY.MM.dd}"
}
}
else if [type] == "nginx-error" {
elasticsearch {
hosts => ["http://127.0.0.1:9200"]
index => "nginx-error-%{+YYYY.MM.dd}"
}
}
else if [type] == "tomcat-catalina" {
elasticsearch {
hosts => ["http://127.0.0.1:9200"]
index => "tomcat-catalina-%{+YYYY.MM.dd}"
}
}
}
else if [app] == "k8s" {
if [type] == "module" {
elasticsearch {
hosts => ["http://127.0.0.1:9200"]
index => "k8s-log-%{+YYYY.MM.dd}"
}
}
}
stdout { codec => rubydebug }
}
[root@localhost ~]# /usr/share/logstash/bin/logstash -f /etc/logstash/conf.d/logstash-to-es.conf
启动收集日志的容器(filebeat)
[root@localhost elk]# cat k8s-logs.yaml
apiVersion: v1
kind: ConfigMap
metadata:
name: k8s-logs-filebeat-config
namespace: kube-system data:
filebeat.yml: |-
filebeat.prospectors:
- type: log
paths:
- /messages
fields:
app: k8s
type: module
fields_under_root: true output.logstash:
hosts: ['192.168.0.225:5044'] --- apiVersion: apps/v1
kind: DaemonSet
metadata:
name: k8s-logs
namespace: kube-system
spec:
selector:
matchLabels:
project: k8s
app: filebeat
template:
metadata:
labels:
project: k8s
app: filebeat
spec:
containers:
- name: filebeat
image: docker.elastic.co/beats/filebeat:6.4.
args: [
"-c", "/etc/filebeat.yml",
"-e",
]
resources:
requests:
cpu: 100m
memory: 100Mi
limits:
cpu: 500m
memory: 500Mi
securityContext:
runAsUser:
volumeMounts:
- name: filebeat-config
mountPath: /etc/filebeat.yml
subPath: filebeat.yml
- name: k8s-logs
mountPath: /messages
volumes:
- name: k8s-logs
hostPath:
path: /var/log/messages
type: File
- name: filebeat-config
configMap:
name: k8s-logs-filebeat-config [root@localhost elk]# kubectl apply -f k8s-logs.yaml
configmap/k8s-logs-filebeat-config created
[root@localhost elk]# kubectl get pod -n kube-system
NAME READY STATUS RESTARTS AGE
alertmanager-6b5bbd5bd4-lgjn8 / Running 7d4h
coredns-5b8c57999b-z9jh8 / Running 28d
grafana- / Running 10d
k8s-logs-b6f4v / Running 6m30s
k8s-logs-lz5pn / Running 6m30s
k8s-logs-pj8kj / Running 6m30s
kube-state-metrics-f86fd9f4f-j4rdc / Running 7d7h
kubernetes-dashboard-644c96f9c6-bvw8w / Running 28d
prometheus- / Running 7d3h
访问kibana,添加index
容器中的日志怎么收集
|
方式 |
优点 |
缺点 |
|
方案一:Node上部署一个日志收集程序 |
每个Node仅需部署一个日志收集程序,资源消耗少,对应用无侵入 |
应用程序日志需要写到标准输出和标准错误输出,不支持多行日志 |
|
方案二:Pod中附加专用日志收集的容器 |
低耦合 |
每个Pod启动一个日志收集代理,增加资源消耗,并增加运维维护成本 |
|
方案三:应用程序直接推送日志 |
无需额外收集工具 |
浸入应用,增加应用复杂度 |
方案二示例:Pod中附加专用日志收集的容器
nginx日志收集
[root@localhost elk]# cat filebeat-nginx-configmap.yaml
apiVersion: v1
kind: ConfigMap
metadata:
name: filebeat-nginx-config
namespace: test data:
filebeat.yml: |-
filebeat.prospectors:
- type: log
paths:
- /usr/local/nginx/logs/access.log
# tags: ["access"]
fields:
app: www
type: nginx-access
fields_under_root: true - type: log
paths:
- /usr/local/nginx/logs/error.log
# tags: ["error"]
fields:
app: www
type: nginx-error
fields_under_root: true output.logstash:
hosts: ['192.168.0.225:5044']
[root@localhost elk]# kubectl apply -f filebeat-nginx-configmap.yaml
configmap/filebeat-nginx-config unchanged [root@localhost elk]# cat nginx-deployment.yaml
apiVersion: apps/v1beta1
kind: Deployment
metadata:
name: php-demo
namespace: test
spec:
replicas:
selector:
matchLabels:
project: www
app: php-demo
template:
metadata:
labels:
project: www
app: php-demo
spec:
imagePullSecrets:
- name: registry-pull-secret
containers:
- name: nginx
image: 192.168.0.223/project/nginx:v1
imagePullPolicy: Always
ports:
- containerPort:
name: web
protocol: TCP
resources:
requests:
cpu: 0.5
memory: 256Mi
limits:
cpu:
memory: 1Gi
resources:
requests:
cpu: 0.5
memory: 256Mi
limits:
cpu:
memory: 1Gi
livenessProbe:
httpGet:
path: /status.php
port:
initialDelaySeconds:
timeoutSeconds:
volumeMounts:
- name: nginx-logs
mountPath: /usr/local/nginx/logs - name: filebeat
image: docker.elastic.co/beats/filebeat:6.4.
args: [
"-c", "/etc/filebeat.yml",
"-e",
]
resources:
limits:
memory: 500Mi
requests:
cpu: 100m
memory: 100Mi
securityContext:
runAsUser:
volumeMounts:
- name: filebeat-config
mountPath: /etc/filebeat.yml
subPath: filebeat.yml
- name: nginx-logs
mountPath: /usr/local/nginx/logs volumes:
- name: nginx-logs
emptyDir: {}
- name: filebeat-config
configMap:
name: filebeat-nginx-config
[root@localhost elk]# kubectl apply -f nginx-deployment.yaml
deployment.apps/php-demo configured
tomcat日志收集
[root@localhost elk]# cat filebeat-tomcat-configmap.yaml
apiVersion: v1
kind: ConfigMap
metadata:
name: filebeat-config
namespace: test data:
filebeat.yml: |-
filebeat.prospectors:
- type: log
paths:
- /usr/local/tomcat/logs/catalina.*
# tags: ["tomcat"]
fields:
app: www
type: tomcat-catalina
fields_under_root: true
multiline:
pattern: '^\['
negate: true
match: after
output.logstash:
hosts: ['192.168.0.225:5044']
[root@localhost elk]# kubectl apply -f filebeat-tomcat-configmap.yaml
configmap/filebeat-config created [root@localhost elk]# cat tomcat-deployment.yaml
apiVersion: apps/v1beta1
kind: Deployment
metadata:
name: tomcat-java-demo
namespace: test
spec:
replicas:
selector:
matchLabels:
project: www
app: java-demo
template:
metadata:
labels:
project: www
app: java-demo
spec:
imagePullSecrets:
- name: registry-pull-secret
containers:
- name: tomcat
image: 192.168.0.223/project/tomcat-java-demo:latest
imagePullPolicy: Always
ports:
- containerPort:
name: web
protocol: TCP
resources:
requests:
cpu: 0.5
memory: 1Gi
limits:
cpu:
memory: 2Gi
livenessProbe:
httpGet:
path: /
port:
initialDelaySeconds:
timeoutSeconds:
readinessProbe:
httpGet:
path: /
port:
initialDelaySeconds:
timeoutSeconds:
volumeMounts:
- name: tomcat-logs
mountPath: /usr/local/tomcat/logs - name: filebeat
image: docker.elastic.co/beats/filebeat:6.4.
args: [
"-c", "/etc/filebeat.yml",
"-e",
]
resources:
limits:
memory: 500Mi
requests:
cpu: 100m
memory: 100Mi
securityContext:
runAsUser:
volumeMounts:
- name: filebeat-config
mountPath: /etc/filebeat.yml
subPath: filebeat.yml
- name: tomcat-logs
mountPath: /usr/local/tomcat/logs
volumes:
- name: tomcat-logs
emptyDir: {}
- name: filebeat-config
configMap:
name: filebeat-config
[root@localhost elk]# kubectl apply -f tomcat-deployment.yaml
deployment.apps/tomcat-java-demo created
kubernetes-平台日志收集(ELK)的更多相关文章
- Kubernetes 常用日志收集方案
Kubernetes 常用日志收集方案 学习了 Kubernetes 集群中监控系统的搭建,除了对集群的监控报警之外,还有一项运维工作是非常重要的,那就是日志的收集. 介绍 应用程序和系统日志可以帮助 ...
- 日志收集ELK+kafka相关博客
SpringBoot+kafka+ELK分布式日志收集 使用 logstash + kafka + elasticsearch 实现日志监控 Kibana 安装 与 汉化 windows系统安装运行f ...
- Kubernetes容器日志收集
日志采集方式 日志从传统方式演进到容器方式的过程就不详细讲了,可以参考一下这篇文章Docker日志收集最佳实践,由于容器的漂移.自动伸缩等特性,日志收集也就必须使用新的方式来实现,Kubernetes ...
- ELK构建MySQL慢日志收集平台详解
上篇文章<中小团队快速构建SQL自动审核系统>我们完成了SQL的自动审核与执行,不仅提高了效率还受到了同事的肯定,心里美滋滋.但关于慢查询的收集及处理也耗费了我们太多的时间和精力,如何在这 ...
- ELK分布式日志收集搭建和使用
大型系统分布式日志采集系统ELK全框架 SpringBootSecurity1.传统系统日志收集的问题2.Logstash操作工作原理3.分布式日志收集ELK原理4.Elasticsearch+Log ...
- Kubernetes实战之部署ELK Stack收集平台日志
主要内容 1 ELK概念 2 K8S需要收集哪些日志 3 ELK Stack日志方案 4 容器中的日志怎么收集 5 K8S平台中应用日志收集 准备环境 一套正常运行的k8s集群,kubeadm安装部署 ...
- ELK+Kafka 企业日志收集平台(一)
背景: 最近线上上了ELK,但是只用了一台Redis在中间作为消息队列,以减轻前端es集群的压力,Redis的集群解决方案暂时没有接触过,并且Redis作为消息队列并不是它的强项:所以最近将Redis ...
- FILEBEAT+ELK日志收集平台搭建流程
filebeat+elk日志收集平台搭建流程 1. 整体简介: 模式:单机 平台:Linux - centos - 7 ELK:elasticsearch.logstash.kiban ...
- ELK Stack 企业级日志收集平台
ELK Stack介绍 大型项目,多产品线的日志收集 ,分析平台 为什么用ELK? 1.开发人员排查问题,服务器上查看权限 2.项目多,服务器多,日志类型多 ELK 架构介绍 数据源--->lo ...
- ELK:日志收集分析平台
简介 ELK是一个日志收集分析的平台,它能收集海量的日志,并将其根据字段切割.一来方便供开发查看日志,定位问题:二来可以根据日志进行统计分析,通过其强大的呈现能力,挖掘数据的潜在价值,分析重要指标的趋 ...
随机推荐
- c/c++ 获取mysql数据库以blob类型储存的图片
简单的code如下: #include <iostream> #include <fstream> #include <sstream> #include < ...
- 关于/proc/cpuinfo文件
以上输出项的含义如下: processor :系统中逻辑处理核的编号.对于单核处理器,则课认为是其CPU编号,对于多核处理器则可以是物理核.或者使用超线程技术虚拟的逻辑核 vendor_id :CPU ...
- linux 安装mysql 5.7
1.下载安装包http://dev.mysql.com/downloads/mysql/#downloads推荐下载通用安装方法的TAR包(http://cdn.mysql.com//Download ...
- 洛谷P1074 靶形数独(跳舞链)
传送门 坑着,等联赛之后再填(联赛挂了就不填了233) //minamoto #include<iostream> #include<cstdio> #include<c ...
- PJzhang:web漏洞扫描工具sitadel
猫宁!!! 参考链接:https://www.freebuf.com/sectool/194769.html 转变博客的写作思路,力求精简快捷,不浪费自己或者他人的时间. sitadel是一款精简的w ...
- K.河北美食
链接:https://ac.nowcoder.com/acm/contest/903/K 题意: icebound最喜欢吃河北菜,于是他想要大厨做一桌河北菜宴请宾客.icebound购买了一些食材,并 ...
- Ubuntu新服务器安装lnmp
版本: nginx(无要求,最新) mysql(5.6.xx) php(5.6.xx) ubuntu(16.04,其他版本也并无过多差异) 准备: #apt-get update #apt-get i ...
- P3818 小A和uim之大逃离 II
题目背景 话说上回……还是参见 https://www.luogu.org/problem/show?pid=1373 吧 小a和uim再次来到雨林中探险.突然一阵南风吹来,一片乌云从南部天边急涌过来 ...
- P4869 罪犯分组
思路: 明显的dp,虽然我想到了二进制模拟,想到了转移,但还是先看了题解,原来真是这样,,,,不是第三题吗? 用f[i]表示,对于前i个罪犯最少需要分几组. 对于每个状态用二进制表示,第i位上1,0表 ...
- c# ExpandoObject动态扩展对象
js中的Object 对象. php中的stdClass. c# 也有动态可扩展对象 ExpandoObject,需要添加System.Dynamic引用 用法: dynamic model = ne ...